Calm transfers personal data outside of the EU and other jurisdictions and uses legal mechanisms such as Standard Contractual Clauses to make those transfers lawful; you can request a copy of these agreements by emailing Calm.
This analysis describes what Calm's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
For EU, UK, and Swiss users, the lawfulness of data transfers to the US depends on these mechanisms being properly implemented and maintained.
Interpretive note: The policy does not specify which transfer mechanism applies in which context or confirm the existence of transfer impact assessments, creating some uncertainty about the completeness of compliance with post-Schrems II requirements.
Your personal data may be transferred to and processed in the United States, which may have different data protection standards than your home country; Calm states it uses legal transfer mechanisms including Standard Contractual Clauses to protect these transfers.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
Your personal information may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
Monitoring
Calm has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Where required by law, we provide adequate protection for the transfer of personal data in accordance with applicable law, such as by obtaining your consent, relying on the European Commission's adequacy decisions, or executing Standard Contractual Clauses. Where relevant, you may request a copy of these Standard Contractual Clauses by emailing us at support@calm.com.— Excerpt from Calm's Calm Privacy Policy
(1) REGULATORY LANDSCAPE: International data transfers from the EEA and UK to the US are regulated under GDPR Chapter V and the UK GDPR. The policy references European Commission adequacy decisions and Standard Contractual Clauses as transfer mechanisms. Following Schrems II, SCCs must be accompanied by a transfer impact assessment where the destination country's laws may not provide equivalent protection. The EU-US Data Privacy Framework may also be relevant if Calm has certified under it, though the policy does not reference this framework explicitly. (2) GOVERNANCE EXPOSURE: Medium. The policy asserts use of SCCs and adequacy decisions but does not specify which applies in which context, and does not reference transfer impact assessments. For organizations conducting due diligence on Calm as a data processor or sub-processor, the absence of specificity may require additional inquiry. (3) JURISDICTION FLAGS: EEA, UK, and Swiss users face the most direct exposure. The policy names separate representatives for EEA (The DPO Centre Europe Ltd, Dublin) and UK (The DPO Centre, London), which is consistent with post-Brexit requirements. Swiss users should be aware that Swiss data protection law has its own transfer requirements that may differ from the GDPR framework. (4) CONTRACT AND VENDOR IMPLICATIONS: Organizations using Calm as a vendor or employee benefit provider should request and review the applicable SCCs and any transfer impact assessments. The policy's offer to provide SCC copies upon request at support@calm.com is a positive disclosure commitment that should be tested in vendor assessments. (5) COMPLIANCE CONSIDERATIONS: Legal teams should confirm whether Calm has certified under the EU-US Data Privacy Framework and whether UK adequacy or transfer mechanisms are separately documented. Periodic review of transfer documentation should be incorporated into vendor management cycles given the evolving landscape of international transfer regulations.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
For EU, UK, and Swiss users, the lawfulness of data transfers to the US depends on these mechanisms being properly implemented and maintained.
Your personal data may be transferred to and processed in the United States, which may have different data protection standards than your home country; Calm states it uses legal transfer mechanisms including Standard Contractual Clauses to protect these transfers.
ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Calm.