California residents have additional privacy rights under California law, including the right to know what data is collected, the right to delete it, the right to correct it, and the right to opt out of the sale or sharing of their personal information.
California's privacy laws are among the strongest in the US, and Headspace explicitly recognizes these rights — including for sensitive personal information like mental health data.
CCPA/CPRA compliance obligations include honoring opt-out requests within 15 business days, providing a 'Do Not Sell or Share My Personal Information' link, and applying heightened protections to sensitive personal information categories that include mental and physical health data. Given that Headspace's core offering involves sensitive health data, regulators and enforcement bodies may scrutinize compliance with these heightened CPRA sensitive data provisions.
Compliance intelligence locked
Regulatory citations, enforcement risk, and due diligence action items.
Watcher: regulatory citations. Professional: full compliance memo.
Headspace collects highly sensitive personal data including mental health information, therapy session details, and behavioral data from your use of their app, and may share this with advertising partners and third-party service providers. Users in therapy or psychiatry programs are subject to HIPAA protections, but general app users should be aware their meditation habits and wellness data may be used for targeted advertising. You can request deletion of your personal data or opt out of certain data sharing by visiting Headspace's privacy rights portal or emailing privacy@headspace.com.