This analysis describes what Headspace's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This dual-framework approach creates separate regulatory pathways depending on the type of health data and the legal status of the entity collecting it. The distinction determines which privacy standards and notice requirements apply to different categories of user health information processed through the platform.
Users' health data is governed by different privacy policies depending on whether it falls under state consumer health data laws or HIPAA. If a user's data involves a Headspace Care Provider who is a HIPAA-covered entity, the HIPAA Notice of Privacy Practices establishes the applicable privacy protections; otherwise, the Consumer Health Data Privacy Policy applies.
How other platforms handle this
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.
With your permission, we may also receive data from your mobile device's health app (like Apple HealthKit or Google Health Connect), including hours of sleep and sleep goals. However, we do not infer any health-related characteristics from this information and only process it consistent with the pur...
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
Monitoring
Headspace has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Our Consumer Health Data Privacy Policy applies to certain consumer health data that is regulated under applicable state consumer health data laws. Our HIPAA Notice of Privacy Practices applies to protected health information ('PHI') collected in connection with our Services where our Care Providers are covered entities under HIPAA.— Excerpt from Headspace's Headspace Privacy Policy
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This dual-framework approach creates separate regulatory pathways depending on the type of health data and the legal status of the entity collecting it. The distinction determines which privacy standards and notice requirements apply to different categories of user health information processed through the platform.
Users' health data is governed by different privacy policies depending on whether it falls under state consumer health data laws or HIPAA. If a user's data involves a Headspace Care Provider who is a HIPAA-covered entity, the HIPAA Notice of Privacy Practices establishes the applicable privacy protections; otherwise, the Consumer Health Data Privacy Policy applies.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Headspace.