Headspace transfers personal information internationally, including from the EU and UK to the United States, and relies on data transfer mechanisms such as Standard Contractual Clauses to legitimise those transfers.
This analysis describes what Headspace's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The provision specifies the legal frameworks under which Headspace transfers personal data internationally. This establishes the regulatory basis and compliance mechanism for moving data across borders, which affects the legal standards and accountability structures applicable to the company's data handling practices.
If you are in the EU or UK, your sensitive mental health and therapy data is transferred to the United States where it may be subject to US surveillance laws, though Headspace uses contractual safeguards to protect it.
How other platforms handle this
Roblox is based in the United States, and your personal information may be transferred to and processed in the United States or other countries where Roblox or its service providers operate. These countries may have data protection laws that differ from the laws of your home country. By using the Ro...
Uber operates globally and may transfer the personal data of drivers and delivery people to countries other than the country in which they reside. These countries may have different and less protective data protection laws than those of your country of residence. Uber uses standard contractual claus...
Shopify is a global business. We may transfer your personal information to countries other than the country in which it was originally collected, including to Canada and the United States where our servers are located. These countries may not have the same data protection laws as your country. When ...
Monitoring
Headspace has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Headspace complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.— Excerpt from Headspace's Headspace Privacy Policy
(1) REGULATORY FRAMEWORK: GDPR Chapter V (Arts. 44–49) restricts transfers of personal data to third countries without adequate protection. Following Schrems II (Case C-311/18), US transfers require Standard Contractual Clauses (SCCs, Commission Implementing Decision 2021/914) supplemented by Transfer Impact Assessments (TIAs). The EU-US Data Privacy Framework (adequacy decision, July 2023) provides an alternative transfer mechanism for DPF-certified US organisations. UK GDPR requires International Data Transfer Agreements (IDTAs) or UK Addendum to EU SCCs for transfers from the UK. EU supervisory authorities and UK ICO have enforcement authority. (2)
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The provision specifies the legal frameworks under which Headspace transfers personal data internationally. This establishes the regulatory basis and compliance mechanism for moving data across borders, which affects the legal standards and accountability structures applicable to the company's data handling practices.
If you are in the EU or UK, your sensitive mental health and therapy data is transferred to the United States where it may be subject to US surveillance laws, though Headspace uses contractual safeguards to protect it.
ConductAtlas has identified this type of provision across 78 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Headspace.