Headspace transfers personal information internationally, including from the EU and UK to the United States, and relies on data transfer mechanisms such as Standard Contractual Clauses to legitimise those transfers.
This analysis describes what Headspace's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The provision specifies the legal frameworks under which Headspace transfers personal data internationally. This establishes the regulatory basis and compliance mechanism for moving data across borders, which affects the legal standards and accountability structures applicable to the company's data handling practices.
Removal of cross-border data transfer provision eliminates explicit disclosure of international data movement mechanisms and legal frameworks.
View full change record →If you are in the EU or UK, your sensitive mental health and therapy data is transferred to the United States where it may be subject to US surveillance laws, though Headspace uses contractual safeguards to protect it.
How other platforms handle this
Your personal information may be transferred to and processed in countries outside your country of residence, including the United States and Israel, which may have data protection laws that differ from those in your country. We rely on appropriate safeguards, such as standard contractual clauses ap...
When we transfer personal information from the European Economic Area, the United Kingdom, or Switzerland to other countries that have not been found to provide an adequate level of data protection, we use legal mechanisms such as Standard Contractual Clauses approved by the European Commission to h...
Your personal information may be transferred to, processed and stored in countries other than the country in which you are resident, including the United States, Australia, Canada, the European Union and the UK. We take appropriate safeguards to protect your personal information in accordance with t...
Monitoring
Headspace has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Headspace complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.— Excerpt from Headspace's Headspace Privacy Policy
(1) REGULATORY FRAMEWORK: GDPR Chapter V (Arts. 44–49) restricts transfers of personal data to third countries without adequate protection. Following Schrems II (Case C-311/18), US transfers require Standard Contractual Clauses (SCCs, Commission Implementing Decision 2021/914) supplemented by Transfer Impact Assessments (TIAs). The EU-US Data Privacy Framework (adequacy decision, July 2023) provides an alternative transfer mechanism for DPF-certified US organisations. UK GDPR requires International Data Transfer Agreements (IDTAs) or UK Addendum to EU SCCs for transfers from the UK. EU supervisory authorities and UK ICO have enforcement authority. (2)
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The provision specifies the legal frameworks under which Headspace transfers personal data internationally. This establishes the regulatory basis and compliance mechanism for moving data across borders, which affects the legal standards and accountability structures applicable to the company's data handling practices.
If you are in the EU or UK, your sensitive mental health and therapy data is transferred to the United States where it may be subject to US surveillance laws, though Headspace uses contractual safeguards to protect it.
ConductAtlas has identified this type of provision across 84 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Headspace.