If your employer provides you access to Headspace, your use may be subject to additional privacy terms and notices, and your employer-related data sharing may be covered by separate agreements between Headspace and your employer.
Users accessing Headspace through their employer should understand that their employer may have visibility into certain usage data or that different privacy terms govern their access.
Employer-sponsored access creates a B2B data processing layer where Headspace likely acts as a data processor for employer customers, requiring robust data processing agreements (DPAs). Under GDPR and CCPA, the allocation of controller/processor responsibilities and employee data rights must be clearly documented, particularly given the sensitive nature of mental health platform usage data.
Compliance intelligence locked
Regulatory citations, enforcement risk, and due diligence action items.
Watcher: regulatory citations. Professional: full compliance memo.
Headspace collects highly sensitive personal data including mental health information, therapy session details, and behavioral data from your use of their app, and may share this with advertising partners and third-party service providers. Users in therapy or psychiatry programs are subject to HIPAA protections, but general app users should be aware their meditation habits and wellness data may be used for targeted advertising. You can request deletion of your personal data or opt out of certain data sharing by visiting Headspace's privacy rights portal or emailing privacy@headspace.com.