Headspace · Headspace Privacy Policy

GDPR Rights for EU/UK Users

High severity
Share 𝕏 Share in Share

Why it matters

EU and UK users benefit from strong statutory data rights over their sensitive health and wellness data, and can compel Headspace to stop processing their data or provide a copy of all information held about them.

Consumer impact

Headspace collects highly sensitive personal data including mental health history, therapy session details, meditation habits, and inferred emotional states, and shares this data with third-party advertising and analytics partners. Users in therapy or using psychiatry services face additional risk as HIPAA-protected data exists alongside non-HIPAA data in the same platform ecosystem, creating potential confusion about what protections apply. You can request deletion of your personal data, opt out of data sharing for advertising, or download your data by contacting privacy@headspace.com or through your account settings.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Export Your Data
    Within 30 days
    EU and UK users can submit a Data Subject Access Request by emailing privacy@headspace.com. State that you are exercising your GDPR right of access and include your account email. Headspace must respond within 30 days.

Applicable agencies

  • FTC
    The FTC enforces compliance with EU-US Data Privacy Framework commitments and has broader authority over deceptive data practices affecting international users under FTC Act Section 5.
    File a complaint →

Provision details

Document information
Document
Headspace Privacy Policy
Entity
Headspace
Document last updated
March 24, 2026
Tracking information
First tracked
April 1, 2026
Last verified
April 1, 2026
Record ID
CA-P-001137
Document ID
CA-D-00216
Evidence Provenance
Source URL
https://www.headspace.com/privacy-policy
Wayback Machine
View archived versions →
SHA-256
48761338090dd38db1c4ff45c1e9b8fb2d0d59e40cac2d4342a4e5d6bebb70c2
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Headspace | Document: Headspace Privacy Policy | Record: CA-P-001137
Captured: 2026-04-01 15:17:25 UTC | SHA-256: 48761338090dd38d…
URL: https://conductatlas.com/platform/headspace/headspace-privacy-policy/gdpr-rights-for-euuk-users/
Accessed: April 4, 2026
Classification
Severity
High
Categories
Privacy rights

Other provisions in this document