What can I do about this clause?

{'method': 'EMAIL', 'recipient': 'privacy@headspace.com', 'difficulty': 'EASY', 'action_type': 'EXPORT_DATA', 'instructions': 'EU and UK users can submit a Data Subject Access Request by emailing privacy@headspace.com. State that you are exercising your GDPR right of access and include your account email. Headspace must respond within 30 days.', 'deadline_days': 30, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'FTC', 'reason': 'The FTC enforces compliance with EU-US Data Privacy Framework commitments and has broader authority over deceptive data practices affecting international users under FTC Act Section 5.', 'complaint_url': 'https://reportfraud.ftc.gov/'}

What is the severity of this clause?

ConductAtlas classifies this GDPR Rights for EU/UK Users clause as high severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Do other platforms have similar clauses?

Yes. ConductAtlas has identified similar GDPR Rights for EU/UK Users clauses across approximately 1 other tracked platforms. You can compare how platforms differ on this clause type in the cross-platform comparison view.

GDPR Rights for EU/UK Users — Headspace

Share 𝕏 Share in Share 🔒 PDF

Monitor governance changes for Headspace Create a free account to receive the weekly governance digest and monitor one platform for governance changes.

Create free account No credit card required.

Document Record

What it is

EU and UK users have rights under GDPR and UK GDPR to access, correct, delete, restrict processing of, and port their personal data, as well as the right to object to processing and to withdraw consent at any time.

ⓘ

This analysis describes what Headspace's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

The provision operationalizes statutory privacy rights within Headspace's service terms, establishing procedural obligations for Headspace to comply with GDPR and UK GDPR requirements and defining the timeline and scope of Headspace's response obligations.

Consumer impact (what this means for users)

If you are in the EU or UK, you can request that Headspace provide a copy of all your personal data, delete your account and data, or stop using your data for marketing at any time — and Headspace must respond within one month.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Export Your Data
Within 30 days
EU and UK users can submit a Data Subject Access Request by emailing privacy@headspace.com. State that you are exercising your GDPR right of access and include your account email. Headspace must respond within 30 days.

How other platforms handle this

X Medium

If you are located in the European Economic Area (EEA) or United Kingdom, the data controller for your personal information is Twitter International Unlimited Company. If you are located outside of the EEA, United Kingdom, and Switzerland, the data controller is X Corp. You have the right to access,...

RapidAPI Medium

If you are located in the European Economic Area, you have certain rights under the General Data Protection Regulation. These include the right to access personal information we hold about you, to rectify inaccurate data, to erase your data, to restrict processing, to object to processing, and to da...

Tabnine Medium

Depending on your location, you may have certain rights regarding your personal data, including the right to access, correct, delete, or port your data, the right to restrict or object to processing, and where processing is based on consent, the right to withdraw consent at any time. California resi...

See all platforms with this clause type →

Monitoring

Headspace has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.

Start Watcher free trial Or create a free account →

▸ View Original Clause Language DOCUMENT RECORD

"
Individuals in the EU and UK have privacy rights under the GDPR and the UK equivalent. We will work to respond to your verified request within a month's time unless we request an extension. Right to object to processing - You may have the right to request that Headspace restrict the use of your personal data in certain circumstances. Right not to be subject to automated decision making - You have the right not to be subject to a decision based solely on automated processing.

— Excerpt from Headspace's Headspace Privacy Policy

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

(1) REGULATORY FRAMEWORK: GDPR (Regulation (EU) 2016/679) Arts. 15–22 grant EU/EEA data subjects rights of access, rectification, erasure, restriction, portability, and objection. Art. 9 imposes heightened protections for special category data (health data) requiring an explicit legal basis. UK GDPR (retained GDPR as amended by the Data Protection Act 2018) applies equivalent rights to UK users. Cross-border transfers require GDPR Chapter V mechanisms (adequacy decisions, SCCs, BCRs). EU supervisory authorities and the UK ICO have enforcement authority. GDPR fines reach €20M or 4% of global annual turnover. (2)

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Watcher free for 14 days

Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.

Applicable agencies

FTC

The FTC enforces compliance with EU-US Data Privacy Framework commitments and has broader authority over deceptive data practices affecting international users under FTC Act Section 5.
File a complaint →

Applicable regulations

CCPA/CPRA

California, USA

Connecticut Data Privacy Act Amendments

US-CT

CAN-SPAM

United States Federal

FTC Act Section 5

United States Federal

GDPR

European Union

HIPAA

United States Federal

Indiana Consumer Data Protection Act

US-IN

Kentucky Consumer Data Protection Act

US-KY

Universal Opt-Out Mechanism Expansion 2026

Provision details

Document information

Document

Headspace Privacy Policy

Entity

Headspace

Document last updated

May 5, 2026

Tracking information

First tracked

April 1, 2026

Last verified

April 1, 2026

Record ID

CA-P-001137

Document ID

CA-D-00216

Evidence Provenance

Source URL

https://www.headspace.com/privacy-policy

Wayback Machine

View archived versions →

Content hash (SHA-256)

48761338090dd38db1c4ff45c1e9b8fb2d0d59e40cac2d4342a4e5d6bebb70c2

Analysis generated

April 1, 2026 15:17 UTC

Methodology

summarize_document-v7

Evidence

✓ Snapshot stored ✓ Hash verified

Citation Record

Entity: Headspace
Document: Headspace Privacy Policy
Record ID: CA-P-001137
Captured: 2026-04-01 15:17:25 UTC
SHA-256: 48761338090dd38d…
URL: https://conductatlas.com/platform/headspace/headspace-privacy-policy/gdpr-rights-for-euuk-users/
Accessed: May 20, 2026

Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.

Classification

Severity

High

Other risks in this policy

Professional Governance Intelligence

Need to monitor specific governance provisions?

Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies

Start Professional free trial

Or start with Watcher →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Headspace's GDPR Rights for EU/UK Users clause do?

How does this clause affect you?

How many platforms have this type of clause?

ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.

Is ConductAtlas affiliated with Headspace?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Headspace.