This analysis describes what Headspace's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The provision creates a dual privacy framework: HIPAA compliance applies when Care Providers are engaged, while state-specific consumer health data laws apply to other health data collected. This establishes different regulatory obligations and data handling standards depending on the user's interaction type.
This provision was replaced with more detailed 'Third-Party Advertising and Analytics Data Sharing' provision that explicitly characterizes the practice as potential CCPA/CPRA 'sale' or 'sharing'.
View full change record →Users may be subject to either HIPAA protections (when using Care Provider services) or state consumer health data privacy laws (for other health data), with Care Providers potentially issuing separate privacy notices during enrollment that users should review to understand which framework applies to their data.
How other platforms handle this
We may share your information with third-party vendors and service providers that perform services on our behalf, such as payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance. We may also share your information with third-party advertising p...
Sending you information about Adobe products and services, special offers and similar information, and sharing your information with third parties for their own marketing purposes, where your consent is not required; In some cases, in order to show you more relevant ads, we disclose with social medi...
We may share your personal information with third-party vendors and service providers that perform services on our behalf, such as payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance. We may also share your personal information with busines...
Monitoring
Headspace has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Headspace is subject to HIPAA as our Care Providers' business associate. Our Care Providers may provide you an additional privacy notice during enrollment which we encourage you to review. Depending on how you interact with us, the following may also apply to you: Our Consumer Health Data Privacy Policy applies to certain consumer health data that is regulated under applicable state consumer health data laws.— Excerpt from Headspace's Headspace Privacy Policy
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The provision creates a dual privacy framework: HIPAA compliance applies when Care Providers are engaged, while state-specific consumer health data laws apply to other health data collected. This establishes different regulatory obligations and data handling standards depending on the user's interaction type.
Users may be subject to either HIPAA protections (when using Care Provider services) or state consumer health data privacy laws (for other health data), with Care Providers potentially issuing separate privacy notices during enrollment that users should review to understand which framework applies to their data.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Headspace.