Depending on where you live, you may have rights to access, correct, delete, or export your personal data, and you can exercise those rights by submitting a request through Headspace's online form or by emailing their support address.
This analysis describes what Headspace's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
These rights are particularly meaningful on a mental health platform because they allow users to review what sensitive data Headspace holds about them, request corrections to health information, or ask for complete deletion of their mental health records from the platform.
New consolidated provision provides jurisdiction-agnostic privacy rights enumeration (access, correction, deletion, restriction, objection, portability, consent withdrawal) with direct exercise mechanism.
View full change record →Users in the EU, UK, California, and certain other jurisdictions have enforceable rights to access, correct, delete, or port their personal data including mental health information, and can exercise these rights through Headspace's online privacy request form or by emailing help@headspace.com; the availability and scope of these rights depends on your jurisdiction.
How other platforms handle this
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
Depending on where you are located, you may have certain rights regarding your personal information, including the right to access, correct, delete, or restrict processing of your personal information, the right to data portability, and the right to object to or withdraw consent for certain processi...
For individuals in the United States, please also refer to our Notice For Individuals Residing In Certain US States below and the Consumer Health Data Policy.
Monitoring
Headspace has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Depending on where you live, you may have certain rights regarding your personal information. These may include the right to access, correct, or delete your personal information; the right to restrict or object to our processing of your personal information; the right to data portability; and the right to withdraw consent where processing is based on consent. To exercise your rights, please visit our privacy rights request form or contact us at help@headspace.com.— Excerpt from Headspace's Headspace Privacy Policy
REGULATORY LANDSCAPE: Data subject rights disclosures engage GDPR Articles 15 through 22 (access, rectification, erasure, restriction, portability, objection, and automated decision-making rights) for EU and UK users; CCPA and CPRA data subject rights for California residents (access, deletion, correction, portability, opt-out of sale and sharing); and similar rights frameworks in Canada under PIPEDA and in other jurisdictions with supplemental notices. For HIPAA-covered clinical data, patients have separate rights under the HIPAA Privacy Rule including the right to access, amend, and receive an accounting of disclosures. GOVERNANCE EXPOSURE: Medium. The policy commits to honoring data subject rights across multiple jurisdictions but does not specify response timeframes or verification processes in the main policy text, which may create operational compliance gaps particularly under GDPR's 30-day response requirement and CCPA's 45-day response timeline. The existence of both HIPAA and GDPR rights frameworks for the same user in certain circumstances creates potential procedural complexity. JURISDICTION FLAGS: EU and UK users have the most robust enforceable rights under GDPR and UK GDPR, including the right to erasure and data portability. California residents have CCPA and CPRA rights with specific verification and response timelines. Canadian users have PIPEDA rights. Users in jurisdictions without specific data protection legislation have no guaranteed rights under this policy beyond what the company voluntarily provides. CONTRACT AND VENDOR IMPLICATIONS: Honoring deletion requests for mental health data requires that Headspace's data processing agreements with third-party vendors include data deletion and return obligations. If advertising or analytics vendors retain copies of user data, those copies must also be subject to deletion upon valid user request. COMPLIANCE CONSIDERATIONS: Compliance teams should verify that the privacy request intake process has defined response timelines mapped to each applicable jurisdiction, that identity verification procedures are proportionate and not overly burdensome, and that deletion requests cascade to third-party processors and vendors. For HIPAA-covered clinical data, the right of access and amendment process should be tested for consistency with the HIPAA Privacy Rule's specific requirements.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
These rights are particularly meaningful on a mental health platform because they allow users to review what sensitive data Headspace holds about them, request corrections to health information, or ask for complete deletion of their mental health records from the platform.
Users in the EU, UK, California, and certain other jurisdictions have enforceable rights to access, correct, delete, or port their personal data including mental health information, and can exercise these rights through Headspace's online privacy request form or by emailing help@headspace.com; the availability and scope of these rights depends on your jurisdiction.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Headspace.