Headspace · Headspace Terms and Conditions

Sensitive Health Data Collection

High severity
Share 𝕏 Share in Share

What it is

Headspace collects health and mental wellness information about you that is considered sensitive under multiple laws, including GDPR in Europe and state consumer health data laws in the US.

Why it matters

Mental health data is among the most sensitive personal information and misuse or breach of this data can have serious consequences for users' employment, insurance, and personal lives.

Institutional analysis (Compliance & legal intelligence)

The collection of GDPR 'special category' health data and US state 'consumer health data' creates overlapping compliance obligations including consent requirements, data minimisation, breach notification, and consumer rights to access/deletion under GDPR, CCPA/CPRA, Washington MHMDA, Connecticut DPA, and Nevada SB 370; a DPIA may be required for EU processing.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Consumer impact

Headspace collects sensitive mental health and wellness data and processes it under multiple privacy regimes including GDPR and US state consumer health data laws. Users are bound by mandatory arbitration and waive class-action rights, limiting legal recourse if something goes wrong. You can opt out of arbitration by sending written notice to Headspace within 30 days of first agreeing to these Terms.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    Email help@headspace.com to request deletion of your health data or to exercise other privacy rights. Reference the applicable law (e.g. GDPR, CCPA, or Washington MHMDA) in your request.

Applicable agencies

  • FTC
    The FTC enforces health data privacy obligations for non-HIPAA-covered entities and has taken enforcement action against wellness apps mishandling health data.
    File a complaint →
  • Hhs Ocr
    If Headspace's affiliated medical providers (e.g. Headspace Medical Group) qualify as HIPAA covered entities, HHS OCR has jurisdiction over health data privacy violations.
    File a complaint →

Provision details

Document information
Document
Headspace Terms and Conditions
Entity
Headspace
Document last updated
March 24, 2026
Tracking information
First tracked
March 20, 2026
Last verified
March 20, 2026
Record ID
CA-P-00215002
Document ID
CA-D-00215
Evidence Provenance
Source URL
https://www.headspace.com/terms-and-conditions
Wayback Machine
View archived versions →
SHA-256
cd22966a33091312a36781486146c376f922c1252d59f232fadaae06232af924
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Headspace | Document: Headspace Terms and Conditions | Record: CA-P-00215002
Captured: 2026-03-20 10:14:28 UTC | SHA-256: cd22966a33091312…
URL: https://conductatlas.com/platform/headspace/headspace-terms-and-conditions/sensitive-health-data-collection/
Accessed: April 4, 2026
Classification
Severity
High
Categories
Privacy Data sharing Consent

Other provisions in this document