What can I do about this clause?

{'method': 'EMAIL', 'recipient': 'help@headspace.com', 'difficulty': 'MODERATE', 'action_type': 'DELETE_DATA', 'instructions': 'Email help@headspace.com to request deletion of your health data or to exercise other privacy rights. Reference the applicable law (e.g. GDPR, CCPA, or Washington MHMDA) in your request.', 'deadline_days': None, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'FTC', 'reason': 'The FTC enforces health data privacy obligations for non-HIPAA-covered entities and has taken enforcement action against wellness apps mishandling health data.', 'complaint_url': 'https://reportfraud.ftc.gov/'}, {'agency': 'HHS_OCR', 'reason': "If Headspace's affiliated medical providers (e.g. Headspace Medical Group) qualify as HIPAA covered entities, HHS OCR has jurisdiction over health data privacy violations.", 'complaint_url': 'https://www.hhs.gov/ocr/complaints/index.html'}

What is the severity of this clause?

ConductAtlas classifies this Sensitive Health Data Collection clause as high severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Do other platforms have similar clauses?

Yes. ConductAtlas has identified similar Sensitive Health Data Collection clauses across approximately 2 other tracked platforms. You can compare how platforms differ on this clause type in the cross-platform comparison view.

Sensitive Health Data Collection — Headspace

Share 𝕏 Share in Share 🔒 PDF

Monitor governance changes for Headspace Create a free account to receive the weekly governance digest and monitor one platform for governance changes.

Create free account No credit card required.

Document Record

What it is

Headspace collects health and mental wellness information about you that is considered sensitive under multiple laws, including GDPR in Europe and state consumer health data laws in the US.

ⓘ

This analysis describes what Headspace's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

Mental health data is among the most sensitive personal information and misuse or breach of this data can have serious consequences for users' employment, insurance, and personal lives.

Consumer impact (what this means for users)

Headspace collects sensitive mental health and wellness data and processes it under multiple privacy regimes including GDPR and US state consumer health data laws. Users are bound by mandatory arbitration and waive class-action rights, limiting legal recourse if something goes wrong. You can opt out of arbitration by sending written notice to Headspace within 30 days of first agreeing to these Terms.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Delete Your Data

Email help@headspace.com to request deletion of your health data or to exercise other privacy rights. Reference the applicable law (e.g. GDPR, CCPA, or Washington MHMDA) in your request.

Cross-platform context

See how other platforms handle Sensitive Health Data Collection and similar clauses.

Compare across platforms →

Monitoring

Headspace has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

The collection of GDPR 'special category' health data and US state 'consumer health data' creates overlapping compliance obligations including consent requirements, data minimisation, breach notification, and consumer rights to access/deletion under GDPR, CCPA/CPRA, Washington MHMDA, Connecticut DPA, and Nevada SB 370; a DPIA may be required for EU processing.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Monitor free for 14 days

Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.

Applicable agencies

FTC

The FTC enforces health data privacy obligations for non-HIPAA-covered entities and has taken enforcement action against wellness apps mishandling health data.
File a complaint →
Hhs Ocr

If Headspace's affiliated medical providers (e.g. Headspace Medical Group) qualify as HIPAA covered entities, HHS OCR has jurisdiction over health data privacy violations.
File a complaint →

Provision details

Document information

Document

Headspace Terms and Conditions

Entity

Headspace

Document last updated

May 5, 2026

Tracking information

First tracked

March 20, 2026

Last verified

March 20, 2026

Record ID

CA-P-00215002

Document ID

CA-D-00215

Evidence Provenance

Source URL

https://www.headspace.com/terms-and-conditions

Wayback Machine

View archived versions →

Content hash (SHA-256)

cd22966a33091312a36781486146c376f922c1252d59f232fadaae06232af924

Analysis generated

March 20, 2026 10:14 UTC

Methodology

summarize_document-v7

Evidence

✓ Snapshot stored ✓ Hash verified

Citation Record

Entity: Headspace
Document: Headspace Terms and Conditions
Record ID: CA-P-00215002
Captured: 2026-03-20 10:14:28 UTC
SHA-256: cd22966a33091312…
URL: https://conductatlas.com/platform/headspace/headspace-terms-and-conditions/sensitive-health-data-collection/
Accessed: June 10, 2026

Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.

Classification

Severity

High

Other risks in this policy

Mandatory Binding Arbitration & Class Action Waiver high
Auto-Renewal Subscription high
Limitation of Liability high
User Content License Grant medium
Medical Emergency Disclaimer high
Intellectual Property Ownership medium

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies

Start Compliance free trial

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Headspace's Sensitive Health Data Collection clause do?

Mental health data is among the most sensitive personal information and misuse or breach of this data can have serious consequences for users' employment, insurance, and personal lives.

How many platforms have this type of clause?

ConductAtlas has identified this type of provision across 2 platforms. See the full comparison.

Is ConductAtlas affiliated with Headspace?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Headspace.