Calm

Calm

Review date: April 25, 2023

|
|

Mozilla says

|
People voted: Very creepy

"Take a deep breath" Those are the first words you see when you open this meditation app. Then you hear the soothing sounds of rain in the forest or waves at beach. Ahh... feeling calmer already. Calm is a popular app to meditate, relax, and help you fall asleep. Your stressed out privacy researcher here at *Privacy Not Included has actually relied on it for a number of years to help keep the anxiety of reading all these privacy policies at bay. Unfortunately, this researcher didn't actually read their privacy policy until doing our research for these mental health apps. Yes, there are some stressful things in there. The good news is Calm has been one of the better companies we've worked with to try to improve their privacy a bit.

What could happen if something goes wrong?

First reviewed April 20, 2022. Review updated, April 25, 2023

When we launched our review of Calm in 2022, the app initially earned our *Privacy Not Included warning label. We dinged them for their data collection and use practices and for how users could control their data, After our review came out, Calm reached out to us to discuss ways they could improve. We love it when companies do that! (Seriously, please, more companies do that...without yelling at us first).

After meeting with the folks over at Calm, they agreed to make a significant change to their privacy policy to make it clear all users, regardless of what privacy laws they live under, have the same rights to access and delete their data. Their privacy policy now reads, "Subject to certain limits and conditions provided under law, we honor the exercise of the right of access or deletion for all of our users, regardless of their location. Any Calm user may exercise this right by contacting us at [email protected]." People, that line there is a thing of beauty! You've no idea how hard it is to convince companies to include wording like that in their privacy policies. So, good work Calm! Thank you.

Calm isn't perfect. They do still collect a fair amount of personal information, including gathering data on you from third parties sources like marketing and advertising partners and social media sites. And they say they use this for making inferences about things like your gender and location. And they say they can use all this information for targeted, interest-based advertising. Not great, not great at all....but unfortunately pretty normal these days with these apps.

So in 2023, we find Calm improved from 2022. There's still more work they can do to be better for privacy for sure. But hey, baby steps, y'all, baby steps.

Read our review from 2022:

UPDATE June, 2022: Here's a thing Calm did to help calm this stressed out privacy researcher's frazzled nerves a little. After we launch our review, we had some productive conversations with them that resulted in them updating their privacy policy. On June 16, 2022 Calm change their privacy policy to clearly grant all users -- not only those in the EU and California living under stricter privacy laws -- the same rights to access and delete their data. This is progress. Thanks Calm.

Uhg...Calm, why oh why must you ruin our zen meditation vibe with stressful privacy practices? You know what's rather stressful? When a company says, "Calm uses your data to personalize your online experience and the advertisements you see on other platforms based on your preferences, interests, and browsing behavior." OK, so, there are certainly more stressful things in life. But still, what if we just want to meditate in peace without all our data being used to find ways to sell us more stuff or keep us on the app longer? Pardon us as we go take another deep breath.

Calm says they don't sell your personal information (yay!). Sadly, they say they can use it -- and other things like your actions, preferences, interests, machine learning, and browsing behavior -- to target you with ads and personalizations and the like. They also say they "may obtain information about you from publicly available sources, marketing and advertising partners, consumer research platforms, and/or business contact databases." Potentially gathering even more data on you from data brokers and advertising companies, nope, these are not calming privacy practices at all. Then there's this (unfortunately) common practice where they say they "also share aggregated or other information not subject to obligations under the data protection laws of your jurisdiction with third parties." Here's where we have to remind you that it's been found to be relatively easy to de-anonymize such data, data they say they can share without restriction.

What's the worst that could happen? Well, could Calm get to know all about your meditation practices, your mood, your gender, your location, and more. Then use or share that information to target you with ads about things, like a wine company thinking you're ripe for targeting with wine ads when you're using the app a lot because that might mean you're stressed out. But you're a recovering alcoholic and the wine ads add to your stress. It's just one potential scenario of how targeted ads based on on your behavior and identifiers on the app could go wrong. Not something any of us need when we just want to meditate in peace, dang it!

Tips to protect yourself

  • Opt out of cookies collection
  • Do not log in using third-party accounts
  • Do not connect to any third party via the app, or at least make sure that a third party employs decent privacy practices
  • Do not give consent for sharing of personal data for marketing and advertisement.
  • Choose a strong password! You may use a password control tool like 1Password, KeePass, etc - Do not use social media plug-ins.
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
  • Keep your app regularly updated
  • Limit ad tracking via your device (e.g. on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
  • Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
  • When starting a sign-up, do not agree to tracking of your data if possible.
  • mobile

Can it snoop on me? information

Camera

Device: N/A

App: No

Microphone

Device: N/A

App: No

Tracks location

Device: N/A

App: No

What can be used to sign up?

Facebook and Google registration is available

What data does the company collect?

How does the company use this data?

We ding this product since it may be combining your data with data obtained from third parties. Also as it may be sharing your data for advertisement purposes.

"We do not "sell" the personal information we collect (and will not sell it in the future without providing a right to opt out). We do allow our advertising partners to collect certain device identifiers and electronic network activity via our Services to show ads that are targeted to your interests on other platforms. "

"We may obtain information about you from publicly available sources, marketing and advertising partners, consumer research platforms, and/or business contact databases."

We use the information we collect to: "<...> personalize your online experience and the advertisements you see on other platforms based on your preferences, interests, and browsing behavior."

In an email response, Calm stated that "We don’t sell personal information for money. We do engage in industry standard online advertising practices, which means that we allow our advertising partners to collect certain device identifiers and electronic network activity to help us understand whether a particular ad campaign was effective and to help us design future campaigns. However, we do not provide these ad partners with information about the content our users are consuming within the app. Instead, the data they typically receive is information about whether our app was installed after clicking on an ad, whether a subscription was purchased, etc. We also offer our users the ability to limit ad-related sharing in our app and on the web."

How can you control your data?

"Subject to certain limits and conditions provided under law, we honor the exercise of the right of access or deletion for all of our users, regardless of their location. Any Calm user may exercise this right by contacting us at [email protected]."

“We retain personal data for no longer than is necessary for the purposes for which it is processed, unless applicable law requires storage for a longer period of time."

What is the company’s known track record of protecting users’ data?

Average

No known privacy or security incidents discovered in the last 3 years.

Child Privacy Information

We did not find information about children privacy in their privacy policy.

Can this product be used offline?

Yes

Users can download and save meditations for offline use

User-friendly privacy information?

No

Links to privacy information

Does this product meet our Minimum Security Standards? information

Yes

Encryption

Yes

Strong password

Yes

Security updates

Yes

Manages vulnerabilities

Yes

One vulnerability disclosed at openbugbounty still remains unpatched.

Privacy policy

Yes

Does the product use AI? information

Yes

Calm uses AI to increase engagement, personalize user experience, suggest content. "Calm's user data is directly fed into the third-party machine learning system, including all purchase and behavioral data,"

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

How to convert new users, engage existing users, retain the users they have

Is the company transparent about how the AI works?

Can’t Determine

Does the user have control over the AI features?

No

*privacy not included

Dive Deeper

  • Mental health apps have terrible privacy protections, report finds
    The Verge Link opens in a new tab
  • The Best Meditation Apps
    Wirecutter Link opens in a new tab
  • Privacy Evaluation for Calm
    Common Sense Privacy Program Link opens in a new tab
  • Choosing a mindfulness app
    MIT Medical Link opens in a new tab
  • The App That Monetized Doing Nothing
    The Atlantic Link opens in a new tab
  • How Calm is using machine learning to keep us all mellow
    Diginomica Link opens in a new tab
  • Machine Learning & Artificial Intelligence in the Meditation Industry
    Stormotion Link opens in a new tab
  • How to Create a Mental Health App to Track Anxiety and Depression
    aimprosoft Link opens in a new tab
  • Global Mental Health Apps Market Size, Share & Industry Trends Analysis Report By Application, By Platform Type, By Regional Outlook and Forecast, 2021 - 2027
    Yahoo! finance Link opens in a new tab

Comments

Got a comment? Let us hear it.