"Take a deep breath" Those are the first words you see when you open this meditation app. Then you hear the soothing sounds of rain in the forest or waves at beach. Ahh...feeling calmer already. Calm is a popular app to meditate, relax, and help you fall asleep. Your stressed out privacy researcher here at *Privacy Not Included has actually relied on it for a number of years to help keep the anxiety of reading all these privacy policies at bay. Unfortunately, this researcher didn't actually read their privacy policy until doing our research for these mental health apps.
Dang it! Calm's privacy policy now has us all stressed out. Seems not only do they collect a pretty good amount of personal information, they also gather data from outside sources, and use lots of tracking and data collect to target ads and share information with a number of third parties for things like marketing and research. That's rather stressful. This privacy researcher is gonna go take a few more deep breaths...on my own, with no app collecting my data.
UPDATE: Here's a thing Calm did to help calm this stressed out privacy researcher's frazzled nerves a little. After we launch our review, we had some productive conversations with them that resulted in them updating their privacy policy. On June 16, 2022, Calm change their privacy policy to clearly grant all users -- not only those in the EU and California living under stricter privacy laws -- the same rights to access and delete their data. This is progress. Thanks Calm.
What could happen if something goes wrong?
Uhg...Calm, why oh why must you ruin our zen meditation vibe with stressful privacy practices? You know what's rather stressful? When a company says, "Calm uses your data to personalize your online experience and the advertisements you see on other platforms based on your preferences, interests, and browsing behavior." OK, so, there are certainly more stressful things in life. But still, what if we just want to meditate in peace without all our data being used to find ways to sell us more stuff or keep us on the app longer? Pardon us as we go take another deep breath.
Calm says they don't sell your personal information (yay!). Sadly, they say they can use it -- and other things like your actions, preferences, interests. machine learning, and browsing behavior -- to target you with ads and personalizations and the like. They also say they "may obtain information about you from publicly available sources, marketing and advertising partners, consumer research platforms, and/or business contact databases." Potentially gathering even more data on you from data brokers and advertising companies, nope, these are not calming privacy practices at all. Then there's this (unfortunately) common practice where they say they "also share aggregated or other information not subject to obligations under the data protection laws of your jurisdiction with third parties." Here's where we have to remind you that it's been found to be relatively easy to de-anonymize such data, data they say they can share without restriction.
What's the worst that could happen? Well, could Calm get to know all about your meditation practices, your mood, your gender, your location, and more. Then use or share that information to target you with ads about things, like a wine company thinking you're ripe for targeting with wine ads when you're using the app a lot because that might mean you're stressed out. But you're a recovering alcoholic and the wine ads add to your stress. It's just one potential scenario of how targeted ads based on on your behavior and identifiers on the app could go wrong. Not something any of us need when we just want to meditate in peace, dang it!
Tips to protect yourself
- Do NOT use your Facebook account to login.
- Chose a strong password.
Can it snoop on me?
Camera
Device: N/A
App: No
Microphone
Device: N/A
App: No
Tracks location
Device: N/A
App: No
What can be used to sign up?
Yes
Phone
No
Third-party account
Yes
Facebook and Google registration is available
What data does the company collect?
Personal
Name, email, street address, location
Body related
Answers to questions about how you feel
Social
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
No known privacy or security incidents discovered in the last 3 years.
Child Privacy Information
Can this product be used offline?
Users can download and save meditations for offline use
User-friendly privacy information?
Links to privacy information
Does this product meet our Minimum Security Standards?
Encryption
Strong password
Security updates
Manages vulnerabilities
One vulnerability disclosed at openbugbounty still remains unpatched.
Privacy policy
Does the product use AI?
Calm uses AI to increase engagement, personalize user experience, suggest content. "Calm's user data is directly fed into the third-party machine learning system, including all purchase and behavioural data,"
Is this AI untrustworthy?
What kind of decisions does the AI make about you or for you?
How to convert new users, engage existing users, retain the users they have
Is the company transparent about how the AI works?
Does the user have control over the AI features?
Dive Deeper
-
The Best Meditation AppsWirecutter
-
Privacy Evaluation for CalmCommon Sense Privacy Program
-
Choosing a mindfulness appMIT Medical
-
Headspace vs. Calm: How Do These Meditation Apps Compare?Healthline
-
The App That Monetized Doing NothingThe Atlantic
-
How Calm is using machine learning to keep us all mellowDiginomica
-
Machine Learning & Artificial Intelligence in the Meditation IndustryStormotion
-
How to Create a Mental Health App to Track Anxiety and Depressionaimprosoft
-
Global Mental Health Apps Market Size, Share & Industry Trends Analysis Report By Application, By Platform Type, By Regional Outlook and Forecast, 2021 - 2027Yahoo! finance
Comments
Got a comment? Let us hear it.