What could happen if something goes wrong?
First reviewed April 20, 2022. Review updated, April 25, 2023
When we launched our review of Calm in 2022, the app initially earned our *Privacy Not Included warning label. We dinged them for their data collection and use practices and for how users could control their data, After our review came out, Calm reached out to us to discuss ways they could improve. We love it when companies do that! (Seriously, please, more companies do that...without yelling at us first).
Calm isn't perfect. They do still collect a fair amount of personal information, including gathering data on you from third parties sources like marketing and advertising partners and social media sites. And they say they use this for making inferences about things like your gender and location. And they say they can use all this information for targeted, interest-based advertising. Not great, not great at all....but unfortunately pretty normal these days with these apps.
So in 2023, we find Calm improved from 2022. There's still more work they can do to be better for privacy for sure. But hey, baby steps, y'all, baby steps.
Read our review from 2022:
Uhg...Calm, why oh why must you ruin our zen meditation vibe with stressful privacy practices? You know what's rather stressful? When a company says, "Calm uses your data to personalize your online experience and the advertisements you see on other platforms based on your preferences, interests, and browsing behavior." OK, so, there are certainly more stressful things in life. But still, what if we just want to meditate in peace without all our data being used to find ways to sell us more stuff or keep us on the app longer? Pardon us as we go take another deep breath.
Calm says they don't sell your personal information (yay!). Sadly, they say they can use it -- and other things like your actions, preferences, interests, machine learning, and browsing behavior -- to target you with ads and personalizations and the like. They also say they "may obtain information about you from publicly available sources, marketing and advertising partners, consumer research platforms, and/or business contact databases." Potentially gathering even more data on you from data brokers and advertising companies, nope, these are not calming privacy practices at all. Then there's this (unfortunately) common practice where they say they "also share aggregated or other information not subject to obligations under the data protection laws of your jurisdiction with third parties." Here's where we have to remind you that it's been found to be relatively easy to de-anonymize such data, data they say they can share without restriction.
What's the worst that could happen? Well, could Calm get to know all about your meditation practices, your mood, your gender, your location, and more. Then use or share that information to target you with ads about things, like a wine company thinking you're ripe for targeting with wine ads when you're using the app a lot because that might mean you're stressed out. But you're a recovering alcoholic and the wine ads add to your stress. It's just one potential scenario of how targeted ads based on on your behavior and identifiers on the app could go wrong. Not something any of us need when we just want to meditate in peace, dang it!
Tips to protect yourself
- Opt out of cookies collection
- Do not log in using third-party accounts
- Do not connect to any third party via the app, or at least make sure that a third party employs decent privacy practices
- Do not give consent for sharing of personal data for marketing and advertisement.
- Choose a strong password! You may use a password control tool like 1Password, KeePass, etc - Do not use social media plug-ins.
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
- Keep your app regularly updated
- Limit ad tracking via your device (e.g. on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
- When starting a sign-up, do not agree to tracking of your data if possible.
What can be used to sign up?
Facebook and Google registration is available
What data does the company collect?
Name, email, street address
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
No known privacy or security incidents discovered in the last 3 years.
Child Privacy Information
Can this product be used offline?
Users can download and save meditations for offline use
User-friendly privacy information?
Links to privacy information
Does this product meet our Minimum Security Standards?
One vulnerability disclosed at openbugbounty still remains unpatched.
Calm uses AI to increase engagement, personalize user experience, suggest content. "Calm's user data is directly fed into the third-party machine learning system, including all purchase and behavioral data,"
Is this AI untrustworthy?
What kind of decisions does the AI make about you or for you?
Is the company transparent about how the AI works?
Does the user have control over the AI features?
Mental health apps have terrible privacy protections, report findsThe Verge
The Best Meditation AppsWirecutter
Privacy Evaluation for CalmCommon Sense Privacy Program
Choosing a mindfulness appMIT Medical
The App That Monetized Doing NothingThe Atlantic
How Calm is using machine learning to keep us all mellowDiginomica
Machine Learning & Artificial Intelligence in the Meditation IndustryStormotion
How to Create a Mental Health App to Track Anxiety and Depressionaimprosoft
Global Mental Health Apps Market Size, Share & Industry Trends Analysis Report By Application, By Platform Type, By Regional Outlook and Forecast, 2021 - 2027Yahoo! finance
Got a comment? Let us hear it.