Washington MHMDA for Meditation Apps: Mood, Anxiety, and Stress Data Are Mental-Health Information
Meditation and mindfulness apps usually do not market themselves as health products. The marketing language is "calm," "focus," "balance," "sleep stories." The data the app collects, however, is squarely mental-health information under RCW 19.373.010: mood logs, anxiety check-ins, stress scores, breathing exercise selection patterns ("anxiety reduction" vs "sleep" vs "focus"), guided journaling content, gratitude entries, mood-tagged session histories, and the inferences the recommendation engine derives from all of it. The Washington My Health My Data Act names mental-health information explicitly. RCW 19.373.090 turns any compliance gap into a per se Consumer Protection Act violation with treble damages capped at $25,000 on the enhancement and one-way attorney's fees under RCW 19.86.090.
Ask my AI Legal Analyst about Washington consumer health data and MHMDA?
Tap a question for an instant, free answer (no email needed), or describe your product and the analyst routes you to the right next step.
Common Washington consumer-health-data questions, always free
What meditation-app data MHMDA reaches
- Mood logs and mood-rating check-ins.
- Anxiety, stress, and depression self-assessment scores.
- Session selection patterns ("anxiety reduction," "sleep aid," "panic," "grief").
- Guided journaling content (free-text the user types).
- Breathing exercise frequency, duration, and triggering context.
- Sleep meditation usage (when paired with sleep tracking).
- Inferences: "user shows anxiety pattern," "user is in distress," "user is at risk."
- Body-scan or biofeedback data when paired with a wearable.
The four MHMDA hooks for meditation apps
1. Separate Consumer Health Data Privacy Policy under RCW 19.373.020. Meditation apps are particularly weak on this requirement because the brand voice resists naming the data as "health data." Marketing copy talks about wellness; legal copy needs to acknowledge the mental-health categorization. The statute requires a standalone document with five substantive disclosures and a prominent homepage link.
2. Two-layer consent under RCW 19.373.030. Collection consent for mood and anxiety inputs; separate sharing consent for analytics, AI inference vendors, advertising attribution, and any corporate-wellness sharing. Sharing consent must disclose data categories, purpose and usage methods, receiving entities, and withdrawal mechanism. The bundled signup acceptance is not enough.
3. Journaling content and content-moderation models. Apps with free-text journaling routinely send the content to an AI moderation or sentiment-analysis vendor. The vendor processes user-generated mental-health content in identifiable form. Without a binding processor contract under RCW 19.373.060 that limits use to documented instructions, the flow is non-compliant. If the vendor's standard terms allow training on user content, the flow may also be a "sale" under RCW 19.373.010, requiring the nine-element authorization under RCW 19.373.070.
4. Corporate-wellness and B2B sharing. Many meditation apps are sold through employer-benefits contracts. Aggregate utilization reports back to the employer are common. The moment any individual-identifiable data flows to the employer (manager-tier dashboards, "high-stress users" flags), the receiving entity must be disclosed and consented to. If the platform receives consideration from the employer for any individual-identifiable data, that transfer is a "sale" requiring the nine-element authorization.
The per se CPA hook
RCW 19.373.090 converts any MHMDA violation into a per se CPA violation. A Washington user of your meditation app whose mood logs were shared with an ad network without separate sharing consent has a candidate complaint. Actual damages, discretionary treble damages capped at $25,000 on the enhancement, one-way attorney's fees, public-interest and unfair-or-deceptive elements declared by statute, four-year SOL.
What I review when you send me a meditation-app matter
- Privacy policy URL plus the separate Consumer Health Data Privacy Policy if one exists.
- Signup flow, consent banner, sharing toggles, and any "share with my coach" or "share with my employer" sub-flow.
- Data inventory: mood inputs, journaling content, session-selection patterns, inferences.
- Vendor list: AI moderation, sentiment analysis, analytics SDK, advertising attribution, customer support, any wearable integration.
- Corporate-wellness and B2B contracts that define what data flows back to the buyer.
- Processor and sub-processor list plus current DPA template.
Service tiers
- $240 Written Attorney Consultation. Two-business-day turnaround.
- $499 MHMDA scope memo.
- $900 MHMDA review with DPA and vendor language.
- $1,500 MHMDA compliance package.
Sergei's practical note
Meditation apps tend to assume the brand language ("wellness, not health") insulates them from MHMDA. It does not. Mental-health information is named in the consumer-health-data definition under RCW 19.373.010. Mood logs, anxiety check-ins, and journaling content sit at the center of that category. If you operate a meditation or mindfulness app with Washington users, the first compliance check is whether the data flows you have built treat that information with the seriousness the statute demands. Send the privacy policy, the consent flow, the AI moderation vendor terms, and any B2B contract. Regulatory advisory work under California license; not Washington representation.
Payment
Flat fee, paid up front through a secure PayPal checkout, so the budget is fixed before any work starts. The Written Attorney Consultation is a flat $240. There is no hourly meter and no surprise invoice. If a matter is unusually large or turns into extended negotiation, I tell you before any additional work and we agree on scope first.
Delivery
Drafts in 2 to 3 business days, even for complex agreements. I work weekends when a matter needs it and it is engaged. You receive the work product by email in an editable format, with brief written comments explaining the key issues and the reasoning behind the main choices.
Process
- Send the materials. Email me your current documents, screenshots, and a short description of the product and the Washington consumers it touches.
- I confirm scope and run a conflict check. Engagement begins only after that check and a written confirmation of what is included.
- I draft or review. You get the deliverable with plain-language comments on the highest-risk items first.
- We refine. Reasonable revision rounds are included so the final version fits how your product actually works.
Scope
This is attorney-supervised regulatory and document work under my California license: issue spotting, compliance planning, drafting, and review. It is not Washington court representation. For Washington filings, litigation, or any court appearance, I coordinate with Washington-admitted counsel. Nothing here creates an attorney-client relationship until a conflict check clears and an engagement is confirmed in writing.
Related Washington resources
For the full statutory walk-through, see my Washington My Health My Data Act resource. Self-assess via the Wellness App MHMDA Risk Checker. Adjacent verticals: wellness apps, health coaching, sleep tracking, and fitness apps.
Send your question, a short factual summary, and your key documents. You get a written attorney response identifying the main legal issues, the risks, and the practical next steps, so you know whether you have a real exposure and what to do about it. Provided under my California license; for Washington court representation I coordinate with Washington-admitted counsel.
See the full Washington MHMDA resource → or email me directly for a scoped quote.
Educational resource. Sergei Tokmakov is a California attorney (CA Bar #279869) currently seeking admission to the Washington State Bar. Nothing on this page creates an attorney-client relationship or is Washington legal advice.