Washington educational resource

Washington MHMDA for Meditation Apps: Mood, Anxiety, and Stress Data Are Mental-Health Information

Meditation and mindfulness apps usually do not market themselves as health products. The marketing language is "calm," "focus," "balance," "sleep stories." The data the app collects, however, is squarely mental-health information under RCW 19.373.010: mood logs, anxiety check-ins, stress scores, breathing exercise selection patterns ("anxiety reduction" vs "sleep" vs "focus"), guided journaling content, gratitude entries, mood-tagged session histories, and the inferences the recommendation engine derives from all of it. The Washington My Health My Data Act names mental-health information explicitly. RCW 19.373.090 turns any compliance gap into a per se Consumer Protection Act violation with treble damages capped at $25,000 on the enhancement and one-way attorney's fees under RCW 19.86.090.

Last legally reviewed: 2026-05-19. Citations verified against Chapter 19.373 RCW on app.leg.wa.gov.

What meditation-app data MHMDA reaches

Mood logs and mood-rating check-ins.
Anxiety, stress, and depression self-assessment scores.
Session selection patterns ("anxiety reduction," "sleep aid," "panic," "grief").
Guided journaling content (free-text the user types).
Breathing exercise frequency, duration, and triggering context.
Sleep meditation usage (when paired with sleep tracking).
Inferences: "user shows anxiety pattern," "user is in distress," "user is at risk."
Body-scan or biofeedback data when paired with a wearable.

The four MHMDA hooks for meditation apps

1. Separate Consumer Health Data Privacy Policy under RCW 19.373.020. Meditation apps are particularly weak on this requirement because the brand voice resists naming the data as "health data." Marketing copy talks about wellness; legal copy needs to acknowledge the mental-health categorization. The statute requires a standalone document with five substantive disclosures and a prominent homepage link.

2. Two-layer consent under RCW 19.373.030. Collection consent for mood and anxiety inputs; separate sharing consent for analytics, AI inference vendors, advertising attribution, and any corporate-wellness sharing. Sharing consent must disclose data categories, purpose and usage methods, receiving entities, and withdrawal mechanism. The bundled signup acceptance is not enough.

3. Journaling content and content-moderation models. Apps with free-text journaling routinely send the content to an AI moderation or sentiment-analysis vendor. The vendor processes user-generated mental-health content in identifiable form. Without a binding processor contract under RCW 19.373.060 that limits use to documented instructions, the flow is non-compliant. If the vendor's standard terms allow training on user content, the flow may also be a "sale" under RCW 19.373.010, requiring the nine-element authorization under RCW 19.373.070.

4. Corporate-wellness and B2B sharing. Many meditation apps are sold through employer-benefits contracts. Aggregate utilization reports back to the employer are common. The moment any individual-identifiable data flows to the employer (manager-tier dashboards, "high-stress users" flags), the receiving entity must be disclosed and consented to. If the platform receives consideration from the employer for any individual-identifiable data, that transfer is a "sale" requiring the nine-element authorization.

The per se CPA hook

RCW 19.373.090 converts any MHMDA violation into a per se CPA violation. A Washington user of your meditation app whose mood logs were shared with an ad network without separate sharing consent has a candidate complaint. Actual damages, discretionary treble damages capped at $25,000 on the enhancement, one-way attorney's fees, public-interest and unfair-or-deceptive elements declared by statute, four-year SOL.

The "we are not a therapy app" disclaimer is irrelevant to MHMDA. Most meditation apps disclaim therapy or medical-advice status. That disclaimer is relevant to scope-of-license questions but does not change the MHMDA analysis. The statute reaches mental-health information regardless of whether the app provides therapy.

What I review when you send me a meditation-app matter

Privacy policy URL plus the separate Consumer Health Data Privacy Policy if one exists.
Signup flow, consent banner, sharing toggles, and any "share with my coach" or "share with my employer" sub-flow.
Data inventory: mood inputs, journaling content, session-selection patterns, inferences.
Vendor list: AI moderation, sentiment analysis, analytics SDK, advertising attribution, customer support, any wearable integration.
Corporate-wellness and B2B contracts that define what data flows back to the buyer.
Processor and sub-processor list plus current DPA template.

Service tiers

$125 written email evaluation. Two-business-day turnaround.
$499 MHMDA scope memo.
$900 MHMDA review with DPA and vendor language.
$1,500 MHMDA compliance package.

Sergei's practical note

Meditation apps tend to assume the brand language ("wellness, not health") insulates them from MHMDA. It does not. Mental-health information is named in the consumer-health-data definition under RCW 19.373.010. Mood logs, anxiety check-ins, and journaling content sit at the center of that category. If you operate a meditation or mindfulness app with Washington users, the first compliance check is whether the data flows you have built treat that information with the seriousness the statute demands. Send the privacy policy, the consent flow, the AI moderation vendor terms, and any B2B contract. Regulatory advisory work under California license; not Washington representation.

Related Washington resources

For the full statutory walk-through, see my Washington My Health My Data Act resource. Self-assess via the Wellness App MHMDA Risk Checker. Adjacent verticals: wellness apps, health coaching, sleep tracking, and fitness apps.

Educational resource. Sergei Tokmakov is a California attorney (CA Bar #279869) currently seeking admission to the Washington State Bar. Nothing on this page creates an attorney-client relationship or is Washington legal advice.