Calm Harm Privacy Policy


Last updated: February 2022


  1. This Privacy Policy sets out how we will treat the information which you provide to us while using the App and/or the services provided from the App (Services). You are deemed to accept the terms of this Privacy Policy on your first use of the App. We may change this Privacy Policy from time to time and such changes shall be effective from the date and time the revised Privacy Policy is posted on the App. The App is controlled by stem4 (we/us/our), a charity registered in England and Wales under charity number 1144506 with its registered office at 51 St George’s Road, Wimbledon, London SW19 4EA, UK. stem4 is compliant with the Data Protection Act 2018 and the GDPR. stem4’s nominated Data Protection Officer (DPO) is Yvette Nieslony and can be contacted at


  1. Usage data and activity completion data is collected and cannot be opted out of. All Data is processed by us in accordance with applicable data protection legislation and we will keep your information only for as long as is necessary. After the retention period, data will be securely and irreversibly deleted from all production and back up databases.


To ensure that data minimisation principles are met, only relevant information to the use and improvement of the service is collected in mandatory fields.


The Calm Harm app does not collect personally identifiable data and an account does not need to be created to use the Calm Harm app. No cookies are used. IP addresses are not captured. The Calm Harm app is standalone and does not connect to any other apps or devices or interact with existing enterprise systems.


Some optional questions are asked in the Calm Harm app. This information is only used for research purposes and is completely anonymous. Anonymised data on whether tasks helped is collected to ensure that we can monitor the effectiveness of the Calm Harm app and individual tasks.


In order to evidence the effectiveness of the Calm Harm app, the following data will be made available to stem4.


  • Number of downloads and number of users (both iOS and Android)
  • Data submitted during onboarding or via the App Settings of the Calm Harm app (optional) including:
    • Location, Year of Birth, County (if in UK), First part of Postcode (if user has chosen West Yorkshire), Gender, Ethnicity, Whether they are receiving professional treatment
    • Aggregated data on user activity and its effectiveness
    • Analytics on user journeys


Activity is logged to present the user with the following information:

  • Average urge strength (past 7 days)
  • Most active time of day
  • Interactive self-monitoring graph indicating most common reasons for urges
  • Activity log
  • Most used activities
  • Suggested activities


All optional question and feedback data collected via the Calm Harm app is aggregated and cannot be tracked to each user/device. However, the security of this data is still important to us and we will take all steps reasonably necessary to ensure that the data is treated securely. The transfer of data is encrypted over a secure connection (SSL).


No personal data is collected however if you are under the age of 13 please ask an adult you trust for consent in using this app.


  1. The Data is stored on our servers or those of third-party storage service providers. We may, from time to time, expand or reduce our business which may involve the transfer of certain divisions or assets of our company to other parties, and Data, where relevant, may be transferred to such third parties. Additionally, from time to time we may transfer Data to locations outside the European Economic Area, some of which may have different data protection laws to the UK or the EU, or no data protection laws. In all such cases, we transmit such information only to entities that comply with this policy and applicable law.


  1. To create statistical reports about App use, anonymous data generated from users, including you, are collected by means of a software development kit (SDK) placed on your phone or device by Google Firebase web server. The SDK contains an anonymous, unique sequence that is only accessible by the Google Firebase web server. The SDK saves anonymous data about your App use until your device is connected to the internet, when it sends it to the Google Firebase web server. The server collates your data with equivalent data from other users. No personal data is sent, and the anonymous data will only be accessible to us and our developers.


  1. Calm Harm conforms to the security requirements set by the Information Commissioner’s Office (ICO). Information about concerns or complaints may be made to the Information Commissioners Office in the UK via


Please also note users are not subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.


  1. Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate (e.g if the purpose of data collection changes) notified to you when you next start the App.


Show Buttons
Hide Buttons