WHOOP, INC
FULL PRIVACY POLICY

FULL PRIVACY POLICY

1. INTRODUCTION

At Whoop, Inc., including its wholly-owned subsidiaries, (collectively “WHOOP,” “us,” “we,” or “our”), our mission is to unlock human performance and healthspan. We exist to improve your life, not invade it. This should be the standard for all companies providing wearable devices. We take your privacy seriously and want you to understand how we use, collect, and share Personal Data and the measures we take to protect your Personal Data. “Personal Data” means any information that identifies you or can be reasonably linked to you, or information which is otherwise considered to be “personal information” or “personal data” under applicable laws.

This Privacy Policy applies to Personal Data we collect about WHOOP members and other consumers who interact with WHOOP or use our services, including by visiting our websites or our social media pages or by using our mobile apps, the WHOOP Strap, another WHOOP device, or any features, content, or applications offered by WHOOP in connection therewith (collectively, the “Services”). This Privacy Policy does not cover the practices of companies or people that we do not own, control or manage. We are not responsible for the policies and practices of any third parties, and we do not control, operate, or endorse any information, products, or services that may be offered by third parties or accessible on or through the Services. For clarity, we are responsible for the data protection practices of our data processors (i.e., those processing Personal Data of which we are the controllers in relation to the Services) in accordance with the data protection laws applicable to the jurisdiction in which you reside.

We have provided supplemental notices below for residents of certain U.S. states and individuals located in the European Economic Area, the United Kingdom, and Switzerland (collectively “Europe” or “European”), Brazil, India, Israel, Japan, Mexico, Qatar, Singapore, South Africa, South Korea, and Taiwan.

2. HOW WE COLLECT PERSONAL DATA

We collect Personal Data about you from:

Yourself, when you provide such information directly to us, such as when completing your profile or responding to a questionnaire;
WHOOP Strap or another device that you wear;
WHOOP Coach when you interact with and receive responses from the WHOOP Coach as described in Section 8 below;
Automatic data collection, such as Cookies, local storage objects, web beacons, and other similar technologies in connection with your use of the Services;
Customers and partners, such as employers, insurance companies, coaches, teams, or other organizations that engage with our Services;
Marketing and advertising partners, such as companies that have entered in joint marketing relationships with us or assist us with marketing or promotional services, which may provide us with data related to how you interact with our Services, advertisements, or communications;
Social media, other third-party platforms, and linked accounts, devices, or features, if you interact with our pages on social media sites, post content to their sites using the Services, sign into the Services through a third-party site or service, or otherwise link accounts, devices, or features to your WHOOP account; and
Data providers, such as information services and data licensors, when we supplement your data.

3. PERSONAL DATA WE COLLECT

We may collect the following types of Personal Data:

Contact details, such as your first and last name, email and mailing address, and phone number;
Profile data, such as username and password that you may establish to create a WHOOP account, as well as any photographs or information you choose to include in your WHOOP profile;
Communications that we exchange with you, including when you contact us via email, web app, or mobile app with questions, feedback, or reviews;
Wellness Data, including but not limited to physiological metrics such as resting heart rate, heart rate variability, respiratory rate, skin temperature and blood oxygen saturation level; acceleration; metadata on workouts and sleep; the type of physical activity you engage in and the duration of your activity; data reflecting strain and recovery; your physiological profile, including birthday, gender identity, weight, height, fitness/athlete level (e.g., professional or recreational); and details you choose to submit about your habits, diet, medications, and female health tracking. We may use certain of this information to customize your experience with us as part of our Services;
Conversations that you participate in with the WHOOP Coach, as described in Section 8 below;
Payment and transactional data needed to complete your orders on the website or through the Services (including name, email address, payment card information, bank account number, billing information) and your transaction history, although WHOOP does not have access to payment card numbers. Our payment processors will collect the financial information necessary to process your payments in accordance with the payment processor’s respective services agreement and privacy policy;
Marketing data, such as your preferences for receiving our marketing communications, and details about your engagement with them (e.g., the marketing emails that you open and the links within them that you click);
Device data, such as your computer or mobile device operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP Address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state, or geographic area;
Geolocation data, such as GPS (precise geolocation), IP Address, and movement on certain exercise types if you give permission for WHOOP to do so; and
Online activity data, such as pages or screens you view, how long you spent on a page or screen, the website you visited before visiting our website, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access.

4. COOKIES AND SIMILAR TECHNOLOGIES

WHOOP uses cookies and similar technologies such as pixel tags, web beacons, clear GIFs, and JavaScript (collectively, “Cookies”) to enable our servers to recognize your web browser and tell us how and when you visit and use our Services, as well as to analyze trends, learn about our user base, and operate and improve our Services. Cookies are small pieces of data included on the Services (such as on a website or in an email) or placed on your computer, tablet, phone, or similar device when you use that device to visit our Services. We may also supplement the information we collect from you with information received from third parties, including third parties that have placed their own Cookies on your device(s). If you live in Europe, we will obtain your (opt-in) consent prior to deploying any cookies other than cookies which are regarded under European laws as being “strictly necessary” (i.e., Essential Cookies, as described below).

Cookie Usage and Type. WHOOP uses the following Cookies:

Essential Cookies: Essential Cookies are required for providing you with features or Services that you have requested. For example, certain Cookies enable you to log into secure areas of our Services. Disabling these Cookies may make certain features and Services unavailable.
Functionality Cookies: Functional Cookies are used to record your choices and settings regarding our Services, maintain your preferences over time, and recognize you when you return to our Services. These Cookies help us to personalize our content for you, greet you by name, and remember your preferences (e.g., your region).
Performance/Analytical Cookies: Performance/Analytical Cookies allow us to understand how users use our Services by collecting information on how often a user engages with a particular feature of the Services. We use these aggregated statistics internally to improve the Services. Performance/Analytical Cookies also help us measure the performance of our advertising campaigns in order to help us improve our campaigns and the Services’ content for those who engage with our advertising. For example, Google, Inc. (“Google”) uses Cookies in connection with its Google Analytics services. For more information on how Google uses this information, click here.
Marketing Cookies: Marketing Cookies collect data about your online activity and identify your interests so that we and our advertising partners can provide marketing that we believe is relevant to you. For more information, please see the section below titled “Interest-based advertisements.”

Online tracking opt-outs. There are a number of ways you can opt out of certain interest-based advertising and other online tracking activities, which we have summarized below.

Blocking Cookies in your browser. Most browsers let you remove or reject Cookies, including Cookies used for interest-based advertising. To do this, follow the instructions in your browser settings. Many browsers accept Cookies by default until you change your settings. For more information about Cookies, including how to see what Cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org.
Blocking advertising ID use in your mobile device settings. Your mobile devices may offer settings that enable you to make choices about the collection, use, or transfer of your advertising ID associated with your mobile device for interest-based advertising purposes.
Using privacy plug-ins or browsers. You can block our websites from setting Cookies used for interest-based ads by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, Ghostery, or uBlock Origin, and configuring them to block third party Cookies/trackers. You can also opt out of Google Analytics by downloading and installing the browser plug-in available at: https://tools.google.com/dlpage/gaoptout.
Visiting our OneTrust Privacy Preference Center. You can click here to customize your Cookie consent preferences.
Platform opt-out.
- Google (AdWords): adsettings.google.com;
- Microsoft (Bing): about.ads.microsoft.com/en-us/resources/policies/personalized-ads; and
- Facebook: www.facebook.com/about/ads.
Some third-party ad networks, including third-party ad servers, ad agencies, ad technology vendors, and research firms, allow you to opt-out directly by using their opt-out tools. Some of these providers, and links to their opt-out tools, are:
Advertising industry opt-out tools.
- Digital Advertising Alliance for Websites: https://optout.aboutads.info;
- Digital Advertising Alliance for Mobile Apps: https://youradchoices.com/appchoices; and
- Network Advertising Initiative: https://optout.networkadvertising.org/.

You can also use these opt-out options to limit use of your information for interest-based advertising by participating companies:

Please note that some opt-out features are Cookie-based, meaning that when you use these opt-out features, an “opt-out” Cookie will be placed on your computer or other device indicating that you do not want to receive interest-based advertising from certain companies. If you delete your Cookies, use a different browser, or use a different device, you will need to renew your opt-out choice.

Opting out of interest-based advertising does not mean that you will no longer receive online ads. It only means that such ads will no longer be tailored to your specific viewing habits or interests. You may continue to see ads on and about the Services.

5. HOW WE USE PERSONAL DATA

We process and use Personal Data for the following purposes:

Service delivery, including to:

Provide, operate, improve, develop, understand, and personalize the Services and our business, including testing, research, analysis, and product development;
Satisfy the reason you provided the information to us, including for delivery of the Services and responding to and fulfilling requests;
Communicate with you about the Services, including Service announcements, updates, or offers;
Provide support and assistance for the Services;
Create and manage your account or other user profiles;
Customize website content and communications based on your preferences; and
Process orders, memberships, or other transactions.

Research and development. We may create and use Aggregated Data, De-Identified Data, or other anonymous data from Personal Data we collect, including Wellness Data, for our business purposes, including to analyze the effectiveness of the Services, to improve and add features to the Services, and to analyze the general behavior and characteristics of users of the Services. We also use anonymous Wellness Data for research purposes to help us and our research partners answer important questions about human performance and create an even-better experience for our members by identifying cutting-edge insights and providing new content and product features.

Direct marketing and advertising. We may use data from the Personal Data we collect, including Wellness Data and certain data collected when you browse our website, to send you direct offers or other marketing messages or to advertise the Services or other WHOOP product offerings.

Interest-based advertising. We engage our advertising partners, including third party advertising companies and social media companies, to advertise our Services. We and our advertising partners may use Cookies and similar technologies to collect information about your interaction over time across the web, our communications, and other online services, and may use that information to serve online ads. We comply with the Digital Advertising Alliance Self-Regulatory Principles for Online Behavioral Advertising. To learn more about the industry self-regulatory programs and other information and choices about interest-based ads, please see the section above entitled “Online tracking opt-outs.”

Compliance and protection, including to:

Protect against or deter fraudulent, illegal, or harmful actions and maintain the safety, security, and integrity of our Services;
Comply with or enforce our legal or contractual obligations, resolve disputes, and enforce our Terms of Use and Terms of Sale;
Audit our internal processes for compliance with legal and contractual requirements and internal policies;
Protect our, your, or others’ rights, privacy, safety, or property (including by making and defending legal claims); and
Respond to law enforcement requests and as required or permitted by applicable law, court order, or governmental regulations.

6. HOW WE SHARE PERSONAL DATA

We may share your Personal Data with:

Service providers, such as payment processors, vendors who advertise our Services or other WHOOP products, security and fraud prevention consultants, hosting and other technology and communications providers, our third-party Large Language Model (“LLM”) partner that powers WHOOP Coach (as described in Section 8 below), analytics providers, and staff augmentation and contract personnel, that provide services to us or on our behalf;
Advertising partners that may collect information on our website through Cookies and other automated technologies, including for the interest-based advertising purposes described above. We do not share your Wellness Data with advertising partners;
Professional advisors, such as lawyers, auditors, bankers, and insurers, where necessary in the course of the professional services they render to us;
Authorities and others, including law enforcement, government authorities, and private parties we believe in good faith to be necessary or appropriate to comply with the law or legal process;
Business transferees, such as acquirers and other relevant participants in business transactions (or diligence or negotiations for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale, or other disposition of all or any portion of the business or assets of, or equity interests in, WHOOP or our affiliates (including, in connection with a bankruptcy or similar proceedings);
Distributors and retailers of our Services or other WHOOP products; and
Affiliates of WHOOP.

7. HOW YOU MAY SHARE PERSONAL DATA THROUGH THE SERVICES

Depending on how you use the Services, you may share Personal Data with:

Other users of the Services or the general public, such as through our WHOOP Live or WHOOP Teams features, which allow you to choose to share information and content with other users of the Services, and users are by default searchable by other users. When you make Personal Data visible to other users of the Services, including through the WHOOP Live or WHOOP Teams features, it may become publicly available and can be collected, viewed, and used by anyone;
Third-party social media platforms, or linked accounts, devices, or features, when you choose to connect your account on those services with your WHOOP account or post content to social media, such as through the WHOOP Live feature;
Managing entities. If your use of the Services is on behalf of or managed by a managing entity, such as a coach, team, organizing body, or other entity with which you are affiliated, your account information and Personal Data may be shared with the managing entity subject to your consent, and you hereby consent to that managing entity allowing that information to be publicly shared, subject to any features of the Services that expressly override that control. The managing entity will determine how the relevant information and content is shared; and
Corporate wellness programs. If you use the Services in connection with an employer or organizational corporate wellness program, we may share your information with that organization subject to your consent. Typically, we will share only aggregated data with these organizations.

8. WHOOP COACH, MEMBERSHIP SERVICES AI & THIRD-PARTY AI TECHNOLOGY

WHOOP Coach

WHOOP Coach is a generative AI feature that is intended to help you understand and make progress to your goals, decipher WHOOP concepts, provide educational guidance, and integrate with the rest of your WHOOP experience. WHOOP Coach creates a coaching experience by combining your unique, anonymized WHOOP metrics with the science of WHOOP to help you optimize your health, fitness, and performance.

If you decide to use WHOOP Coach, please note that WHOOP Coach leverages third-party AI technology provided by our LLM partner. This technology is trained on real-world data to generate intelligent and personalized responses in conversations with users. Responses from WHOOP Coach are based on your requests and relevant information collected through your WHOOP metrics. For example, if you ask WHOOP Coach a sleep-related question, then WHOOP Coach will provide personalized tips for improving your sleep based on your anonymized sleep data collected through the Services.

We require our LLM partner to use your anonymized WHOOP metrics only for the purpose of allowing WHOOP Coach to generate content for you. We have ensured that our LLM partner has a “Zero-Retention/Zero Training Policy” with respect to your WHOOP metrics, meaning that our LLM partner will not store or retain any of the anonymized WHOOP metrics they receive through your use of WHOOP Coach, and our LLM partner will not use any of the anonymized WHOOP metrics they receive for training any algorithms or LLM technology.

We will only share anonymized WHOOP metrics with our LLM partner. We ask that you refrain from providing any identifying information, such as your name, in conversations with WHOOP Coach.

WHOOP may retain the history of your conversations with WHOOP Coach to ensure you continue to have access to previous conversations while using the feature. When you revisit any topics from previous chats, WHOOP may share the context of your previous conversations with WHOOP Coach to create a better experience for you. You may delete your WHOOP Coach chat data at any time by either tapping the chat icon in WHOOP Coach to view your conversation history and swipe left on conversations you would like to delete or requesting a deletion through Membership Services.

If you choose to use WHOOP Coach, please note that, consistent with our Privacy Principles, WHOOP employees will only access member Personal Data when required to provide services and support, which may include collecting information about your experience with WHOOP Coach to assess the performance of and improve WHOOP Coach and other product offerings. In the case that WHOOP Coach suggests connecting to Membership Services, you can opt in and have your support request automatically filed with our team. In this case, they will only have access to that specific conversation to provide you with the best support.

Membership Services AI

WHOOP Membership Service includes a generative AI feature that is intended to assist you in receiving member support.

Membership Services uses third-party AI technology provided by our LLM partner. This technology is trained on real-world data to generate intelligent and personalized responses in conversations with users. Responses from Membership Services are based on your requests and relevant information collected through your WHOOP membership. For example, if you ask Membership Services a question regarding your order, Membership Services will draw on your purchase records.

We require our LLM partner to use your anonymized WHOOP metrics only for the purpose of allowing Membership Services AI to generate content for you. We have ensured that our LLM partner has a “Zero-Retention/Zero Training Policy” with respect to your WHOOP metrics, meaning that our LLM partner will not store or retain any of the anonymized WHOOP metrics they receive through your use of Membership Services, and our LLM partner will not use any of the anonymized WHOOP metrics they receive for training any algorithms or LLM technology.

We will only share anonymized WHOOP metrics with our LLM partner.

WHOOP may retain the history of your conversations with Membership Services to ensure you continue to have access to previous conversations while using the feature. When you revisit any topics from previous chats, WHOOP may share the context of your previous conversations with Membership Services to create a better experience for you.

Consistent with our Privacy Principles, WHOOP employees will only access member Personal Data when required to provide services and support, which may include collecting information about your experience with Membership Services to assess the performance of and improve Membership Services AI and other product offerings.

9. YOUR CHOICES

Access, update, or delete. When you log in to your account, you may access, and, in some cases, edit or delete certain information you’ve provided to us, such as first and last name, username and password, email and mailing address, and other information in your profile. When you update information, however, we may maintain a copy of the unrevised information in our records. You may request access to or a full deletion of your account and corresponding data by contacting privacy@whoop.com or via the “Data Management” feature available in the WHOOP Privacy Center privacy.whoop.com. You will be asked to complete a verification form in connection with such access or deletion request in order to ensure that you have the authority to access or delete your account. We may need to retain certain Personal Data in our records, as well as aggregated data or de-identified data derived from or incorporating your Personal Data that does not identify you after you update or delete it.

Privacy settings. You can change certain privacy settings, such as whether you are searchable on WHOOP by your name or username, if you scroll down to Settings, located on the Main Menu page of the WHOOP mobile application, and select “Privacy,” where you can choose to make yourself private or searchable.

Push notifications and device permissions. You can change your settings related to push notifications and device permissions through the settings on your mobile device.

Geolocation data. You may allow or disallow WHOOP to collect geolocation data by enabling or disabling location services on your mobile device. If you decline to grant WHOOP access to this data, we will not be able to provide certain Services, capabilities, or features to you.

Wellness Data. You can disable collection of additional Wellness Data by un-pairing your WHOOP device from your mobile device. If you unpair your WHOOP device from your mobile device, we will not be able to provide certain Services, capabilities, or features to you.

WHOOP Coach. You can choose whether or not to enable and interact with WHOOP Coach. We will only share your anonymized WHOOP metrics with our LLM partner that powers WHOOP Coach if you enable and engage with the feature. If you wish to update your data preferences, you can visit the “Coaching Mode” section of your WHOOP Coach settings. If you no longer wish to use WHOOP Coach, you can simply not interact with the feature, or you can disable the feature entirely from your WHOOP mobile application settings at any time.

WHOOP Teams. If you have joined a WHOOP Team, you may stop the sharing of your Personal Data with the members of the WHOOP Team at any time by accessing your WHOOP mobile application, navigating to the Team view, opening the Team menu, and selecting “Leave Team”.

Marketing communications. You can opt-out of marketing-related emails and other communications by going to our “Data Management” feature available in the WHOOP Privacy Center privacy.whoop.com, or by following the opt-out or unsubscribe instructions contained in the marketing-related message. You cannot opt-out of receiving certain non-marketing emails regarding the Services.

Online tracking opt-outs. There are a number of ways you can opt-out of certain interest-based advertising and other online tracking activities, which we summarize in the “Online tracking opt-outs” section above.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to online services. The Services do not currently support “Do Not Track” requests or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

10. OTHER SITES AND SERVICES

The Services may contain links to websites and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control mobile applications, websites, or online services offered or operated by third parties, and we are not responsible for their actions. You can learn about and control how these third parties use and share Personal Data, including with WHOOP, by reviewing their privacy notices and exercising the privacy choices the third party may offer.

11. DATA SECURITY AND RETENTION OF PERSONAL DATA

We employ a number of physical, technical, organizational, and administrative security measures designed to protect the Personal Data we collect. While we endeavor to protect the privacy of your account and other Personal Data we hold in our records, no security measures are failsafe, and we cannot guarantee the security of your Personal Data.

We retain Personal Data for as long as reasonably necessary for the purposes described in this Privacy Policy, while we have a business need to do so, or as required by law (e.g., for tax, legal, accounting, or other purposes), whichever is longer.

12. PERSONAL DATA OF CHILDREN

If you are under the age to consent to data sharing, as applicable based on your jurisdiction, please do not attempt to register for the Services or send any Personal Data about yourself to us. If we learn that we have collected Personal Data from a child under the age to consent to data sharing, as applicable based on jurisdiction, we will delete that information as quickly as possible. If you believe that a child under the age to consent to data sharing, as applicable based on your jurisdiction, may have provided us Personal Data, please contact us at privacy@whoop.com.

13. CHANGES TO THIS PRIVACY POLICY

We are constantly trying to improve our Services, so we may need to change this Privacy Policy from time to time. Changes will be posted on the WHOOP website and available on other WHOOP Services. We will alert you to material changes by placing a notice on the WHOOP website, by sending you an email, and/or by some other means. If you use the Services after any changes to the Privacy Policy have been posted, that means you agree to all of the changes.

14. CONTACT US

If you have any questions or concerns regarding our privacy policies, please send us a detailed message to privacy@whoop.com or at the mailing address below.

Whoop, Inc., Attn: Legal Department, One Kenmore Square, #601 Boston, MA 02215

15. U.S. STATE-SPECIFIC PRIVACY NOTICE

If you are a resident of California, Colorado, Connecticut, Delaware (as of January 1, 2025), Iowa (as of January 1, 2025), Maryland (as of October 1, 2025), Minnesota (as of July 31, 2025), Montana, Nebraska (as of January 1, 2025), New Hampshire (as of January 1, 2025), New Jersey (as of January 15, 2025), Oregon, Tennessee (as of July 1, 2025), Texas, Utah, and Virginia, the law in your state may provide you with the following rights:

Information: The Privacy Policy describes the types of Personal Data (including “Personal Information” as defined in applicable laws) we collect in the “Personal Data We Collect ” section above and the sources through which we collect Personal Data in the “How We Collect Personal Data section above. We describe the purposes for which we use and share this data in the “How We Use Personal Data” section above and the “How We Share Personal Data” section above.
Access: You can request a copy of the Personal Data that we maintain about you.
Deletion: You can ask to delete the Personal Data that we have collected from you.
Correction:You can ask to correct inaccuracies in your Personal Data.
Opt-out of sale and sharing of your Personal Data: You can ask to opt out of the selling or sharing of your Personal Data, the processing of your Personal Data for purposes of targeted advertising, and/or profiling in furtherance of decisions that produce legal or similarly significant effects, which you can exercise according to the instructions in the “Online tracking opt-outs” section of the Privacy Policy.
Appeal:You may be permitted to appeal our decision, if we deny your request.

In addition, and as set forth below, California law requires us to identify, for the 12-month period prior to the date of this Privacy Policy, what information we may have “sold” or “shared” about you. For the 12-month period prior to the date of this Privacy Policy, WHOOP has not sold any Personal Data. We do not sell Personal Data. For the 12-month period prior to the date of this Privacy Policy, WHOOP has only shared Personal Data as described above. As we explain in this Privacy Policy, we use Cookies and other tracking technologies to analyze website and application traffic and use, and to facilitate advertising. To limit use of Cookies and other tracking technologies, please review the instructions provided in the “Online tracking opt-outs” section. You may also direct us to share your data, as described in the “How You Share Personal Data Through the Services” section of the Privacy Policy.

You are entitled to exercise the rights described above free from discrimination.

Exercising Your Rights. To exercise these rights, you can submit requests as follows:

To request access to, correction of, or deletion of Personal Data collected via your use of the Services, please either (i) use the “Data Management” feature available on the WHOOP Privacy Center privacy.whoop.com; or (ii) email us at privacy@whoop.com.
To learn how to opt-out of interest-based ads and other online tracking, see the “Online tracking opt-outs” section of the Privacy Policy.
To verify your identity prior to responding to your requests, we may ask you to confirm information that we have on file about you or your interactions with us. Where we ask for additional Personal Data to verify your identity, we will only use it to verify your identity or your authority to make the request on behalf of another consumer.
Authorized agents: You can empower an “authorized agent” to submit requests on your behalf. Your authorized agent may submit requests in the same manner, although we may require the agent to present signed written permission to act on your behalf, and you may also be required to independently verify your identity with us and confirm that you have provided the agent permission to submit the request.

Please note that we are only required to honor requests to know twice in a 12-month period.

California Shine the Light. This Privacy Policy describes how we may share your Personal Data for marketing purposes. If you are a California resident, the Shine the Light law permits you to request and obtain from us once per calendar year information about any of your Personal Information shared with third parties for their own direct marketing purposes, including the categories of information and the names and addresses of those businesses with which we have shared such information. To request this information and for any other questions about our privacy practices and compliance with California law, please contact us through the contact form on our website.

15A. New Trans-Atlantic Data Privacy Framework

The judgment in the Schrems II case issued by the European Court of Justice in 2020 found that Privacy Shield framework no longer provides adequate safeguards for the transfer of personal data to the United States from the EEA.

The US and the European Commission announced in 2022 an “agreement in principle” to develop a new Trans-Atlantic Data Privacy Framework (“Framework”). The Framework is intended to re-establish a legal mechanism for transfers of EU personal data to the U.S. after the Court of Justice of the European Union invalidated the EU-US Privacy Shield.

In the interim, to ensure that transfers of personal data from the EU to the US can occur in line with European data protection laws, Whoop will enter into the Standard Contractual Clauses with our vendors who process personal data, and with our customers upon request. These Standard Contractual Clauses legitimize the transfer of personal data from the EU to the US.

16. PRIVACY NOTICE FOR EUROPEAN RESIDENTS

If you are a resident of Europe, you may have additional rights under the General Data Protection Regulation (the “GDPR”) and other European data protection and e-privacy laws. To the extent of any conflict between the provisions set out in this Section 16, and any other provision in this Privacy Policy, the former shall control to the extent of such conflict.

Controller and European Representatives. WHOOP, Inc. will be the controller of your Personal Data processed in connection with the Services. Our contact information is as follows: Whoop, Inc. Attn: Data Protection Officer One Kenmore Square, #601 Boston, MA 02215 privacy@whoop.com

Our EU Representative is:

Whoop Limited, 70 Sir John Rogerson’s Quay Dublin 2 Dublin, D02 R296, Ireland

Our UK Representative is:

DP Data Protection Services UK Ltd. Attn: Whoop, Inc. 16 Great Queen Street, Covent Garden, London, WC2B 5AH, United Kingdom

You may contact any one of the above representatives at: whoop@gdpr-rep.com

Legal Bases for Processing. The “How We Use Personal Data” section above explains how we use your Personal Data. We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity and our “legitimate interests” or the legitimate interest of others but will depend on the type of Personal Data and the specific context in which we process it. However, the legal bases we typically rely on for each category of processing activity are set out below.

Service delivery: Processing is necessary to perform our contract, or to take steps that you request prior to engaging our Services. Where we cannot process your Personal Data as required to operate the Services on the grounds of contractual necessity, we process your personal information for this purpose based on our legitimate interest in providing you with the products or Services you access and request.
Research and development: These activities constitute our legitimate interests.
Marketing and advertising: Processing is based on your consent where that consent is required by applicable law. Where such consent is not required by applicable law, we process your personal information for these purposes based on our legitimate interests in promoting our business.
Compliance and protection: From time to time, we may also need to process Personal Data to comply with a legal obligation, if it is necessary to protect the vital interests of you or other data subjects, or if it is necessary for a task carried out in the public interest.
Consent: To the extent that Wellness Data that we collect is considered health data or another special category of Personal Data subject to the GDPR, we will ask for your explicit consent to process this data. You can use your account settings and tools to withdraw your consent at any time, including by unpairing your WHOOP Strap, stopping use of a feature, removing our access to a Third-Party service, or deleting your data or your account. In addition, in some cases, such as when you direct us to share it, we process Personal Data based on the consent you expressly grant to us at the time we collect such data. When we process Personal Data based on your consent, you have the right to withdraw it any time in the manner indicated at the time you give consent or in as listed in our Services.

We may use your Personal Data for reasons not described in this Privacy Policy where permitted by law and where the reason is compatible with the purpose for which we collected it. If we need to use your Personal Data for an unrelated purpose, we will notify you and explain the applicable legal basis.

Retention. To determine the appropriate retention period for your Personal Data, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Solely automated decision-making. We do make decisions based solely on automated processing involving personal data, including profiling, which produce legal effects or similarly significantly affects you, including in connection with the personal data processing activities described under Section 8 above.

Data Subject Rights. You have certain rights with respect to your Personal Data, including:

Access. You can request more information about the Personal Data we hold about you and request a copy of such Personal Data. You can also access certain of your Personal Data by logging into your account or via the “Data Management” feature available in the WHOOP Privacy Center privacy.whoop.com.
Rectification. If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. You can also correct some of this information directly by logging into your account.
Erasure. You can request that we erase your Personal Data from our systems.
Withdrawal of consent. If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Services.
Portability. You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.
Objection. You can contact us to let us know that you object to the further use or disclosure of your Personal Data for certain purposes, such as for direct marketing purposes.
Restriction of processing. You can ask us to restrict further processing of your Personal Data.
Right to file a complaint. You have the right to lodge a complaint about our practices with respect to your Personal Data with the supervisory authority in the relevant European Economic Area member state, UK or Switzerland, as applicable, where you reside.
Obtain a copy of any Standard Contractual Clauses or other international data transfer agreement we may use to transfer your personal data outside of Europe.

For more information about these rights, or to submit a request, please email whoop@gdpr-rep.com or privacy@whoop.com. Please note that in some circumstances, we may be allowed to wholly or partially decline your request in accordance with applicable data protection laws (including the GDPR), but in those circumstances, we will still respond to notify you of such a decision in accordance with the timescales under such laws. In some cases, we may also need you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request.

Processing of Personal Data in the United States. To provide the Services, we will process your Personal Data in the United States, where WHOOP is based. To the extent we transfer your Personal Data to the United States, we will do so in accordance with European data protections laws.

If you have any questions about this section or our data practices generally, please contact us at privacy@whoop.com.

17. PRIVACY NOTICE FOR BRAZIL RESIDENTS

If: (a) you are a Brazilian resident; (b) your Personal Information was collected in Brazil (e.g. you were located in Brazil at the moment that your Personal Information was collected); or (c) the data processing activities are being performed in Brazil, this section is applicable to you.

Controller. Whoop, Inc. will be the controller of your Personal Data processed in connection with the Services. Our contact information is as follows:

Whoop, Inc., One Kenmore Square, #601 Boston, MA 02215, privacy@whoop.com

Data Protection Officer (“DPO”). Please see here for information on the DPO.

Legal Bases for Processing. The “How We Use Personal Data” section above explains how we use your Personal Data. We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, performance of an agreement and our “legitimate interests” but will depend on the type of Personal Data and the specific context in which we process it. However, the legal bases we typically rely on for each category of processing activity are set out below.

Service delivery: Processing is necessary to perform our contract, or to take steps that you request prior to engaging our Services. Where we cannot process your Personal Data as required to operate the Services on the grounds of performance of an agreement, we process your personal information for this purpose based on our legitimate interest in providing you with the products or Services you access and request.
Research and development: Processing is based on our legitimate interests.
Marketing and advertising: Processing is based on your consent where that consent is required by applicable law. Where such consent is not required by applicable law, we process your personal information for these purposes based on our legitimate interests in promoting our business.
Compliance and protection: From time to time, we may also need to process Personal Data to comply with a legal obligation, if it is necessary to protect the vital interests of you or other data subjects, or if it is necessary for a task carried out in the public interest.
Consent: To the extent that Wellness Data that we collect is considered health data or another special category of Personal Data, we ask for your explicit consent to process this data. You can use your account settings and tools to withdraw your consent at any time, including by unpairing your WHOOP Strap, stopping use of a feature, removing our access to a Third-Party service, or deleting your data or your account. In addition, in some cases, such as when you direct us to share it, we process Personal Data based on the consent you expressly grant to us at the time we collect such data. When we process Personal Data based on your consent, you have the right to withdraw it any time in the manner indicated at the time you give consent or in as listed in our Services.

Data Subject Rights. You have certain rights with respect to your Personal Data, including:

Right to confirmation: You have the right to obtain confirmation of the existence of the processing activity of your Personal Data.
Right to access: If WHOOP processes your Personal Data, you will also have the right to access such Personal Data, i.e. to obtain a simplified or complete statement about the categories of Personal Data processed, the source of the data, and the processing purposes. If your Personal Data is processed based on your consent, or on a contract entered into by you with WHOOP. You also have the right to obtain a full copy of the Personal Data that is processed based on consent or on a contract.
Right to correction: You have the right to request the correction of incomplete, inaccurate, or outdated data about you.
Right to anonymization, blocking or deletion: In certain cases, when your Personal Data is unnecessary, excessive or is processed in non-compliance with the LGPD, you have the right to request the anonymization, blocking or deletion of this data.
Right to data portability: In certain cases, as defined by the Brazilian Data Protection Authority (ANPD) and in compliance with its regulations, and always respecting WHOOP trade or industrial secrets, you have the right to the portability of your Personal Data to another service provider to the extent technically feasible.
Right to deletion: In cases where your data is processed based on your consent, you have the right to request the deletion of such Personal Data, except in cases where WHOOP has the right to retain the data under the LGPD.
Right to information on data recipients: You have the right to obtain information about the public and private entities with which WHOOP has shared your Personal Data.
Right to refuse and revoke consent: Whenever we ask for your consent to process your Personal Data, you have the right to refuse consent. We will always inform you about this right, and about the consequences if you prefer not to provide consent. Furthermore, whenever you consent to the processing of your Personal Data for a specific purpose, you may revoke your consent at any time. In that case, all processing activities carried out up to the date of revocation of consent will be ratified.
Right to petition the ANPD: You have the right to lodge a complaint against WHOOP before the ANPD in relation to your Personal Data.
Right to object to unlawful processing: You have the right to object to any processing activity of your Personal Data that violates the provisions of the LGPD.
Right to review decisions solely based on automated processing: You have the right to request a review of decisions made solely on the basis of automated processing of Personal Data that affect your interests, including decisions intended to define your personal, professional, consumer and credit profile or aspects of your personality.

For more information about these rights, or to submit a request, please email privacy@whoop.com. Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request.

Personal Data of Minors

If you are under the age of 18, please do not attempt to register for the Services or send any Personal Data about yourself to WHOOP. If we learn that we have collected Personal Data from an unauthorized minor, we will promptly delete that information from our platform. If you believe that an unauthorized minor may have provided us Personal Data, please contact us at privacy@whoop.com.

International Transfer of Personal Data

Some of the third parties that have access to your Personal Data may be located in other countries or may process data outside Brazil. The level of data protection in the other country may not be equivalent to the level of protection in Brazil. Where we transfer Personal Data to a country that doesn't provide an adequate level of protection, we’ll only do so under appropriate safeguards to protect your Personal Data.

18. PRIVACY NOTICE FOR INDIA RESIDENTS

If you reside in India, you may have additional rights under applicable data protection laws.

Personal Data we process

The Privacy Policy lists down the description of the Personal Data we collect about you in the “Personal Data We Collect ” section above. We describe the specified purposes for processing such data in the “How We Use Personal Data” section above and the “How We Share Personal Data” section above.

Grievance Redressal

If you have any questions, concerns, complaints or grievances regarding our privacy policies or our processing of Personal Data or in relation to your rights, please write to our Grievance Officer at privacy@whoop.com or at the mailing address below.

Whoop, Inc., Attn: Legal Department, One Kenmore Square, #601 Boston, MA 02215

Information regarding the Grievance Officer may be found here.

We will acknowledge your communication within 60 days of receipt.

In the event we do not address your grievances, you may approach the Data Protection Board of India to make a complaint.

Data Subject Rights

Access: You may access:

A summary of your Personal Data being processed by us along with information on the processing activities undertaken by us with respect to your Personal Data.
Subject to applicable law, the identities of the third parties with whom we have shared your Personal Data along with a description of such Personal Data.
Any other information relating to your Personal Data we may be required to share in accordance with applicable law.

You may submit a request to access your Personal Data by emailing us at privacy@whoop.com. We may be restricted in sharing certain information if your Personal Data has been shared to an entity authorized by law, for law enforcement or investigation purposes, pursuant to a written order.

Correct, complete or update: You may correct inaccurate or misleading Personal Data, complete incomplete Personal Data and update Personal Data by contacting privacy@whoop.com.

Withdraw consent to processing of your Personal Data: Where consent is the basis for our processing of your Personal Data, when you log into your account you may withdraw such consent by emailing privacy@whoop.com and we will, within a reasonable time and subject to applicable law, cease to process your Personal Data. However, you may no longer have access to the Services in the event you withdraw your consent to us processing your Personal Data. Upon withdrawal of your consent to us processing your Personal Data, we will also, unless we are required to retain your Personal Data for compliance with applicable law, erase your Personal Data, but may retain Aggregated Data or De-identified Data derived from or incorporating your Personal Data that does not identify you.

Erase your Personal Data: You may submit a request to erase your Personal Data in our possession, by emailing us at privacy@whoop.com. Upon receipt of such request, unless we are required to retain your Personal Data for compliance with applicable law, we will erase your Personal Data, but we may retain Aggregated Data or De-identified Data derived from or incorporating your Personal Data that does not identify you.

Right to name an agent: You may submit a request to name an agent – an individual who shall, in the event of your death or incapacity, exercise your rights with respect to us processing your Personal Data.

Restricted Countries and Territories

We will not transfer your Personal Data to any country or territory outside India, where such transfer is restricted as per applicable law.

Data Retention

We retain Personal Data for as long as reasonably necessary for the purposes described in this Privacy Policy, or as required by applicable law (e.g., for tax, legal, accounting, or other purposes), whichever is longer.

Your duties

By using our Services, you represent, warrant, and undertake to ensure:

That the Personal Data you provide directly to us (such as when completing your profile) is complete, accurate, consistent and verifiably authentic;
To not impersonate another person while providing Personal Data;
To not register any false or frivolous grievance or complaint with Whoop or the Data Protection Board;
To comply with laws in force when exercising your rights in relation to your Personal Data.

Personal Data of Children

19. PRIVACY NOTICE FOR ISRAEL RESIDENTS

If you are a resident of Israel, you are not obligated by law to provide us with your Personal Data, and any collection of Personal Data is subject to your consent that may be implied from your interaction with us or your use of the Services.

WHOOP Coach & Third-Party AI Technology

As long as you use our Services and as WHOOP requires in light of its legitimate business needs and legal requirements it is subject to, WHOOP may retain the history of your conversations with WHOOP Coach to ensure you continue to have access to previous conversations while using the feature.

Your Choices: Marketing Communications. We will request your consent to send you marketing materials. We will also give you the ability to opt-out of marketing-related emails and other communications by going to our “Data Management” feature available in the WHOOP Privacy Center privacy.whoop.com, or by following the opt-out or unsubscribe instructions contained in the marketing-related message. Please note that emails related to the Services you are provided with by WHOOP will not be considered as Marketing Communications but as Service Related Communications, and therefore shall not be subject to this section.

20. PRIVACY NOTICE FOR JAPAN RESIDENTS

We are providing this supplemental privacy notice to consumers in Japan, pursuant to the Act on the Protection of Personal Information (the “APPI”).

Address and Name of the Representative of the Company: Whoop, Inc. is a company registered in One Kenmore Square, Boston, MA 02215. Information regarding the representative of the company is available here.

Consent. To the extent that Wellness Data that we collect is considered Special Care-Required Personal Information (as defined in the APPT), we ask for your explicit consent to process this data. You can use your account settings and tools to withdraw your consent at any time, including by unpairing your WHOOP Strap, stopping use of a feature, removing our access to a Third-Party service, or deleting your data or your account. In addition, in some cases, such as when you direct us to share it, we process Personal Data based on the consent you expressly grant to us at the time we collect such data. When we process Personal Data based on your consent, you have the right to withdraw it any time in the manner indicated at the time you give consent or in as listed in our Services.

Transfer Outside of Japan

Your Personal Data may be transferred to third parties who may be located outside of Japan. In this regard, we have ensured that the recipient of Personal Data has put in place adequate measures equivalent to those required for a Business Handling Personal Information under the APPI. Information about such third parties located outside Japan (except those located in the European Economic Area)(“Third Parties”) is as follows:

Countries where such Third Parties are located (subject to change due to addition and removal of the Third Parties)
- The United States of America
Information regarding the personal information protection legislation in the above countries
- Please refer to the following additional materials (that may be updated from time to time) that are published in the Japanese language by Japan’s Personal Information Protection Commission at the following websites:
  - USA: https://www.ppc.go.jp/files/pdf/USA_report.pdf

https://www.ppc.go.jp/files/pdf/illinois_report.pdf

https://www.ppc.go.jp/files/pdf/california_report.pdf

https://www.ppc.go.jp/files/pdf/newyork_report.pdf

Information regarding the measures to be taken by the Third Parties
- WHOOP will thoroughly examine the suitability of each Third Party to which personal information is provided in advance, and confirm that appropriate measures have been taken in terms of security and other factors regarding the handling of personal information in such manner as consistent with the privacy principles set forth in the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (i.e., (i) collection limitation principle, (ii) data quality principle, (iii) purpose specification principle, (iv) use limitation principle, (v) security safeguards principle, (vi) openness principle, (vii) individual participation principle, (viii) accountability principle).

Exercising your Rights

To exercise your rights including the right to access, the right to rectification, the right to erasure, the right to request for suspension of use, the right to request for disclosure of records of third party transfers, you can email us at privacy@whoop.com. To verify your identity prior to responding to your requests, we may ask you to confirm information that we have on file about you or your interactions with us. Where we ask for additional Personal Data to verify your identity, we will only use it to verify your identity or your authority to make the request on behalf of another consumer.

21. PRIVACY NOTICE FOR MEXICO RESIDENTS

Controller. Whoop, Inc. located at One Kenmore Square, #601 Boston, MA 02215, privacy@whoop.com will be the controller of your Personal Data processed in connection with the Services.

Personal data we collect. If you are a resident of Mexico, WHOOP will obtain your express written consent to collect and process Wellness Data, which is considered "sensitive personal data", such as resting heart rate, heart rate variability, skin temperature, blood oxygen saturation level and acceleration; metadata on workouts and sleep; the type of physical activity you engage in and the duration of your activity; data reflecting strain and recovery; your physiological profile, including birthday, gender identity, weight, height, fitness/athlete level (e.g., professional or recreational); and details you choose to submit about your diet, medications, and female health tracking. We may use certain of this information to customize your experience with us as part of our Services.

Direct marketing and advertising. With your consent, we may use data from the Personal Data we collect, including wellness data and certain data collected when you browse our website, to send you direct offers, marketing messages, or advertise the Services or other WHOOP product offerings. Processing your Personal Data for the secondary purpose of direct marketing and advertising is not necessary for the existence, maintenance, and compliance of the legal relationship you have with us, and you always have the choice not to receive marketing information. We give you the ability to opt-out of marketing-related emails and other communications by going to our “Data Management” feature available in the WHOOP Privacy Center privacy.whoop.com, or by following the opt-out or unsubscribe instructions contained in the marketing-related message. You cannot opt-out of receiving certain non-marketing emails regarding the Services.

How we share Personal Data. With your consent, we may share your Personal Data with advertising partners that may collect information on our website through Cookies and other automated technologies, including for the interest-based advertising purposes described above. We do not share your Wellness Data with advertising partners.

How you may share Personal Data through the Services. Depending on your use of the Services, you may share Personal Data with:

Other users of the Services, such as through our WHOOP Live or WHOOP Teams features, which allow you to share information and content with other users of the Services, and users are by default searchable by other users;
Third-party social media platforms, or linked accounts, devices, or features, when you choose to connect your account on those services with WHOOP or post content to social media, such as through the WHOOP Live feature;
The Public. When you make Personal Data visible to other users of the Services, including through the WHOOP Live or WHOOP Teams features, it may become publicly available and can be collected, viewed, and used by anyone;
Managing entities. If your use of the Services is on behalf of or managed by a managing entity, such as a coach, team, organizing body, or other entity with which you are affiliated, your account information and Personal Data may be shared with the managing entity subject to your consent, and you hereby consent to that managing entity allowing that information to be publicly shared, subject to any features of the Services that expressly override that control. The managing entity will determine how the relevant information and content is shared; and
Corporate wellness programs. If you use the Services in connection with an employer or organizational corporate wellness program, we may share your information with that organization subject to your consent. Typically, we will share only Aggregated Data with these organizations.

It is noted that any of the transfers referred to above may be national or international.

Data Subject Rights

If you reside in Mexico, you have the following rights.

Right of access: you can request a copy of the Personal Data we hold about you.
Right of rectification: you can request that we correct any inaccuracies in the Personal Data we hold about you and complete any Personal Data where it is incomplete.
Right of cancellation: you can request that the Personal Data we hold about you be cancelled.
Right of opposition: you have a right to oppose the processing of your Personal Data for specific purposes.
Right to withdraw consent: you are entitled to withdraw your consent to that processing at any time. If you withdraw your consent, this will not mean any processing we carried out prior to your withdrawal is invalid.

If you decide to exercise any of these rights, please email us at privacy@whoop.com. We will provide you with the following: (i) documents and information that should accompany the application, including documents to evidence your identity or your representative's capacity; (ii) timeframes to receive a response from us regarding any request; (iii) the means of reproduction we will use to provide you with the requested information.

Available options for you to limit the usage or disclosure of your Personal Data

If you wish to explore the options to limit how we use and disclose your Personal Data so that we do not process your data for a particular purpose, please contact us as described in the section 14.

22. PRIVACY NOTICE FOR QATAR RESIDENTS

Data Subject Rights

If you reside in Qatar, you have the following rights:

right to protection of privacy of your Personal Data;
right to lawful processing of your Personal Data on the basis of consent or a legitimate purpose;
right to withdraw consent in respect of processing of your Personal Data;
right to object to processing in certain circumstances, such as where the processing of your Personal Data is not necessary for or exceeds the purposes for which it has been collected, or where it gives rise to discrimination, unfairness, or violates applicable laws;
right to request erasure or deletion of your Personal Data in certain circumstances;
right to request correction of your Personal Data, provided that such a request is supported with appropriate documentation;
right to be notified of the processing of your Personal Data and the purposes of such processing;
right to be notified of any disclosure of inaccurate Personal Data; and
right to access your Personal Data and obtain a copy of your Personal Data, subject to payment of a fee.

If you reside in Qatar, you also have the right to lodge a complaint with a supervisory authority, in addition to other rights set out in the Privacy Notice. The details of the supervisory authority are as follows:

National Cyber Governance and Assurance Affairs

Email: privacy@ncsa.gov.qa.

Basis of Lawful Processing

WHOOP processes End User Personal Data on the following grounds:

Consent: When you have provided your consent. In the case of sensitive Personal Data, when you have provided your explicit consent to our collection of your Personal Data and we have obtained appropriate authorization to process such sensitive Personal Data from the supervisory authority set out above.
Legitimate interests: When WHOOP has a legitimate business or commercial reason to process your Personal Data, and your interests and your fundamental rights do not override those interests. We have carried out balancing tests for all the data processing we carry out on the basis of our legitimate interests. You can obtain information on any of our balancing tests by contacting us using the details set out later in this notice.
Legal obligation: When we need to comply with a legal or regulatory obligation.

WHOOP may process your Personal Data on more than one ground depending on the reason or grounds for using your Personal Data. Please contact us at privacy@whoop.com if you need details about the specific grounds we are relying on to process your Personal Data.

Sensitive Personal Data

In Qatar, sensitive Personal Data includes data relating to ethnic origin, children, health, physical or mental condition, religious beliefs, marital relationships, and felonies. WHOOP will only collect sensitive Personal Data where this is strictly required for the provision of the Services or where it has another lawful basis to do so. Before collecting or using any sensitive Personal Data, we will only use that information with your explicit consent and after having obtained the permission of the supervisory authority set out above.

Personal Data of Children

WHOOP does not collect Personal Data of children. If you are under the age of 18, please do not attempt to register for the Services or send any Personal Data about yourself to WHOOP. If we learn that we have collected Personal Data from an unauthorized minor, we will promptly delete that information from our platform. If you believe that an unauthorized minor may have provided us with Personal Data, please contact us at privacy@whoop.com.

Security Measures

WHOOP ensures that adequate security measures are implemented to protect your Personal Data against loss, destruction, modification, disclosure, and accidental or unauthorized access to or use of your Personal Data. These measures include industry-standard encryption, regular cybersecurity assessments, continuity and disaster recovery testing, and robust access controls. Please contact us if you want more information on how we protect your Personal Data at privacy@whoop.com.

Transfer of Personal Data

In order to provide the Services, WHOOP will transfer your Personal Data to the United States. WHOOP will ensure that adequate safeguards are implemented if and when we need to transfer Personal Data outside of Qatar so that an adequate degree of protection is afforded to it. Please contact us at privacy@whoop.com if you would like to receive more information on how we transfer and protect your Personal Data outside of Qatar.

23. PRIVACY NOTICE FOR SINGAPORE RESIDENTS

If: (a) you are a Singapore resident; (b) your Personal Data was collected in Singapore ; or (c) the relevant data processing activities are being performed in Singapore by WHOOP, this section is applicable to you. By interacting with us, submitting information to us, or signing up for any Services offered by us, you agree and consent to us collecting, using and/or disclosing your Personal Data in the manner outlined in this Privacy Policy.

Direct marketing and advertising. With your consent, we may use the Personal Data we collect, including Wellness Data and certain data collected when you browse our website, to send you direct offers, marketing messages or advertise the Services or other WHOOP product offerings. If you have registered your telephone number with the National Do Not Call (DNC) Registry, we will not send you such marketing messages via phone calls and text messages, unless you have previously given us consent to contact you for such purposes and such consent has not been withdrawn.

Marketing communications. We give you the ability to withdraw your consent and opt-out of marketing-related emails and other communications by going to our “Data Management” feature available in the WHOOP Privacy Center privacy.whoop.com, or by following the opt-out or unsubscribe instructions contained in the marketing-related message. After opting-out, you may still receive certain non-marketing emails and text messages regarding the Services as permitted under applicable laws and regulations.

Data Subject Rights. You have certain rights with respect to your Personal Data, including:

Access: You can also access certain of your Personal Data by logging into your account or via the “Data Management” feature available in the WHOOP Privacy Center privacy.whoop.com. You can generally also make a request for a copy of your Personal Data which is our possession or under our control and information about the ways in which your Personal Data may have been used or disclosed during the past year. We will respond to your request as soon as reasonably possible, except where applicable laws permit or require us not to do so. Should we not be able to respond to your request within 30 days after receiving your request, we will, within such time, inform you in writing of when we will be able to respond to your request. A reasonable fee may be charged for an access request. If so, we will inform you of the estimated fee before processing your request.
Correction: You may request for the correction of an error or omission in your Personal Data that is in our possession or under our control. Some of your Personal Data may be corrected directly by logging into your account. Save where applicable laws permit or require us not to do so, we will make the correction as soon as practicable and send the corrected Personal Data to every other organisation to which the relevant Personal Data was disclosed by us within a year before the date the correction request was made (unless that other organisation does not need the corrected Personal Data for any legal or business purpose).
Withdrawal of consent. You have the right to withdraw your consent to the collection, use and/or disclosure by us of your Personal Data at any time, save where we are permitted to collect, use and/or disclose your Personal Data without your consent under applicable laws and regulations. In general, we shall seek to process your request within ten (10) business days of receiving it (depending on the complexity of the request and its impact on our relationship with you). Please note, however, that if you exercise this right, you may have to provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize any of our Services. If you do not provide consent, we may not be able to continue to provide our Services to you or fulfil our contractual obligations to you. Your refusal to grant consent may result in the termination of any agreements or arrangements you have with us and you being in breach of your obligations or undertakings under such agreements or arrangements. In the event of such termination or breach, our legal rights and remedies are expressly reserved.

International Transfer of Personal Data

Some of the third parties that have access to your Personal Data may be located outside Singapore or may process your Personal Data outside Singapore. Where we transfer Personal Data outside Singapore, we will take appropriate steps to ensure that the overseas recipient is bound by legally enforceable obligations or specified certifications to provide the transferred Personal Data a standard of protection that is comparable to that under the Personal Data Protection Act 2012 of Singapore.

Data Protection Officer information can be found here.

24. PRIVACY NOTICE FOR SOUTH AFRICA RESIDENTS

Data Subject Rights

If you are a resident of South Africa, you may have additional rights under the Protection of Personal Information Act, 2013 (POPIA) or other data protection legislation, including:

Access. You can request more information about the Personal Data we hold about you and request a copy of such Personal Data. You can also access certain of your Personal Data by logging into your account or via the “Data Management” feature available in the WHOOP Privacy Center privacy.whoop.com.
Rectification. If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. You can also correct some of this information directly by logging into your account.
Erasure. You can request that we erase some or all of your Personal Data from our systems.
Withdrawal of consent. If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Services.
Objection. You can contact us to let us know that you object to the further use or disclosure of your Personal Data for certain purposes, such as for direct marketing purposes.
Restriction of processing. You can ask us to restrict further processing of your Personal Data.
Right to file a complaint. You have the right to lodge a complaint about our practices with respect to your Personal Data with the Information Regulator at the following email address: popiacomplaints@inforegulator.org.za.

Information regarding our South African representative is available here.

Direct marketing and advertising

With your consent, we may use data from the Personal Data we collect, including Wellness Data and certain data collected when you browse our website, to send you direct offers, marketing messages or advertise the Services or other WHOOP product offerings.

Marketing communications

We give you the ability to withdraw your consent and opt-out of marketing-related emails and other communications by going to our “Data Management” feature available in the WHOOP Privacy Center privacy.whoop.com, or by following the opt-out or unsubscribe instructions contained in the marketing-related message. You cannot opt-out of receiving certain non-marketing emails regarding the Services.

Transfer of Personal Data

25. PRIVACY NOTICE FOR SOUTH KOREA RESIDENTS 개인정보처리방침

For Korean data subjects, the Personal Information Protection Act (“PIPA”) of Korea and other laws and/or regulations regarding data privacy in Korea apply.

Legal Basis for Processing

We process your Personal Data pursuant to the following legal bases for the purposes stated in 5. HOW WE USE PERSONAL DATA of this Privacy Policy.

Legal basis on which we rely to process your Personal Data

Your consent (PIPA Article 15(1)(i)) Items of Personal Data we collect: Contract details; profile data; communications; wellness data; conversations; payment and transactional data; marketing data; geolocation data, online activity data

Legal basis on which we rely to process your Personal Data

Necessary to perform a contract with a data subject or to take actions at the request of the data subject in the process of entering into a contract (PIPA Article 15(1)(iv))
Items of Personal Data we collect: Contract details; profile data; communications; wellness data; conversations; payment and transactional data; marketing data; geolocation data, online activity data

Transfer of Personal Data

Notwithstanding “6. HOW WE SHARE PERSONAL DATA” in this Privacy Policy, the following provisions will apply to Korean data subjects.

We collect and process Personal Data in United States.

We share your Personal Data with third parties below.

Cross-Border Transfer (Provision·Outsourcing·Store) to Third Parties

Note: Outsourcing refers to personal data transfers to service providers of WHOOP for the benefit and business purpose of WHOOP consistent with the original purposes for the collection/use of personal data.

You have the right to object to the cross-border transfer of your Personal Data by us as above by submitting a request to privacy@whoop.com, in which case your ability to use the Services will cease.

Transcend

Website: https://privacy.transcend.io/](https://privacy.transcend.io/
Contact: privacy@transcend.io](mailto:privacy@transcend.io
Type of transfer: Outsourcing / Privacy rights data
Countries: United States, Ireland, and Germany, in times of collection, via network
Purpose: Data rights management
Retention period: As long as necessary to fulfill the purposes on the left
Legal basis: PIPA Article 28-8(1)(i), PIPA Article 28-8(1)(iii)

Typeform

Website: https://admin.typeform.com/to/dwk6pt
Contact: https://www.typeform.com/help/contact/
Type of transfer: Outsourcing / Survey data
Countries: United States, in times of collection, via network
Purpose: Survey execution and management
Retention period: As long as necessary to fulfill the purposes on the left
Legal basis: PIPA Article 28-8(1)(i), PIPA Article 28-8(1)(iii)

UserTesting

Website: https://www.usertesting.com/privacy-center/privacy-policy
Contact: privacy@usertesting.com
Type of transfer: Outsourcing / User testing data
Countries: United States, in times of collection, via network
Purpose: User research
Retention period: As long as necessary to fulfill the purposes on the left
Legal basis: PIPA Article 28-8(1)(i)

ZenKraft

Website: https://zenkraft.com/privacy-policy
Contact: support@zenkraft.com
Type of transfer: Outsourcing / Shipping data
Countries: in times of collection, via network
Purpose: Shipping management
Retention period: As long as necessary to fulfill the purposes on the left
Legal basis: PIPA Article 28-8(1)(i), PIPA Article 28-8(1)(iii)

Segment

Website: https://www.twilio.com/en-us/legal/privacy
Contact: datasubjectdeletions@twilio.com
Type of transfer: Outsourcing / Sensor, app, and other data
Countries: United States, in times of collection, via network
Purpose: Facilitate data collection and analysis
Retention period: As long as necessary to fulfill the purposes on the left
Legal basis: PIPA Article 28-8(1)(i), PIPA Article 28-8(1)(iii)

Shopify

Website: https://www.shopify.com/legal/privacy
Contact: privacy@shopify.com
Type of transfer: Outsourcing / Transaction data
Countries: United States, in times of collection, via network
Purpose: E-commerce
Retention period: As long as necessary to fulfill the purposes on the left
Legal basis: PIPA Article 28-8(1)(i), PIPA Article 28-8(1)(iii)

Signifyd

Website: https://www.signifyd.com/privacy/
Contact: privacy@signifyd.com
Type of transfer: Outsourcing / Transaction data
Countries: United States, in times of collection, via network
Purpose: Facilitate e-commerce transactions
Retention period: As long as necessary to fulfill the purposes on the left
Legal basis: PIPA Article 28-8(1)(i), PIPA Article 28-8(1)(iii)

Slack

Website: https://slack.com/trust/privacy/privacy-policy
Contact: privacy@slack.com
Type of transfer: Outsourcing / User data and other data
Countries: United States, in times of collection, via network
Purpose: Internal WHOOP communications
Retention period: As long as necessary to fulfill the purposes on the left
Legal basis: PIPA Article 28-8(1)(i), PIPA Article 28-8(1)(iii)

Snowflake

Website: https://www.snowflake.com/privacy-policy/
Contact: privacy@snowflake.com
Type of transfer: Outsourcing / Sensor, app, and other data
Countries: United States, in times of collection, via network
Purpose: Data warehousing
Retention period: As long as necessary to fulfill the purposes on the left
Legal basis: PIPA Article 28-8(1)(i), PIPA Article 28-8(1)(iii)

Sprout Social

Website: https://sproutsocial.com/privacy-policy/
Contact: privacy@sproutsocial.com
Type of transfer: Outsourcing / Interaction data
Countries: United States, in times of collection, via network
Purpose: Social media management
Retention period: As long as necessary to fulfill the purposes on the left
Legal basis: PIPA Article 28-8(1)(i)

Stream.io

Website: https://getstream.io/legal/privacy/
Contact: privacy@getstream.io
Type of transfer: Outsourcing / Interaction data
Countries: United States, in times of collection, via network
Purpose: Management of community and social interactions
Retention period: As long as necessary to fulfill the purposes on the left
Legal basis: PIPA Article 28-8(1)(i)

Stripe

Website: https://stripe.com/privacy
Contact: dpo@stripe.com
Type of transfer: Outsourcing / Transaction data
Countries: United States, in times of collection, via network
Purpose: Payment processing
Retention period: As long as necessary to fulfill the purposes on the left
Legal basis: PIPA Article 28-8(1)(i), PIPA Article 28-8(1)(iii)

Aircall

Website: https://aircall.io/privacy/
Contact: privacy@aircall.io
Type of transfer: Outsourcing / Call data
Countries: United States, in times of collection, via network
Purpose: Manage WHOOP support line data
Retention period: As long as necessary to fulfill the purposes on the left
Legal basis: PIPA Article 28-8(1)(i), PIPA Article 28-8(1)(iii)

Amazon (AWS)

Website: https://aws.amazon.com/privacy/
Contact: https://aws.amazon.com/contact-us/compliance-support/
Type of transfer: Outsourcing / Sensor, app data, and other data
Countries: United States, in times of collection, via network
Purpose: Cloud storage and data processing
Retention period: As long as necessary to fulfill the purposes on the left
Legal basis: PIPA Article 28-8(1)(i), PIPA Article 28-8(1)(iii)

Amplitude

Website: https://amplitude.com/privacy
Contact: privacy@amplitude.com
Type of transfer: Outsourcing / User interaction data
Countries: United States, in times of collection, via network
Purpose: Analysis of user interactions with webpages and app
Retention period: As long as necessary to fulfill the purposes on the left
Legal basis: PIPA Article 28-8(1)(i), PIPA Article 28-8(1)(iii)

Attentive

Website: https://www.attentive.com/legal/privacy
Contact: privacy@attentive.com
Type of transfer: Outsourcing / User interaction data
Countries: United States, in times of collection, via network
Purpose: Analysis of user interactions with marketing campaigns
Retention period: As long as necessary to fulfill the purposes on the left
Legal basis: PIPA Article 28-8(1)(i)

Bringg

Website: https://www.bringg.com/privacy-policy/
Contact: privacy@bringg.com
Type of transfer: Outsourcing / shipping data
Countries: United States, in times of collection, via network
Purpose: Shipping management data
Retention period: As long as necessary to fulfill the purposes on the left
Legal basis: PIPA Article 28-8(1)(i), PIPA Article 28-8(1)(iii)

Dovetail Research

Website: https://dovetail.com/help/privacy-policy/
Contact: legal@dovetail.com
Type of transfer: Outsourcing / Feedback data
Countries: United States, in times of collection, via network
Purpose: Gather and review customer feedback
Retention period: As long as necessary to fulfill the purposes on the left
Legal basis: PIPA Article 28-8(1)(i), PIPA Article 28-8(1)(iii)

Dremio

Website: https://www.dremio.com/legal/privacy-policy/
Contact: contact@dremio.com
Type of transfer: Outsourcing / Sensor, app, and other data
Countries: United States, in times of collection, via network
Purpose: Enable access and organization of WHOOP data
Retention period: As long as necessary to fulfill the purposes on the left
Legal basis: PIPA Article 28-8(1)(i), PIPA Article 28-8(1)(iii)

Hex Technologies

Website: https://learn.hex.tech/docs/security/privacy-policy
Contact: privacy@hex.tech
Type of transfer: Outsourcing / Sensor, app, and other data
Countries: United States, in times of collection, via network
Purpose: Enable access and use of data by WHOOP
Retention period: As long as necessary to fulfill the purposes on the left
Legal basis: PIPA Article 28-8(1)(i), PIPA Article 28-8(1)(iii)

Hightouch

Website: https://hightouch.com/privacy-policy
Contact: hello@hightouch.com
Type of transfer: Outsourcing / Customer Data
Countries: United States, in times of collection, via network
Purpose: Customer Relations Management
Retention period: As long as necessary to fulfill the purposes on the left
Legal basis: PIPA Article 28-8(1)(i), PIPA Article 28-8(1)(iii)

Intercom

Website: https://www.intercom.com/legal/privacy
Contact: team@intercom.com
Type of transfer: Outsourcing / Interaction data
Countries: United States, in times of collection, via network
Purpose: Gather and analyze data from user interactions in chat support feature
Retention period: As long as necessary to fulfill the purposes on the left
Legal basis: PIPA Article 28-8(1)(i), PIPA Article 28-8(1)(iii)

Iterable

Website: https://iterable.com/trust/privacy-policy/
Contact: privacy@iterable.com
Type of transfer: Outsourcing / Interaction and transaction data
Countries: United States, in times of collection, via network
Purpose: Gather and analyze data from web interactions, app interactions, and other sources
Retention period: As long as necessary to fulfill the purposes on the left
Legal basis: PIPA Article 28-8(1)(i), PIPA Article 28-8(1)(iii)

Klaviyo

Website: https://www.klaviyo.com/legal/privacy/privacy-notice
Contact: privacy@klaviyo.com
Type of transfer: Outsourcing / Interaction and transaction data
Countries: United States, in times of collection, via network
Purpose: Gather and analyze data from WHOOP webpages and ecommerce platform and other sources
Retention period: As long as necessary to fulfill the purposes on the left
Legal basis: PIPA Article 28-8(1)(i), PIPA Article 28-8(1)(iii)

Looker

Website: https://policies.google.com/privacy
Contact: https://support.google.com/policies/contact/general_privacy_form
Type of transfer: Outsourcing / Sensor, app, and other data
Countries: United States, in times of collection, via network
Purpose: Access, analyze and visualize data
Retention period: As long as necessary to fulfill the purposes on the left
Legal basis: PIPA Article 28-8(1)(i), PIPA Article 28-8(1)(iii)

NetSuite

Website: https://www.oracle.com/legal/privacy/
Contact: privacy_kr_grp@oracle.com
Type of transfer: Outsourcing / Enterprise and user data
Countries: United States, in times of collection, via network
Purpose: Enterprise Resource Planning
Retention period: As long as necessary to fulfill the purposes on the left
Legal basis: PIPA Article 28-8(1)(i), PIPA Article 28-8(1)(iii)

Salesforce.com

Website: https://www.salesforce.com/privacy/overview/
Contact: https://www.salesforce.com/form/other/privacy-request/
Type of transfer: Outsourcing / Enterprise and user data
Countries: United States, in times of collection, via network
Purpose: Enterprise data management and analysis
Retention period: As long as necessary to fulfill the purpose on the left
Legal basis: PIPA Article 28-8(1)(i), PIPA Article 28-8(1)(iii)

Periods of Retention of Personal Data

Notwithstanding 11. DATA SECURITY AND RETENTION OF PERSONAL DATA of this Privacy Policy, if required to retain Personal Data pursuant to applicable Korean laws, such as those set out below, we will retain Personal Data for at least the retention periods and purposes prescribed.

Records on contracts or withdrawal of offers and the like: 5 years (as required under the Act on Consumer Protection, etc. in E-commerce)
Records on payment settlement and supply of goods, etc.: 5 years (as required under the Act on Consumer Protection, etc. in E-commerce)
Records on processing of customer disputes and complaints: 3 years (as required under the Act on Consumer Protection, etc. in E-commerce)
Records on access: 3 months (as required under the Communications Secrecy Protection Act)

Destruction of Personal Data

We retain your Personal Data until your request of deletion or account withdrawal and delete it through standard delete functions of WHOOP systems and vendor systems. We may need to retain certain Personal Data in our records as legally permitted, as well as Aggregated Data or De-identified Data derived from or incorporating your Personal Data that does not identify you after you update or delete it.

Rights and Obligations as a Data Subject and How to Exercise Them

If you are under 14, do not use the Service. If we learn that we have collected Personal Data from a child under the age of 14, we will delete that information as quickly as possible. If you believe that a child under the age of 14 may have provided us Personal Data, please contact us at privacy@whoop.com.

Notwithstanding Article 9. YOUR CHOICES above of this Privacy Policy, you and your legal guardian may exercise your rights within the scope recognized under the Korean Personal Information Protection Act, including the right to request access to, correction of and deletion of, and suspension of processing of the Personal Data we hold about you. You and your legal guardian may also exercise your right of withdrawal of consent to processing of Personal Data.

You may exercise your rights by contacting privacy@whoop.comor via the “Data Management” feature available in the WHOOP Privacy Center privacy.whoop.com.

Security Measures Implemented by WHOOP

Notwithstanding Article 11. DATA SECURITY AND RETENTION OF PERSONAL DATA of the Privacy Policy, the following provisions will apply to customers located or residing in the Republic of Korea.

WHOOP implements the following technical, managerial, and physical measures necessary to ensure the security of Personal Data.

Managerial measures: Designation of a DPO, regular training of employees on protection of Personal Data, etc.
Technical measures: Management of the right to access the Personal Data processing system, installation of an access control system, installation of security programs, etc.
Physical measures: Restriction on access to Personal Data storage mediums such as the computer room and data storage room, etc.

DPO or Department Responsible for Privacy Inquiries

You can reach the respective Data Protection Officers as follows:

Legal Department of WHOOP: privacy@whoop.com

Amendment of this Policy

See past privacy policies.

28 March 2024

26. PRIVACY NOTICE FOR TAIWAN RESIDENTS

How We Share Personal Data

Personal Data that we collect may be stored, processed in, or transferred between parties located outside your jurisdiction, including the United States, Germany, Japan, United Kingdom, France, Canada, and India. We take reasonable steps to ensure that the parties responsible for the storage of Personal Data on overseas servers adhere to this Privacy Policy.

The duration for which the Personal Data is to be used, stored, processed, transferred, and engaged in any other acts as set forth in this Privacy Policy is the entire duration required by applicable laws, or necessary for the purposes provided herein, including but not limited to Sections 5 or 6, or pursuant to your authorization and purposes as listed in Section 7.

The methods of which the Personal Data is to be used, stored, processed, transferred, and engaged in any other acts as set forth in this Privacy Policy include but not limited in writing, through electronic document, telephone, facsimile, or other automated or non-automated means.

Your Choices

Access, update, or delete. In addition to the right to request access to or a full deletion of your account and corresponding data, you may request a copy of Personal Data and that WHOOP ceases processing or use of Personal Data by contacting privacy@whoop.com or via the “Data Management” feature available in the WHOOP Privacy Center privacy.whoop.com.

In addition to your choices as set forth in Section 9 above and relevant rights to opt-out in accordance with Section 4, above you are entitled to exercise the following rights under Personal Data Protection Act of Taiwan, unless otherwise provided by the laws or if it is necessary for Whoop and the categories of entities as listed in Section 6 to provide services:

the right to make an inquiry of and to review my Personal Data
the right to request a copy of my Personal Data.
the right to supplement or correct my Personal Data
the right to demand the cessation of the collection, processing or use of my Personal Data
the right to have my Personal Data deleted

You are entitled to exercise any of the aforementioned rights from time to time at your discretion, however, please be advised that the provision of relevant services would therefore be precluded in circumstances where the necessary and accurate Personal Data is not available for Whoop and the entities as listed herein.

You fully understand that this Policy is consistent with the requirements of Personal Data Protection Act and other relevant legislation in Taiwan, and that your acts in using any of Whoop’s services, registering for or participating in any of Whoop’s activities, whether online or offline, via Whoop’s applications, software, website, platform, center, or other access means, or providing Personal Data for any other transactions between Whoop and you, constitutes your consent for Whoop to collect, process, use, transfer, and otherwise engage your Personal Data as set forth in this Policy.

27. DEFINITIONS

We use some specifically defined terms in our Privacy Policy and when we communicate about our Privacy Policy. We want to be clear on how the terms we use are defined to help you better understand our policies.

Aggregated Data: Aggregated Data is data that has undergone a process whereby raw data is gathered and expressed in a summary form for statistical analysis. Raw data can be aggregated over a given time period, across individuals, or both, to provide statistics such as average, minimum, maximum, sum, and count. After the data is aggregated analysis can be performed to gain insights about particular data sets. When data is aggregated across a number of individuals, the resulting aggregation is considered anonymized such that it is no longer Personal Data. See our Privacy Policy here for more information on how we use Aggregated Data.

Cookies: Cookies are small files which are stored on a user’s computer. They are designed to hold a modest amount of data specific to a particular user and website and can be accessed either by the web server or the user computer. This allows the server to deliver a page tailored to a particular user, or the page itself can contain some script which is aware of the data in the cookie and is therefore able to carry information from one visit to the website (or related site) to the next. See our Privacy Policy here to learn about cookies and how they are used on our websites.

De-Identified Data: De-Identified Data is data where all the personally identifiable information has been removed, rendering the data anonymous by stripping out information that would allow an individual’s identity to be determined from the remaining data. Data is “de-identified” to protect the privacy and identity of individuals associated with the data. De-identified Data is no longer Personal Data. See our Privacy Policy here for more information on how we use De-identified Data.

WHOOP Coach: The WHOOP Coach is an advanced generative AI feature that helps members understand and make progress to their goals, deciphers WHOOP concepts, and provides educational guidance, and integrates with the rest of the WHOOP experience.

WHOOP Strap: Your WHOOP Strap is a wearable sensor that, when used in connection with the Services, collects certain types of Personal Data.

WHOOP, INCFULL PRIVACY POLICY

WHOOP, INC
FULL PRIVACY POLICY