WHOOP, INC
Privacy Principles

At WHOOP, our mission is to unlock human performance. We exist to improve your life, not invade it. We believe this should be the standard for all companies providing wearable devices.

We take your privacy seriously and want you to understand how we use, collect and share personal data, and the measures we take to protect your personal data. We have invested heavily, and will continue to invest, in features and security to protect the privacy and security of your personal data. We continually evaluate our privacy practices to align them with applicable privacy laws including the California Consumer Privacy Act (“CCPA”) and the General Data Protection Regulation (“GDPR”). You can find more detailed information about ways in which we use, collect, and share personal data in our full Privacy Policy.

1. WHOOP MEMBERS CONTROL THEIR PERSONAL DATA

We believe you should be in control of your personal data. Consistent with this belief:

  • We will delete your personal data if you ask us to, including if asked when you cancel your membership.
  • We will provide you with access to your personal data if you ask us to, including if asked when you cancel your membership.
  • Our Privacy Policy describes how we share personal data. We will otherwise share your personal data with others only if you ask us to. For example, we would share it with an organization managing a corporate wellness program if you specifically authorized us to do so.
2. WHOOP EMPLOYEES ONLY ACCESS MEMBER PERSONAL DATA WHEN REQUIRED TO PROVIDE SERVICES AND SUPPORT

We prioritize the accountability and the security of your personal data. Our policy is that a member’s personal data is not to be accessed or shared by anyone at WHOOP without an explicit need to do so. Consistent with these priorities and our policy:

  • WHOOP membership services representatives, management team members, data scientists and technical team members are not permitted to access your personal data without a legitimate business need.
  • We maintain a log that tells us who has accessed member personal data and when.
  • We actively evaluate data access logs and investigate any anomalies for data access.
3. WHOOP DOES NOT SELL MEMBER PERSONAL DATA

Our business model is to provide highly valuable product experiences and services to our members in exchange for membership fees. As such, we never sell our members’ personal data. This is our promise. Because of how broadly the CCPA defines “sale,” we want to be clear that we use third party cookies and other tracking technologies.

4. WHOOP USES ONLY AGGREGATED OR DE-IDENTIFIED WELLNESS DATA TO BETTER UNDERSTAND HUMAN PERFORMANCE

Our members provide us with an unprecedented amount of accurate physiological data that is collected by their WHOOP strap. This information includes heart rate, heart rate variability, sleep duration, respiratory rate, skin temperature, blood oxygen saturation level, data such as the type of activity engaged in and the duration of physical activity, and any additional information members chose to enter when using WHOOP services (collectively, “wellness data”).We use aggregated or de-identified wellness data that no longer identifies a particular individual (and is thus no longer personal data) to help answer important questions about human performance and further explore what it means to be optimal. We believe we have a responsibility to create an ever-better experience for our members by identifying and sharing cutting edge insights. We will always look to provide new content and product features, improve and customize our services (including determining and reporting on trends, sleep, strain, and recovery), and develop thought leadership in the area of human performance. We hope your experience with WHOOP will improve over time as our membership base grows and we continue with our mission to unlock human performance.

5. WHOOP BELIEVES THAT THIRD PARTIES SHOULD BE PREVENTED FROM INVADING OUR MEMBERS’ LIVES BY ACCESSING THEIR WHOOP DATA.

Like all other companies, WHOOP may from time to time receive requests for member data from third parties, like governmental entities (including law enforcement) and private parties engaged in civil litigation. Here are the key principles we stand by when evaluating these requests:

  • WHOOP will never voluntarily disclose member data in response to a request by a governmental entity or civil litigant.
  • WHOOP will never provide any governmental entity or civil litigant with direct access to our members data.
  • WHOOP will never provide copies of member data held by WHOOP to any governmental entity or civil litigant without a valid, narrowly tailored, and legally-binding request (e.g., subpoena, warrant or court order).
  • If WHOOP receives a request for a members data, we will provide notice to the member by sending an email to the email address we have on file for that member.
  • WHOOP is prepared to fight to protect our members privacy in court if necessary. We will reject, challenge or object to any data access request from a governmental entity or civil litigant that we believe is invalid, overly broad, unclear or otherwise inappropriate.

If you are concerned about the privacy of your WHOOP data, you can delete it at any time by exercising our self-serve options, either in the WHOOP app or navigating to the data management section of whoop.com.We know privacy and security are important to you. We are committed to making WHOOP the best tool to monitor and understand the body. We will continue to be transparent about our privacy and security practices as we grow alongside our membership.

For more information about how these principles apply to WHOOP Coach, please read here.