At Whoop, Inc. (“WHOOP,” “us,” “we,” or “our”), our mission is to unlock human performance. We exist to improve your life, not invade it. We believe this should be the standard for all companies providing wearable devices. We take your privacy seriously and want you to understand how we use, collect, and share Personal Data, and the measures we take to protect your Personal Data.
We have provided supplemental notices below for residents of California and individuals located in the European Economic Area, the United Kingdom, and Switzerland (collectively “Europe” or “European”).
We collect Personal Data about you from:
We may collect the following types of Personal Data:
Cookie Usage and Type. WHOOP uses the following Cookies:
Online tracking opt-outs.There are a number of ways you can opt-out of certain interest-based advertising and other online tracking activities, which we have summarized below.
Please note that some opt-out features are Cookie-based, meaning that when you use these opt-out features, an “opt-out” Cookie will be placed on your computer or other device indicating that you do not want to receive interest-based advertising from certain companies. If you delete your Cookies, use a different browser, or use a different device, you will need to renew your opt-out choice.
Opting-out of interest-based advertising does not mean that you will no longer receive online ads. It only means that such ads will no longer be tailored to your specific viewing habits or interests. You may continue to see ads on and about the Service.
We process Personal Data to operate, improve, understand, and personalize our Services. We use Personal Data for the following purposes:
Service delivery, including to:
Research and development. We may create and use Aggregated Data, De-identified Data or other anonymous data from Personal Data we collect, including Wellness Data, for our business purpose, including to analyze the effectiveness of the Services, to improve and add features to the Services, and to analyze the general behavior and characteristics of users of the Services. We also use anonymous Wellness Data for research purposes to help us and our research partners answer important questions about human performance and create an even-better experience for our members by identifying cutting-edge insights and providing new content and product features.
Direct marketing and advertising. We may use data from the Personal Data we collect, including Wellness Data and certain data collected when you browse our website, to send you direct offers marketing messages or advertise the Services or other WHOOP product offerings
Compliance and protection, including to:
We may share your Personal Data with:
Depending on your use of the Services, you may share Personal Data with:
Access, update, or delete. When you log in to your account, you may access, and, in some cases, edit or delete certain information you’ve provided to us, such as first and last name, username and password, email and mailing address, and other information in your profile. When you update information, however, we may maintain a copy of the unrevised information in our records. You may request access to or a full deletion of your account and corresponding data by contacting support.whoop.com or via the “Data Management” feature available in the WHOOP Privacy Center. You will be asked to complete a verification form in connection with such access or deletion request in order to ensure that you have the authority to access or delete your account. We may need to retain certain Personal Data in our records, as well as Aggregated Data or De-identified Data derived from or incorporating your Personal Data that does not identify you after you update or delete it.
Privacy settings. You can change certain privacy settings, such as whether you are searchable on WHOOP by your name or username, if you scroll down to Settings, located on the Main Menu page of the WHOOP mobile application, and select “Privacy,” where you can choose to make yourself private or searchable.
Push notifications and device permissions. Access, update, or delete. When you log in to your account, you may access, and, in some cases, edit or delete certain information you’ve provided to us, such as first and last name, username and password, email and mailing address, and other information in your profile. When you update information, however, we may maintain a copy of the unrevised information in our records. You may request access to or a full deletion of your account and corresponding data by contactingemailing support.whoop.com or via the “Data Management” feature available in the WHOOP Privacy Center. You will be asked to complete a verification form in connection with such access or deletion request in order to ensure that you have the authority to access or delete your account. We may need to retain certain Personal Data in our records, as well as Aggregated Data or De-identified Data derived from or incorporating your Personal Data that does not identify you after you update or delete it.
Geolocation data. You may allow or disallow WHOOP to collect geolocation data by enabling or disabling location services on your mobile device. If you decline to grant WHOOP access to this data, we will not be able to provide certain Services, capabilities, or features to you.
Wellness Data. You can disable collection of additional Wellness Data by un-pairing your WHOOP device from your mobile device.
WHOOP Teams. If you have joined a WHOOP Team, you may stop the sharing of your Personal Data with the members of the WHOOP Team at any time by accessing your WHOOP mobile application, navigating to the Team view, opening the menu from the Description page, and selecting Leave Team.
Marketing communications. We give you the ability to opt-out of marketing-related emails and other communications by going to our “Data Management” feature available in the WHOOP Privacy Center, or by following the opt-out or unsubscribe instructions contained in the marketing-related message. You cannot opt-out of receiving certain non-marketing emails regarding the Service.
Online tracking opt-outs. There are a number of ways you can opt-out of certain interest-based advertising and other online tracking activities, which we summarize in the “Online tracking opt-outs” section above.
Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to online services. The Services do not currently support “Do Not Track” requests or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
The Services may contain links to websites and other online services operated by Third Parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any Third Party. We do not control mobile applications, websites or online services offered or operated by Third Parties, and we are not responsible for their actions. You can learn about and control how these Third Parties use and share Personal Data about you, including with WHOOP, by reviewing their privacy notices and exercising the privacy choices the Third Party may offer.
We employ a number of physical, technical, organizational, and administrative security measures designed to protect the Personal Data we collect. While we endeavor to protect the privacy of your account and other Personal Data we hold in our records, no security measures are failsafe, and we cannot guarantee the security of your Personal Data.
If you are under 13, or 16 where applicable, please do not attempt to register for the Services or send any Personal Data about yourself to us. If we learn that we have collected Personal Data from a child under age 13, or 16 where applicable, we will delete that information as quickly as possible. If you believe that a child under 13, or 16 where applicable, may have provided us Personal Data, please contact us at firstname.lastname@example.org.
If you have any questions or concerns regarding our privacy policies, please send us a detailed message to email@example.com or at the mailing address below.
Attn: Legal Department
1325 Boylston Street, Suite 401
Boston, MA 02215
We are providing this supplemental privacy notice to consumers in California, pursuant to the California Consumer Privacy Act of 2018 (the “CCPA”).
California Privacy Rights. If you are a California resident, you have the following rights:
Please note that the CCPA limits these rights by, for example, prohibiting businesses from providing certain sensitive information in response to an access request and limiting the circumstances in which they must comply with a deletion request.
You are entitled to exercise the rights described above free from discrimination.
Exercising your rights. To exercise these rights, you can submit requests as follows:
If you are a resident of the European Economic Area, the United Kingdom, or Switzerland (collectively, “Europe”), you may have additional rights under the General Data Protection Regulation (the “GDPR”) or other European data protection legislation.
Controller and European Representatives. WHOOP, Inc. will be the controller of your Personal Data processed in connection with the Services. Our contact information is as follows:
Attn: Data Protection Officer
1325 Boylston Street, Suite 401
Boston, MA 02215
Our EU representative is:
70 Sir John Rogerson’s Quay
Dublin, D02 R296, Ireland
Our UK representative is:
DP Data Protection Services UK Ltd.
Attn: Whoop, Inc.
16 Great Queen Street, Covent Garden,
5AH, United Kingdom
You may contact any one of the above representatives at: firstname.lastname@example.org
Legal bases for processing. The “How We Use Personal Data” section above explains how we use your Personal Data. We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity and our “legitimate interests” or the legitimate interest of others but will depend on the type of Personal Data and the specific context in which we process it. However, the legal bases we typically rely on for each category of processing activity are set out below.
Retention. To determine the appropriate retention period for your Personal Data, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Data subject rights. You have certain rights with respect to your Personal Data, including:
For more information about these rights, or to submit a request, please email email@example.com or firstname.lastname@example.org. Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request.
Processing of Personal Data in the United States. To provide the Services, we will process your Personal Data in the United States, where WHOOP is based. If such processing involves the transfer of Personal Data to the U.S. in a manner governed by European data protection law, the transfer will be performed pursuant to the applicable requirements of the law, such as standard contractual clauses, the individual’s consent, or other circumstances permitted by European data protection law.
Privacy Shield Certification. WHOOP certified to the EU-U.S. Privacy Shield Framework set forth by the U.S. Department of Commerce regarding the collection and use of Personal Data transferred from the EU to the U.S. For more information about the Privacy Shield Program, and to view our certification, please visit www.privacyshield.gov.
Although WHOOP no longer relies on the Privacy Shield Framework to facilitate cross-border data transfers, WHOOP remains committed to the Privacy Shield Principles of (1) notice, (2) consent, (3) accountability for onward transfer, (4) security, (5) data integrity and purpose limitation, (6) access, and (7) recourse, enforcement, and liability with respect to all Personal Data received from within the EU in reliance on the Privacy Shield before it was invalidated. The Privacy Shield Principles require that we remain potentially liable if any Third-Party processing Personal Data on our behalf fails to comply with these Privacy Shield Principles (except to the extent we are not responsible for the event giving rise to any alleged damage). Our compliance with the Privacy Shield is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
Please contact us at email@example.com with any questions or concerns relating to our Privacy Shield Certification. If you do not receive timely acknowledgment of your Privacy Shield-related complaint from us, or if we have not resolved your complaint, you may also resolve a Privacy Shield-related complaint through JAMS, an alternative dispute resolution provider located in the United States. You can visit https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim for more information or to file a complaint, at no cost to you. Under certain conditions, you may also be entitled to invoke binding arbitration for complaints not resolved by other means.
If you have any questions about this section or our data practices generally, please contact us at firstname.lastname@example.org or using the contact information above.
WHOOP, we, us, our
Services means, collectively, our websites and mobile apps, any software embedded within the WHOOP Strap, and any features, content, or applications offered, from time to time, by WHOOP in connection therewith.
Your WHOOP Strap is a wearable sensor that, when used in connection with the Services, collects certain types of Personal Data.
WHOOP, we, us, our
The terms “WHOOP,” “we,” “us,” or “our” mean Whoop, Inc. and each of its wholly owned subsidiaries.