At Whoop, Inc. (“WHOOP,” “us,” “we,” or “our”), our mission is to unlock human performance. We exist to improve your life, not invade it. We believe this should be the standard for all companies providing wearable devices. We take your privacy seriously and want you to understand how we use, collect, and share Personal Data, and the measures we take to protect your Personal Data.
This Privacy Policy applies to Personal Data we collect about members and other consumers who interact with Whoop or use our services, including by visiting our websites or our social media pages, or using our mobile apps, the WHOOP Strap or another WHOOP device (collectively, the “Services”). This Privacy Policy does not cover the practices of companies that we do not own or control, or people that we do not manage. We are not responsible for the policies and practices of any third parties, and we do not control, operate, or endorse any information, products, or services that may be offered by third parties or accessible on or through the Services.
We have provided supplemental notices below for residents of California and individuals located in the European Economic Area, the United Kingdom, and Switzerland (collectively “Europe” or “European”).
We collect Personal Data about you from:
We may collect the following types of Personal Data:
WHOOP uses cookies and similar technologies such as pixel tags, web beacons, clear GIFs, and JavaScript (collectively, “Cookies”) to enable our servers to recognize your web browser and tell us how and when you visit and use our Services, as well as to analyze trends, learn about our user base, and operate and improve our Services. Cookies are small pieces of data – usually text files – placed on your computer, tablet, phone, or similar device when you use that device to visit our Services. We may also supplement the information we collect from you with information received from third parties, including third parties that have placed their own Cookies on your device(s).
Cookie Usage and Type. WHOOP uses the following Cookies:
Online tracking opt-outs.There are a number of ways you can opt-out of certain interest-based advertising and other online tracking activities, which we have summarized below.
Please note that some opt-out features are Cookie-based, meaning that when you use these opt-out features, an “opt-out” Cookie will be placed on your computer or other device indicating that you do not want to receive interest-based advertising from certain companies. If you delete your Cookies, use a different browser, or use a different device, you will need to renew your opt-out choice.
Opting-out of interest-based advertising does not mean that you will no longer receive online ads. It only means that such ads will no longer be tailored to your specific viewing habits or interests. You may continue to see ads on and about the Service.
We process Personal Data to operate, improve, understand, and personalize our Services. We use Personal Data for the following purposes:
Service delivery, including to:
Research and development. We may create and use Aggregated Data, De-identified Data or other anonymous data from Personal Data we collect, including Wellness Data, for our business purpose, including to analyze the effectiveness of the Services, to improve and add features to the Services, and to analyze the general behavior and characteristics of users of the Services. We also use anonymous Wellness Data for research purposes to help us and our research partners answer important questions about human performance and create an even-better experience for our members by identifying cutting-edge insights and providing new content and product features.
Direct marketing and advertising. We may use data from the Personal Data we collect, including Wellness Data and certain data collected when you browse our website, to send you direct offers marketing messages or advertise the Services or other WHOOP product offerings
Compliance and protection, including to:
We may share your Personal Data with:
Depending on your use of the Services, you may share Personal Data with:
Access, update, or delete. When you log in to your account, you may access, and, in some cases, edit or delete certain information you’ve provided to us, such as first and last name, username and password, email and mailing address, and other information in your profile. When you update information, however, we may maintain a copy of the unrevised information in our records. You may request access to or a full deletion of your account and corresponding data by contacting support.whoop.com or via the “Data Management” feature available in the WHOOP Privacy Center. You will be asked to complete a verification form in connection with such access or deletion request in order to ensure that you have the authority to access or delete your account. We may need to retain certain Personal Data in our records, as well as Aggregated Data or De-identified Data derived from or incorporating your Personal Data that does not identify you after you update or delete it.
Privacy settings. You can change certain privacy settings, such as whether you are searchable on WHOOP by your name or username, if you scroll down to Settings, located on the Main Menu page of the WHOOP mobile application, and select “Privacy,” where you can choose to make yourself private or searchable.
Push notifications and device permissions. Access, update, or delete. When you log in to your account, you may access, and, in some cases, edit or delete certain information you’ve provided to us, such as first and last name, username and password, email and mailing address, and other information in your profile. When you update information, however, we may maintain a copy of the unrevised information in our records. You may request access to or a full deletion of your account and corresponding data by contactingemailing support.whoop.com or via the “Data Management” feature available in the WHOOP Privacy Center. You will be asked to complete a verification form in connection with such access or deletion request in order to ensure that you have the authority to access or delete your account. We may need to retain certain Personal Data in our records, as well as Aggregated Data or De-identified Data derived from or incorporating your Personal Data that does not identify you after you update or delete it.
Geolocation data. You may allow or disallow WHOOP to collect geolocation data by enabling or disabling location services on your mobile device. If you decline to grant WHOOP access to this data, we will not be able to provide certain Services, capabilities, or features to you.
Wellness Data. You can disable collection of additional Wellness Data by un-pairing your WHOOP device from your mobile device.
WHOOP Teams. If you have joined a WHOOP Team, you may stop the sharing of your Personal Data with the members of the WHOOP Team at any time by accessing your WHOOP mobile application, navigating to the Team view, opening the menu from the Description page, and selecting Leave Team.
Marketing communications. We give you the ability to opt-out of marketing-related emails and other communications by going to our “Data Management” feature available in the WHOOP Privacy Center, or by following the opt-out or unsubscribe instructions contained in the marketing-related message. You cannot opt-out of receiving certain non-marketing emails regarding the Service.
Online tracking opt-outs. There are a number of ways you can opt-out of certain interest-based advertising and other online tracking activities, which we summarize in the “Online tracking opt-outs” section above.
Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to online services. The Services do not currently support “Do Not Track” requests or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
The Services may contain links to websites and other online services operated by Third Parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any Third Party. We do not control mobile applications, websites or online services offered or operated by Third Parties, and we are not responsible for their actions. You can learn about and control how these Third Parties use and share Personal Data about you, including with WHOOP, by reviewing their privacy notices and exercising the privacy choices the Third Party may offer.
We employ a number of physical, technical, organizational, and administrative security measures designed to protect the Personal Data we collect. While we endeavor to protect the privacy of your account and other Personal Data we hold in our records, no security measures are failsafe, and we cannot guarantee the security of your Personal Data.
We retain Personal Data for as long as reasonably necessary for the purposes described in this Privacy Policy, while we have a business need to do so, or as required by law (e.g., for tax, legal, accounting, or other purposes), whichever is longer.
If you are under 13, or 16 where applicable, please do not attempt to register for the Services or send any Personal Data about yourself to us. If we learn that we have collected Personal Data from a child under age 13, or 16 where applicable, we will delete that information as quickly as possible. If you believe that a child under 13, or 16 where applicable, may have provided us Personal Data, please contact us at privacy@whoop.com.
We are constantly trying to improve our Services, so we may need to change this Privacy Policy from time to time. We will alert you to changes by placing a notice on the WHOOP website, by sending you an email, and/or by some other means. If you use the Services after any changes to the Privacy Policy have been posted, that means you agree to all of the changes.
If you have any questions or concerns regarding our privacy policies, please send us a detailed message to privacy@whoop.com or at the mailing address below.
Whoop, Inc.
Attn: Legal Department
1325 Boylston Street, Suite 401
Boston, MA 02215
We are providing this supplemental privacy notice to consumers in California, pursuant to the California Consumer Privacy Act of 2018 (the “CCPA”).
We do not sell Personal Data. As we explain in this Privacy Policy, we use Cookies and other tracking technologies to analyze website and application traffic and use, and to facilitate advertising. To limit use of Cookies and other tracking technologies, please review the instructions provided in the “Online tracking opt-outs” section. You may also direct us to share your data, as described in the “How You Share Personal Data Through WHOOP” section of the Privacy Policy.
California Privacy Rights. If you are a California resident, you have the following rights:
Please note that the CCPA limits these rights by, for example, prohibiting businesses from providing certain sensitive information in response to an access request and limiting the circumstances in which they must comply with a deletion request.
You are entitled to exercise the rights described above free from discrimination.
Exercising your rights. To exercise these rights, you can submit requests as follows:
If you are a resident of the European Economic Area, the United Kingdom, or Switzerland (collectively, “Europe”), you may have additional rights under the General Data Protection Regulation (the “GDPR”) or other European data protection legislation.
Controller and European Representatives. WHOOP, Inc. will be the controller of your Personal Data processed in connection with the Services. Our contact information is as follows:
Whoop, Inc.
Attn: Data Protection Officer
1325 Boylston Street, Suite 401
Boston, MA 02215
privacy@whoop.com
Our EU representative is:
70 Sir John Rogerson’s Quay
Dublin 2
Dublin, D02 R296, Ireland
Our UK representative is:
DP Data Protection Services UK Ltd.
Attn: Whoop, Inc.
16 Great Queen Street, Covent Garden,
London, WC2B
5AH, United Kingdom
You may contact any one of the above representatives at: whoop@gdpr-rep.com
Legal bases for processing. The “How We Use Personal Data” section above explains how we use your Personal Data. We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity and our “legitimate interests” or the legitimate interest of others but will depend on the type of Personal Data and the specific context in which we process it. However, the legal bases we typically rely on for each category of processing activity are set out below.
We may use your Personal Data for reasons not described in this Privacy Policy where permitted by law and where the reason is compatible with the purpose for which we collected it. If we need to use your Personal Data for an unrelated purpose, we will notify you and explain the applicable legal basis.
Retention. To determine the appropriate retention period for your Personal Data, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Data subject rights. You have certain rights with respect to your Personal Data, including:
For more information about these rights, or to submit a request, please email whoop@gdpr-rep.com or privacy@whoop.com. Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request.
Processing of Personal Data in the United States. To provide the Services, we will process your Personal Data in the United States, where WHOOP is based. If such processing involves the transfer of Personal Data to the U.S. in a manner governed by European data protection law, the transfer will be performed pursuant to the applicable requirements of the law, such as standard contractual clauses, the individual’s consent, or other circumstances permitted by European data protection law.
Privacy Shield Certification. WHOOP certified to the EU-U.S. Privacy Shield Framework set forth by the U.S. Department of Commerce regarding the collection and use of Personal Data transferred from the EU to the U.S. For more information about the Privacy Shield Program, and to view our certification, please visit www.privacyshield.gov.
Although WHOOP no longer relies on the Privacy Shield Framework to facilitate cross-border data transfers, WHOOP remains committed to the Privacy Shield Principles of (1) notice, (2) consent, (3) accountability for onward transfer, (4) security, (5) data integrity and purpose limitation, (6) access, and (7) recourse, enforcement, and liability with respect to all Personal Data received from within the EU in reliance on the Privacy Shield before it was invalidated. The Privacy Shield Principles require that we remain potentially liable if any Third-Party processing Personal Data on our behalf fails to comply with these Privacy Shield Principles (except to the extent we are not responsible for the event giving rise to any alleged damage). Our compliance with the Privacy Shield is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
Please contact us at privacy@whoop.com with any questions or concerns relating to our Privacy Shield Certification. If you do not receive timely acknowledgment of your Privacy Shield-related complaint from us, or if we have not resolved your complaint, you may also resolve a Privacy Shield-related complaint through JAMS, an alternative dispute resolution provider located in the United States. You can visit https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim for more information or to file a complaint, at no cost to you. Under certain conditions, you may also be entitled to invoke binding arbitration for complaints not resolved by other means.
If you have any questions about this section or our data practices generally, please contact us at privacy@whoop.com or using the contact information above.
We use some specifically defined terms in our Privacy Policy and when we communicate about our Privacy Policy. We want to be clear on how the terms we use are defined to help you better understand our policies.
Aggregated Data
CCPA
Cookies
De-Identified Data
GDPR
IP Address
Personal Data
Services
Third Parties
WHOOP Strap
WHOOP, we, us, our
Wellness Data
Aggregated Data
Aggregated Data is data that has undergone a process whereby raw data is gathered and expressed in a summary form for statistical analysis. Raw data can be aggregated over a given time period, across individuals, or both, to provide statistics such as average, minimum, maximum, sum, and count. After the data is aggregated analysis can be performed to gain insights about particular data sets. When data is aggregated across a number of individuals, the resulting aggregation is considered anonymized such that it is no longer Personal Data. See our Privacy Policy here for more information on how we use Aggregated Data.
CCPA
The California Consumer Privacy Act, or CCPA, is a state law that provides California consumers with robust data privacy rights. These rights include the right to know, the right to delete, and the right to opt-out of “sale” of personal information that businesses collect, as well as additional protections for minors. A “sale” under the CCPA is defined as “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or to a third party for monetary or other valuable consideration.” See our Privacy Policy here for more details on the information we may share with others.
Cookies
Cookies are small files which are stored on a user’s computer. They are designed to hold a modest amount of data specific to a particular user and website, and can be accessed either by the web server or the user computer. This allows the server to deliver a page tailored to a particular user, or the page itself can contain some script which is aware of the data in the cookie and is therefore able to carry information from one visit to the website (or related site) to the next. See our Privacy Policy here to learn about cookies and how they are used on our websites.
De-Identified Data
De-Identified Data is data where all the personally identifiable information has been removed, rendering the data anonymous by stripping out information that would allow an individual’s identity to be determined from the remaining data. Data is “de-identified” to protect the privacy and identity of individuals associated with the data. De-identified Data is no longer Personal Data. See our Privacy Policy here for more information on how we use De-identified Data.
GDPR
The General Data Protection Regulation, or GDPR, is a data privacy and security regulation under European law that sets guidelines for the collection and processing of personal information from individuals who live in the European Economic Area, Switzerland and United Kingdom (collectively, “Europe” or “European”). The GDPR provides data protection rights to European residents and applies to any organization that offers goods or services to individuals in Europe, even if that organization is not based in Europe. See our Privacy Policy here for more information on the data rights available to European residents.
IP Address
An IP Address is a unique address that identifies a device on the internet or a local network. It allows a system to be recognized by other systems connected via the internet protocol. An IP Address may be considered Personal Data and is at times used by advertisers to serve interest-based ads. See our Privacy Policy here for details on how we share Personal Data.
Personal Data
Personal Data is any data that identifies or relates to you as a particular individual, including information referred to as “personally identifiable information” or “personal information” under applicable data privacy laws, rules, or regulations. See our Privacy Policy here for an outline of the ways in which we use, collect, and share Personal Data.
Services
Services means, collectively, our websites and mobile apps, any software embedded within the WHOOP Strap, and any features, content, or applications offered, from time to time, by WHOOP in connection therewith.
Third Parties
Third Parties in the context of the relationship between WHOOP, WHOOP Members (our end users), and third parties are entities or businesses involved in an arrangement, contract, deal, or transaction but are not one of the principals (i.e., WHOOP or WHOOP Members). We use Third Parties to enable us to do business with our members, such as charging for transactions or storing data. Third Parties also include advertisers that serve interest-based ads to visitors to our website. See our Privacy Policy here for more information on the Third Parties that do business with WHOOP.
WHOOP Strap
Your WHOOP Strap is a wearable sensor that, when used in connection with the Services, collects certain types of Personal Data.
WHOOP, we, us, our
The terms “WHOOP,” “we,” “us,” or “our” mean Whoop, Inc. and each of its wholly owned subsidiaries.
Wellness Data
Wellness Data is (a) data collected by your WHOOP Strap and sent to the WHOOP platform, including your heart rate, heart rate variability, sleep duration, respiratory rate, skin temperature, blood oxygen saturation level, and data such as the type of activity you engage in and the duration of your physical activity; and (b) any additional information you chose to enter during the use of our Services, such as information about your health and wellness, including information collected from accounts, devices, or features that you link with your WHOOP account. See our Privacy Policy here for additional details on Wellness Data.