# What the Whoop (5.0 / MG) knows about you

Made by Whoop. 13 findings on record, 13 verified against primary sources. Every line is checked; a maker's claim is labeled as a claim, and we say so when nothing is on record.

## Third-party sharing

A class action filed in 2025 alleged that Whoop embedded Twilio Segment analytics in its app and that tracker sent biometric data including heart rate, HRV, sleep scores, and recovery metrics to Segment without adequate user consent. Whoop disputed the claim.

- Posture: Verified
- As of: 2025-08-01
- Source: ClassAction.org: Lomeli v. Whoop class action complaint coverage, August 2025 (https://www.classaction.org/news/whoop-class-action-says-fitness-app-shared-users-biometric-data-with-twilio-segment)

## Third-party sharing

Whoop Coach AI is powered by OpenAI. De-identified body metrics go to OpenAI for processing under a contract that prohibits OpenAI from storing or training on the data. Your data still leaves Whoop's systems on each query.

- Posture: Verified
- As of: 2024-01-01
- Source: Whoop: WHOOP Coach powered by OpenAI (https://www.whoop.com/thelocker/whoop-coach-openai/)

## Data retention

Whoop is not covered by HIPAA, which applies to healthcare providers and plans, not consumer fitness trackers. Most US users outside Washington State have no federal law protecting their Whoop biometric data beyond Whoop's own policy, which can change with notice.

- Posture: Verified
- As of: 2024-03-31
- Source: HHS FAQ: Is my fitness tracker subject to HIPAA? (https://www.hhs.gov/hipaa/for-professionals/faq/is-my-fitness-tracker-subject-to-hipaa/index.html)

## Data sale

Does not sell member personal data, and has not sold any personal data in the 12 months before its April 2026 privacy policy update.

- Posture: Verified
- As of: 2026-04-13
- Source: primary source (https://www.whoop.com/us/en/full-privacy-policy/)

## Biometric storage

Continuously tracks your resting heart rate, HRV, respiratory rate, skin temperature, and blood oxygen, plus sleep and workout data.

- Posture: Verified
- As of: 2026-04-13
- Source: primary source (https://www.whoop.com/us/en/full-privacy-policy/)

## Third-party sharing

Shares only de-identified metrics with its AI coaching partner, which operates under a zero-retention, zero-training policy and does not store or train on Whoop member data.

- Posture: Verified
- As of: 2026-04-13
- Source: primary source (https://www.whoop.com/us/en/full-privacy-policy/)

## Data deletion control

You can delete your AI coaching chat history directly from the app anytime, and access, correct, or delete personal data through a dedicated data management portal.

- Posture: Verified
- As of: 2026-04-13
- Source: primary source (https://www.whoop.com/us/en/full-privacy-policy/)

## Training data use

Uses member data to train AI coaching features, but only after removing personal identifiers. The outside LLM partner is contractually barred from retaining or training on any Whoop data.

- Posture: Verified
- As of: 2026-04-13
- Source: primary source (https://www.whoop.com/us/en/full-privacy-policy/)

## Location tracking

Collects precise GPS and movement data during certain workouts when you grant permission. Classifies location as sensitive personal information under California law. You can disable collection in your phone's settings.

- Posture: Verified
- As of: 2026-04-13
- Source: primary source (https://www.whoop.com/us/en/full-privacy-policy/)

## Biometric storage

Whoop collects heart rate, heart rate variability, sleep duration, respiratory rate, skin temperature, blood oxygen saturation, activity type and duration, plus any additional health information members manually enter; consumer health data includes health conditions, bodily functions, vital signs, diagnostic testing and biomarkers, and derived health information like recovery readiness and risk scores.

- Posture: Verified
- As of: 2026-06-17
- Source: primary source (https://www.whoop.com/privacy)

## Data sale

Whoop does not sell member personal data and does not sell consumer health data to third parties; however, Whoop uses third-party cookies and tracking technologies which may fall under CCPA's broad definition of sale, and aggregated or de-identified data may be shared with any third party including advertisers, promotional partners, and sponsors.

- Posture: Verified
- As of: 2026-06-17
- Source: primary source (https://www.whoop.com/privacy)

## Data deletion control

Whoop members can delete their personal data upon request including when canceling membership, access and export their data, correct inaccuracies in consumer health data, withdraw consent for future collection or sharing, disable use of health data for personalized recommendations and offers in app Privacy Settings, and opt out of marketing texts by replying STOP.

- Posture: Verified
- As of: 2026-06-17
- Source: primary source (https://www.whoop.com/privacy)

## Data retention

Whoop retains consumer health data for as long as necessary to provide services or as required by applicable law; the company takes a variety of physical, technical, administrative, and organizational security measures, maintains access logs tracking who accessed member data and when, but does not explicitly mention encryption in the privacy policy and notes no online activity can be guaranteed 100 percent secure.

- Posture: Verified
- As of: 2026-06-17
- Source: primary source (https://www.whoop.com/privacy)

---
Register the Whoop (5.0 / MG) at https://deploy.report/my to be told when any of this changes.
