Oura's June 16, 2026 privacy policy update adds explicit disclosure of AI and machine learning features used in the service, including the Oura Advisor assistant and algorithmic suggestions. The updated policy now specifically describes how personal data is processed to develop and refine AI-powered features, whereas the previous version referenced only general improvement and insight generation. The policy clarifies that users can choose whether to engage with or share data with partner services when AI-driven suggestions are offered.
The updated policy explicitly discloses that Oura uses artificial intelligence and machine learning in the service, including an AI assistant called Oura Advisor that provides personalized wellness guidance based on information you submit or that Oura collects. The revised terms state that Oura may use AI and algorithmic analysis to suggest partner services and may use personal data to develop or refine AI-powered health features. The policy establishes that you retain choice about whether to engage with these AI features or share personal data with partner services when suggestions are offered.
The updated terms establish explicit transparency about AI-powered processing and feature development, which strengthens disclosure compliance and clarifies how personal health data may be used. The addition of user choice over partner data sharing provides a concrete control mechanism within the AI feature ecosystem.
→ Review whether you want to engage with Oura Advisor or other AI features and adjust your settings accordingly
→ When prompted to engage with partner service suggestions, you can choose whether to share your personal data with those partners
→ The updated terms will apply as written; Oura will process your health data through AI features as disclosed unless you choose not to engage with them
→ Partner service suggestions powered by AI and algorithmic analysis will be presented according to the policy's stated processing purposes
Policy explicitly states that some features use artificial intelligence and machine learning, including the Oura Advisor assistant, establishing transparency about automated processing.
Users retain the ability to decide whether to engage with or share personal data with partner services when AI-driven suggestions are offered.
Policy now explicitly authorizes use of personal data to develop or refine AI-powered health features, expanding stated processing purposes.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
Oura must tell you when and how AI is being used to process your health data.
Oura can now explicitly use your data to build and improve AI features, not just provide the current service.
+ 1 more obligation changes. Full breakdown available with Monitor.
Track changes →Oura's privacy policy update adds transparent disclosure of AI-powered feature usage, including the Oura Advisor assistant and algorithmic analysis. The changes clarify data processing purposes related to AI and establish user choice mechanisms around partner service sharing. Organizations integrating Oura data into health applications or business intelligence systems should review whether these disclosures align with their own privacy notices and whether downstream data processing requires updated vendor contracts or data processing addendums. The addition of explicit AI processing disclosures may strengthen compliance posture under transparency requirements in emerging AI governance frameworks.
GDPR (Articles 13-14 transparency requirements for automated decision-making), EU AI Act (transparency for high-risk AI systems), CCPA (disclosure of personal information uses), FTC Act Section 5 (unfair or deceptive practices related to AI disclosure)
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Monitor: regulatory citations + obligations. Compliance: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-003015.
This addition provides users with explicit notification of their GDPR and privacy law rights and a direct mechanism to exercise them, replacing the previous version's opposition-to-legal-authority provision.
This addition clarifies user control over data upon account termination and establishes conditions for data deletion exceptions, improving transparency about data retention practices.
This addition directly addresses consumer concerns about data commercialization and provides an explicit commitment that may satisfy privacy law requirements in jurisdictions like California.
The removal of guidance to review Data Recipient privacy policies and Oura's liability disclaimer reduces transparency about responsibilities when data is transferred to third-party controllers.
The removal of this reproductive health acknowledgment eliminates explicit recognition of processing highly sensitive health data, which may have reassured users about Oura's understanding of data sensitivity.
The removal of this strong commitment to oppose surveillance requests and notify users eliminates a significant privacy protection pledge that differentiated Oura's stance on government data access.
This provision was replaced by a more generalized 'Advertising and Marketing Data Processing' provision that removes specific mention of California resident protections, reducing targeted privacy regulation compliance clarity.
Removed language about Data Recipient's own privacy practices, the instruction to review their privacy policy, and the incomplete liability disclaimer statement, making the provision more concise but less informative about user obligations.
Removed the redundant statement 'We process your sensitive personal data only with your consent' and completed the truncated sentence with 'in the Oura App' instead of the incomplete 'in'.
Provision name changed from 'Location Data Processing and Consent' to 'Location Data Collection and Consent' but the excerpt text remains identical.
Provision name changed from 'Legitimate Interest Basis for Marketing and Service Improvement' to 'Legitimate Interest as Legal Basis for Marketing and Service Improvement' but the excerpt text remains identical.
Provision name changed from 'Third-Party Integration and Data Sharing' to 'Third-Party Integrations Data Processing' but the excerpt text remains identical.
Cross-platform context
See how other platforms handle similar provisions across the ConductAtlas archive.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — MonitorOura updated a single sentence in its privacy policy on May 15, 2026, changing the reference point for account deletion …
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the …
TikTok's data collection extends to device sensors, clipboard content, geolocation, and cross-site tracking. Here is what their Privacy Pol…
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Get alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 320+ platforms every Sunday.