This is Fitbit's privacy policy — the document that explains what personal information Fitbit collects when you use its fitness trackers, smartwatches, and app, and how that information is used and shared. If you've linked your Fitbit to a Google Account, Google's privacy policy also applies to your data. You should know that Fitbit collects sensitive health and fitness data, including heart rate, sleep patterns, and location, and may share it with third parties and Google.
Technical Summary
The Fitbit Privacy Policy (last updated February 27, 2026) governs the collection, use, sharing, and retention of personal data by Fitbit LLC, a Google subsidiary, across its wearable devices, mobile applications, and associated services. The policy distinguishes between users operating with a Google Account — whose data is governed by the Google Privacy Policy — and those using legacy Fitbit accounts, creating a bifurcated data governance framework. Key data categories collected include biometric and health metrics, location data, device identifiers, and behavioral analytics. The policy grants users rights to access, export, and delete their data, and outlines sharing arrangements with third-party service providers, health platforms, and corporate affiliates. Notable provisions address data transfers to the United States, retention schedules tied to account status, and children's data restrictions.
Institutional Analysis
This policy engages GDPR and UK GDPR obligations for European and UK users, CCPA rights for California residents, and COPPA restrictions for users under 13. The bifurcated data governance model — dif…
This policy engages GDPR and UK GDPR obligations for European and UK users, CCPA rights for California residents, and COPPA restrictions for users under 13. The bifurcated data governance model — differentiating Google Account users from legacy Fitbit account users — creates compliance complexity, …
🔒
Compliance intelligence locked
Regulatory exposure, material risk, and due diligence action items.
If you use your Fitbit with a Google Account, Google's Privacy Policy governs your data instead of (or in addition to) Fitbit's own policy. This means your fitness and health data may be processed under Google's much broader data practices.
Fitbit collects highly sensitive health data from your device including heart rate, sleep patterns, menstrual cycles, weight, calories, exercise activity, and GPS location. This data is stored on Fitbit's servers and may be shared with third parties.
Fitbit may share your health and fitness data with third-party apps, health platforms, and service providers that you authorize or that Fitbit works with to operate its services. Once shared, Fitbit's policy may no longer govern how that data is used.
Fitbit's services are not directed at children under 13, and Fitbit states it does not knowingly collect personal data from children under 13 without parental consent. However, the policy's mechanisms for enforcing this restriction are not detailed.
Fitbit collects GPS and location data from your device and smartphone to track exercise routes and provide location-based features. This data can reveal your home, workplace, and daily movement patterns.
If you use Fitbit outside the United States, your personal data may be transferred to and processed in the US, where privacy laws may offer fewer protections than in your home country.
Fitbit states that users can access, export, and request deletion of their personal data through account settings or by contacting Fitbit. The scope and timeline for these rights may differ depending on whether you use a Google Account.
Fitbit retains your personal data for as long as your account is active and for a period afterward as required by law or business purposes. Deleting your account does not guarantee immediate or permanent deletion of all data.