Garmin collects detailed health and body data from your wearable devices and apps, including heart rate, sleep patterns, menstrual cycles, blood oxygen, and stress levels.
This analysis describes what Garmin's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This data is among the most sensitive personal information that can be collected, and its exposure, misuse, or breach carries significant personal and legal consequences, particularly for reproductive health data given the current legal environment in some U.S. states.
If you use Garmin Connect or a Garmin wearable, the company collects intimate health metrics including menstrual cycle and fertility data, which are stored on Garmin's systems and shared with service providers; users should review which features they enable and understand that this data may persist even after account changes.
How other platforms handle this
When you visit the Careers portion of our websites, we collect the information that you provide to us in connection with your job application. This includes but is not limited to business and personal contact information, professional credentials and skills, educational and work history and other in...
American does not knowingly collect personal information directly from children – persons under the age of 13, or another age if required by applicable law – other than when required to comply with the law or for safety and security reasons. Due to the nature of our Services, we may collect travel i...
We may collect information about your location, including precise geolocation information, when you use our Services. We use this information to provide location-based services, such as showing you products available in your area, and for other purposes described in this Privacy Policy.
Monitoring
Garmin has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Certain Garmin products and services are designed to collect information about your health and wellness. For example, Garmin Connect is designed to help you track your health and fitness activities. It may collect information such as heart rate, sleep, steps, calories, stress, body battery, menstrual cycle information, blood oxygen levels, weight, and other health and fitness-related data. Garmin also offers products and services for specific health-related activities. For example, our fertility tracking feature may collect information about your menstrual cycle, including period data, ovulation, and fertility window.— Excerpt from Garmin's Garmin Privacy Statement
REGULATORY LANDSCAPE: Collection and processing of health and biometric data constitutes special category processing under GDPR Article 9, requiring explicit consent or another enumerated Article 9 exception. In the U.S., reproductive and menstrual health data intersects with evolving state-level health data privacy laws including Washington My Health MY Data Act and similar statutes in states including Nevada and Connecticut. The FTC has issued guidance on health data practices and has taken enforcement action against companies mishandling consumer health information. HIPAA does not apply to fitness wearable data unless Garmin acts as a covered entity or business associate, which the policy does not assert. GOVERNANCE EXPOSURE: High. The collection of menstrual cycle, fertility, blood oxygen, and stress data across a global consumer base creates layered exposure under GDPR special category rules, U.S. state health data privacy laws, and FTC unfair or deceptive practice standards. Any breach or unauthorized sharing of this data would likely trigger enhanced notification obligations in multiple jurisdictions. JURISDICTION FLAGS: EU/EEA users have the strongest protections given GDPR Article 9 explicit consent requirements. Washington state users are subject to the My Health MY Data Act which applies to consumer health data including reproductive health metrics. California users have CPRA-enhanced protections for sensitive personal information. Illinois BIPA may be implicated if any biometric identifiers are derived from collected data. CONTRACT AND VENDOR IMPLICATIONS: Any third-party processors who receive health data must be covered by GDPR-compliant data processing agreements. Procurement teams should assess whether subprocessors handling menstrual and fertility data have appropriate technical and organizational measures and whether those subprocessors are disclosed in the policy or a separate subprocessor list. COMPLIANCE CONSIDERATIONS: Compliance teams should verify that the consent mechanism presented to users before health data collection meets GDPR Article 9 explicit consent standards (separate, granular, freely given). They should also assess whether a Data Protection Impact Assessment has been completed for fertility and reproductive health data processing, and whether contractual protections with third-party service providers cover the full scope of sensitive data categories collected.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This data is among the most sensitive personal information that can be collected, and its exposure, misuse, or breach carries significant personal and legal consequences, particularly for reproductive health data given the current legal environment in some U.S. states.
If you use Garmin Connect or a Garmin wearable, the company collects intimate health metrics including menstrual cycle and fertility data, which are stored on Garmin's systems and shared with service providers; users should review which features they enable and understand that this data may persist even after account changes.
ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Garmin.