Hims & Hers · Hims & Hers Privacy Policy · View original document ↗

Collection of Sensitive Personal Information Including Sexual Orientation

High severity High confidence Explicitdocumentlanguage Unique · 0 of 352 platforms
Share 𝕏 Share in Share 🔒 PDF
Monitor governance changes for Hims & Hers Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.
Document Record

What it is

The policy discloses that the platform may collect sensitive personal information including sexual orientation and gender identity (where voluntarily submitted), health and medical information, account credentials, and precise geolocation.

This analysis describes what Hims & Hers's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

Under CPRA, sensitive personal information including sexual orientation and health data carries heightened obligations, including the right for California residents to limit its use and disclosure to purposes necessary to perform the services. The collection of this category of data on a health platform creates distinct compliance obligations beyond standard personal information.

Consumer impact (what this means for users)

This provision establishes that sensitive personal information categories including sexual orientation, health data, and precise geolocation are collected through platform interactions. California residents have the right to direct the company to limit the use and disclosure of sensitive personal information to service delivery purposes.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Opt Out of Arbitration
    California residents can submit a request to limit the use of sensitive personal information through the privacy rights link on the Hims or Hers website.

Cross-platform context

See how other platforms handle Collection of Sensitive Personal Information Including Sexual Orientation and similar clauses.

Compare across platforms →

Monitoring

Hims & Hers has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Get Monitor Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
We may collect sensitive personal information as defined under applicable law, including: health and medical information; sexual orientation or gender identity (where voluntarily provided); account log-in credentials; and precise geolocation data.

— Excerpt from Hims & Hers's Hims & Hers Privacy Policy

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

1) REGULATORY LANDSCAPE: CPRA (enforced by the California Privacy Protection Agency) grants California residents the right to limit the use of sensitive personal information. Sexual orientation and health information are expressly listed as sensitive categories under CPRA. The FTC Act also applies to deceptive practices involving sensitive data categories. State biometric and health data laws in other jurisdictions may create additional obligations. 2) GOVERNANCE EXPOSURE: High. Collection of sexual orientation data on a health platform creates distinct sensitivity. Under CPRA, the company must provide a 'Limit the Use of My Sensitive Personal Information' mechanism and must disclose the purposes for which sensitive data is used. Failure to maintain this mechanism or to honor requests is an enforcement priority. 3) JURISDICTION FLAGS: California CPRA creates the most specific obligations for this category. Illinois, Texas, and Washington have enacted laws addressing biometric and health data. Washington My Health MY Data Act may apply to sexual orientation data where it intersects with health-seeking behavior. The policy's scope in the EU and UK (where separate regional policies appear to exist per the document's hreflang references) may engage GDPR Article 9 special category data requirements. 4) CONTRACT AND VENDOR IMPLICATIONS: Vendors processing sensitive personal information must be assessed for contractual limitations on secondary use. Any advertising or analytics vendor receiving data that could be used to infer sensitive categories creates additional exposure under CPRA's sensitive data provisions. 5) COMPLIANCE CONSIDERATIONS: Compliance teams should verify that a functional 'Limit the Use of My Sensitive Personal Information' link is implemented, that the purposes for processing sensitive data are disclosed with specificity, and that sensitive data is not used for advertising profiling without appropriate consent or opt-out mechanisms.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 3 platforms — free Get Monitor

Free: track 3 platforms + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.

Applicable agencies

  • FTC
    The FTC has enforcement authority over unfair or deceptive practices involving sensitive personal information including health data and sexual orientation.
    File a complaint →
  • State AG
    California Privacy Protection Agency and AG enforce CPRA rights including the right to limit use of sensitive personal information.
    File a complaint →

Provision details

Document information
Document
Hims & Hers Privacy Policy
Entity
Hims & Hers
Document last updated
July 5, 2026
Tracking information
First tracked
July 5, 2026
Last verified
July 5, 2026
Record ID
CA-P-013276
Document ID
CA-D-00907
Evidence Provenance
Source URL
Wayback Machine
Content hash (SHA-256)
b8d8a749b829206ea447774fc34efb6510397ba35713344941241037d807a11c
Analysis generated
July 5, 2026 02:24 UTC
Methodology
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: Hims & Hers
Document: Hims & Hers Privacy Policy
Record ID: CA-P-013276
Captured: 2026-07-05 02:24:07 UTC
SHA-256: b8d8a749b829206e…
URL: https://conductatlas.com/platform/hims-hers/hims-hers-privacy-policy/collection-of-sensitive-personal-information-including-sexual-orientation/
Accessed: July 5, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
High
Categories

Other risks in this policy

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Get Compliance

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Hims & Hers's Collection of Sensitive Personal Information Including Sexual Orientation clause do?

Under CPRA, sensitive personal information including sexual orientation and health data carries heightened obligations, including the right for California residents to limit its use and disclosure to purposes necessary to perform the services. The collection of this category of data on a health platform creates distinct compliance obligations beyond standard personal information.

How does this clause affect you?

This provision establishes that sensitive personal information categories including sexual orientation, health data, and precise geolocation are collected through platform interactions. California residents have the right to direct the company to limit the use and disclosure of sensitive personal information to service delivery purposes.

Is ConductAtlas affiliated with Hims & Hers?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Hims & Hers.