The policy discloses that the platform may collect sensitive personal information including sexual orientation and gender identity (where voluntarily submitted), health and medical information, account credentials, and precise geolocation.
This analysis describes what Hims & Hers's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Under CPRA, sensitive personal information including sexual orientation and health data carries heightened obligations, including the right for California residents to limit its use and disclosure to purposes necessary to perform the services. The collection of this category of data on a health platform creates distinct compliance obligations beyond standard personal information.
This provision establishes that sensitive personal information categories including sexual orientation, health data, and precise geolocation are collected through platform interactions. California residents have the right to direct the company to limit the use and disclosure of sensitive personal information to service delivery purposes.
Cross-platform context
See how other platforms handle Collection of Sensitive Personal Information Including Sexual Orientation and similar clauses.
Compare across platforms →Monitoring
Hims & Hers has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may collect sensitive personal information as defined under applicable law, including: health and medical information; sexual orientation or gender identity (where voluntarily provided); account log-in credentials; and precise geolocation data.— Excerpt from Hims & Hers's Hims & Hers Privacy Policy
1) REGULATORY LANDSCAPE: CPRA (enforced by the California Privacy Protection Agency) grants California residents the right to limit the use of sensitive personal information. Sexual orientation and health information are expressly listed as sensitive categories under CPRA. The FTC Act also applies to deceptive practices involving sensitive data categories. State biometric and health data laws in other jurisdictions may create additional obligations. 2) GOVERNANCE EXPOSURE: High. Collection of sexual orientation data on a health platform creates distinct sensitivity. Under CPRA, the company must provide a 'Limit the Use of My Sensitive Personal Information' mechanism and must disclose the purposes for which sensitive data is used. Failure to maintain this mechanism or to honor requests is an enforcement priority. 3) JURISDICTION FLAGS: California CPRA creates the most specific obligations for this category. Illinois, Texas, and Washington have enacted laws addressing biometric and health data. Washington My Health MY Data Act may apply to sexual orientation data where it intersects with health-seeking behavior. The policy's scope in the EU and UK (where separate regional policies appear to exist per the document's hreflang references) may engage GDPR Article 9 special category data requirements. 4) CONTRACT AND VENDOR IMPLICATIONS: Vendors processing sensitive personal information must be assessed for contractual limitations on secondary use. Any advertising or analytics vendor receiving data that could be used to infer sensitive categories creates additional exposure under CPRA's sensitive data provisions. 5) COMPLIANCE CONSIDERATIONS: Compliance teams should verify that a functional 'Limit the Use of My Sensitive Personal Information' link is implemented, that the purposes for processing sensitive data are disclosed with specificity, and that sensitive data is not used for advertising profiling without appropriate consent or opt-out mechanisms.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 3 platforms + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Under CPRA, sensitive personal information including sexual orientation and health data carries heightened obligations, including the right for California residents to limit its use and disclosure to purposes necessary to perform the services. The collection of this category of data on a health platform creates distinct compliance obligations beyond standard personal information.
This provision establishes that sensitive personal information categories including sexual orientation, health data, and precise geolocation are collected through platform interactions. California residents have the right to direct the company to limit the use and disclosure of sensitive personal information to service delivery purposes.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Hims & Hers.