MyFitnessPal keeps your personal data for as long as needed to run the service or meet legal requirements, and even after you delete your account, some data may be held for an unspecified period.
This analysis describes what MyFitnessPal's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The retention period is not precisely defined, which means your health and fitness data could be held for an extended and uncertain duration even after you stop using or delete your account.
Interpretive note: The policy does not specify concrete retention periods for individual data categories, making it difficult to assess whether retention practices align with GDPR's storage limitation principle or CPRA's disclosure requirements.
Deleting your MyFitnessPal account does not guarantee immediate deletion of all your health data, as the policy reserves the right to retain some information for an unspecified period based on a broadly stated legitimate business reason.
How other platforms handle this
We retain personal data for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements, to resolve disputes, and to enforce our agreements. The criteria used to determine our retention periods include: the length of ...
We may retain de-identified or aggregated information that can no longer be used to identify you for any period of time, including indefinitely.
We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements, or as otherwise permitted or required by applicable law.
Monitoring
MyFitnessPal has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements, and to provide you with our services. When you delete your account, we will delete or anonymize your personal information, though some information may be retained for a period of time where we have a legitimate business reason to do so.— Excerpt from MyFitnessPal's MyFitnessPal Privacy Policy
REGULATORY LANDSCAPE: GDPR's storage limitation principle (Article 5(1)(e)) requires that personal data be kept no longer than necessary for the specified purpose, and vague retention language may conflict with this requirement. CPRA similarly requires reasonable data retention schedules to be disclosed. The FTC Act's expectation of accurate disclosure about data practices applies to retention representations. GOVERNANCE EXPOSURE: Medium. The use of open-ended retention language ('as long as necessary' and 'legitimate business reason' without specific timeframes) is common in industry but creates tension with GDPR's storage limitation principle and CPRA's data minimization expectations. The absence of specific retention schedules for different data categories makes it difficult for users or regulators to verify compliance. JURISDICTION FLAGS: EU/EEA users face the strongest tension between this retention language and GDPR's storage limitation requirements. California users may find that the vague retention terms conflict with CPRA's requirement to disclose retention periods or the criteria used to determine them. UK GDPR creates similar obligations. CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers should clarify MyFitnessPal's specific data retention and deletion timelines in contractual arrangements, particularly where they need to fulfill their own deletion obligations to end users. Data processing agreements should specify maximum retention periods for each data category. COMPLIANCE CONSIDERATIONS: Compliance teams should request that MyFitnessPal clarify specific retention schedules for each category of personal data, particularly sensitive health data. A review of the account deletion workflow should confirm that deletion requests are processed within a reasonable and disclosed timeframe. Documentation of the legitimate business reasons asserted for post-deletion retention should be reviewed.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The retention period is not precisely defined, which means your health and fitness data could be held for an extended and uncertain duration even after you stop using or delete your account.
Deleting your MyFitnessPal account does not guarantee immediate deletion of all your health data, as the policy reserves the right to retain some information for an unspecified period based on a broadly stated legitimate business reason.
ConductAtlas has identified this type of provision across 115 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by MyFitnessPal.