What are the institutional and regulatory implications of this document?

REGULATORY LANDSCAPE: This policy engages CCPA/CPRA (California Privacy Rights Act), which classifies health and precise geolocation data as sensitive personal information requiring opt-out rights and potentially opt-in consent for certain uses; GDPR and UK GDPR apply to EU and UK residents and impose lawful basis requirements, data subject rights, and data transfer restrictions; the FTC Act applies given Noom's consumer-facing health claims and prior FTC scrutiny; while the policy explicitly d…

How does Noom's Noom Privacy Policy affect users?

The policy permits Noom to collect and retain personal health data input by users and to share this information with advertising and analytics partners. Users may request deletion of their data or opt-out of specific data sharing practices through privacy@noom.com or in-app privacy settings. The authorization to share health data with advertising partners establishes the basis for potential use of this information in targeted advertising.

How often is Noom's Noom Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Noom updates this document?

Yes. Watcher subscribers ($9.99/month) can add Noom to their watchlist and receive same-day email alerts whenever this document or any other Noom document changes.

CA-D-000397

Noom Privacy Policy

Noom

Last change detected April 19, 2026 Privacy policy

SHA-256: fda3dc10dae1f5bff4e… 3 versions captured 2 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Noom ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

10 Total

0 High severity

4 Medium severity

6 Low severity

Summary

This document establishes Noom's data collection, use, and sharing practices for personal health information including weight, food logs, exercise habits, and behavioral patterns. The policy authorizes Noom to share collected health data with third-party advertising partners and analytics providers. Users in California, the EU, and the UK are granted rights to request data access, deletion, and opt-out of certain data uses by contacting privacy@noom.com.

Technical / Legal Breakdown

This document is Noom's privacy policy governing the collection, use, and sharing of personal data when users interact with Noom's weight management and behavior change services, operating primarily under a notice-and-consent framework with additional state-specific rights sections. The policy states that Noom collects a broad range of personal information including health and fitness data (weight, food logs, exercise habits), precise geolocation, payment information, and behavioral data, and the terms authorize use of this data for product improvement, personalization, advertising, and sharing with third-party partners including advertising networks and analytics providers. Notably, the policy discloses sharing of health-related information with third parties for advertising and business purposes, which represents a sensitive data practice given the nature of the service; the agreement asserts broad consent to this sharing, though applicable law in certain jurisdictions (particularly California under CPRA and sensitive data provisions) may impose additional restrictions or opt-in requirements that the document's framing does not fully foreground. The policy engages CCPA/CPRA for California residents, GDPR and UK GDPR for EU and UK users, and potentially HIPAA where Noom acts in a covered-entity-adjacent capacity, though the document explicitly states Noom is not a HIPAA-covered entity; FTC Act unfair and deceptive practices standards also apply given Noom's prior regulatory history. Compliance teams should note the intersection of sensitive health data processing, broad third-party sharing authorizations, and the patchwork of US state privacy laws that may each impose distinct consent and opt-out obligations.

Institutional Analysis

Institutional analysis available with Professional

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Start Professional free trial

2 important changes detected

3 versions captured · Last updated: April 2026

April 19, 2026

low

What changed Noom updated its privacy policy on April 19, 2026 to add clearer introductory language and summaries explaining what data it collects, how it uses that data, and how it shares information. The policy now includes plain-language summaries at the start of each major section, such as a statement that Noom collects personal, technical, and health information, uses it to run services and personalize experiences, and shares it with service providers and partners. The substantive policy sections remain substantively similar, but the new formatting makes the policy more accessible to non-lawyers reading it for the first time.

Why this matters Noom's policy now leads with a clearer summary explaining that it collects personal, technical, and health information; uses it to personalize services and run the platform; and shares it with service providers and partners for business operations and payments. The updated policy makes these practices more transparent and easier for users to understand before reading the full terms. The core data practices described appear unchanged, but are now presented more accessibly.

View full change record →

April 3, 2026

low

What changed Noom updated its privacy policy on April 3, 2026 to add a summary section at the beginning explaining what data it collects, how it uses that data, and what choices users have. The policy now explicitly states it collects personal, technical, and health information from multiple sources and uses it to personalize services, run the business, and show marketing or ads. The changes make the policy structure more transparent by adding summary sections before detailed explanations, but do not appear to introduce new data collection or usage practices.

Why this matters Noom's updated privacy policy adds transparency by explicitly stating upfront that it collects personal, technical, and health information and uses it for personalization, marketing, and advertising. The policy does not appear to introduce new data collection or usage rights beyond what may have been disclosed in more detailed sections previously. The main practical change is improved clarity about what data categories Noom processes and for what purposes, though the underlying data practices themselves do not appear to have fundamentally changed based on the provided diff.

View full change record →

Medium — 4 provisions

Sensitive Health Data Collection Compare →

Noom collects detailed health information including your weight, food logs, BMI, exercise habits, and sleep patterns when you use the app.

Added April 28, 2026 Standard Seen across 251 platforms
Third-Party Sharing for Advertising Compare →

Noom may share your personal information, which can include health-related data, with advertising networks and marketing companies to show you targeted ads.

Added May 10, 2026 Standard Seen across 246 platforms
HIPAA Non-Applicability Disclaimer Compare →

Noom is telling you that HIPAA, the federal health privacy law, does not apply to your data, so you do not have HIPAA-based rights to access, correct, or restrict how Noom uses your health information.

Added May 10, 2026 Standard Seen across 198 platforms
Use of Cookies and Tracking Technologies Compare →

Noom and its partners use cookies and tracking pixels to monitor how you use the app and website, and to show you targeted ads on other websites and platforms.

Added April 3, 2026 Standard Seen across 251 platforms

Low — 6 provisions

California CPRA Rights

California users have specific legal rights under CPRA to access, delete, correct, and limit how their personal and sensitive information is used, including the right to opt out of data sharing for advertising.

Added May 10, 2026 Rare
GDPR and UK GDPR Rights for EU and UK Users Compare →

EU and UK users have GDPR rights to access, correct, delete, or export their data, and to object to certain types of processing, including profiling for advertising.

Added May 10, 2026 Standard Seen across 262 platforms
Data Retention Policy Compare →

Noom keeps your personal data for as long as it needs to run the service and meet legal requirements, but does not specify exact retention periods for most data categories.

Added April 3, 2026 Standard Seen across 223 platforms
International Data Transfers Compare →

Noom may transfer your data to countries outside your own, including the US, which may have less protective privacy laws than your home country.

Added May 10, 2026 Standard Seen across 246 platforms
Children's Privacy Compare →

Noom says its service is not for children under 13 and will delete any data it discovers was collected from a child under that age.

Added May 10, 2026 Standard Seen across 262 platforms
Policy Update and Notification Compare →

Noom can change its privacy policy and will try to notify you by email or website notice if the changes are significant, but continued use of the service after changes take effect may be treated as acceptance.

Added May 10, 2026 Standard Seen across 178 platforms