Noom · Noom Privacy Policy

Cross-Border Data Transfers

High severity
Share 𝕏 Share in Share 🔒 PDF

What it is

If you use Noom from outside the US — including from Europe — your health data is transferred to and stored in the United States, where privacy protections may be weaker than in your home country.

Consumer impact (what this means for users)

EU and UK users' health data — including weight, food logs, and medical conditions — is transferred to the US, where it may be subject to US government surveillance laws and less stringent data protection than GDPR provides.

Cross-platform context

See how other platforms handle Cross-Border Data Transfers and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

EU and UK users' sensitive health data is transferred to the US, which requires specific legal mechanisms under GDPR — without adequate safeguards, this transfer may be unlawful under European data protection law.

View original clause language
Noom is based in the United States and the information we collect is governed by U.S. law. If you are accessing our Services from outside of the United States, please be aware that information collected through the Services may be transferred to, processed, stored, and used in the United States and other jurisdictions. Data protection laws in the U.S. and other jurisdictions may be different from those in your country of residence.

Institutional analysis (Compliance & legal intelligence)

1. REGULATORY FRAMEWORK: Cross-border transfers of personal data from the EU/EEA to the US are governed by GDPR Chapter V (Arts. 44-49), requiring either an adequacy decision, Standard Contractual Clauses (SCCs — Commission Decision 2021/914), Binding Corporate Rules, or derogations. The EU-US Data Privacy Framework (DPF, adopted July 2023) provides an adequacy mechanism for certified US companies. UK IDTA (International Data Transfer Agreement) or UK Addendum to EU SCCs is required for UK transfers. FTC enforcement applies if DPF certifications are falsely claimed. 2.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • State AG
    EU and UK supervisory authorities (equivalent role to State AGs in their jurisdictions) have enforcement authority over unlawful cross-border data transfers under GDPR Chapter V.
    File a complaint →

Provision details

Document information
Document
Noom Privacy Policy
Entity
Noom
Document last updated
April 29, 2026
Tracking information
First tracked
April 28, 2026
Last verified
April 28, 2026
Record ID
CA-P-003849
Document ID
CA-D-00397
Evidence Provenance
Source URL
https://www.noom.com/noom-privacy-policy/
Wayback Machine
View archived versions →
SHA-256
05252f553ca6864667d2e582f332534d7ecc993e8e01284deda5add6a0607bb0
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Noom | Document: Noom Privacy Policy | Record: CA-P-003849
Captured: 2026-04-28 06:52:27 UTC | SHA-256: 05252f553ca68646…
URL: https://conductatlas.com/platform/noom/noom-privacy-policy/cross-border-data-transfers/
Accessed: May 2, 2026
Classification
Severity
High
Categories
Unknown

Other provisions in this document