Noom · Noom Privacy Policy

Data Retention After Account Deletion

Medium severity
Share 𝕏 Share in Share 🔒 PDF

What it is

When you delete your Noom account, Noom may keep some of your personal data — including health information — for an unspecified period for legal or business reasons.

Consumer impact (what this means for users)

Deleting your Noom account does not guarantee immediate deletion of your health data — Noom may retain it for unspecified 'business purposes,' leaving your weight history, food logs, and health conditions in Noom's systems for an unknown period.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    Email privacy@noom.com requesting both account deletion and explicit confirmation of when all your personal data — including health data — will be permanently deleted from all Noom systems and third-party processors.

Cross-platform context

See how other platforms handle Data Retention After Account Deletion and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

The lack of a specific retention period after deletion means your sensitive health data could remain in Noom's systems indefinitely, creating ongoing privacy risk even after you stop using the service.

View original clause language
We retain your personal information for as long as necessary to provide you with our Services and for other essential purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements. Even after you delete your account, we may retain certain information as required by law or for legitimate business purposes.

Institutional analysis (Compliance & legal intelligence)

1. REGULATORY FRAMEWORK: Data retention obligations are governed by GDPR Art. 5(1)(e) (storage limitation principle — data must not be kept longer than necessary for the specified purpose); CCPA/CPRA §1798.100 (right to deletion with limited exceptions for legal obligation and internal use); FTC Act Section 5 (retention beyond disclosed purposes may be deceptive). The failure to specify concrete retention periods is a recognized GDPR compliance deficiency. Enforcement: EU DPAs, CPPA, FTC. 2.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • FTC
    The FTC has authority to challenge indefinite retention of sensitive health data as an unfair or deceptive practice under FTC Act Section 5, particularly where retention exceeds disclosed purposes.
    File a complaint →

Provision details

Document information
Document
Noom Privacy Policy
Entity
Noom
Document last updated
April 29, 2026
Tracking information
First tracked
April 28, 2026
Last verified
April 28, 2026
Record ID
CA-P-003846
Document ID
CA-D-00397
Evidence Provenance
Source URL
https://www.noom.com/noom-privacy-policy/
Wayback Machine
View archived versions →
SHA-256
05252f553ca6864667d2e582f332534d7ecc993e8e01284deda5add6a0607bb0
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Noom | Document: Noom Privacy Policy | Record: CA-P-003846
Captured: 2026-04-28 06:52:27 UTC | SHA-256: 05252f553ca68646…
URL: https://conductatlas.com/platform/noom/noom-privacy-policy/data-retention-after-account-deletion/
Accessed: May 2, 2026
Classification
Severity
Medium
Categories
Unknown

Other provisions in this document