Noom · Noom Privacy Policy · View original document ↗

Data Retention Policy

Low severity Medium confidence Explicitdocumentlanguage Common · 65 of 343 platforms
Share 𝕏 Share in Share 🔒 PDF
Monitor governance changes for Noom Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.
Document Record

What it is

Noom keeps your personal data for as long as it needs to run the service and meet legal requirements, but does not specify exact retention periods for most data categories.

This analysis describes what Noom's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

Without specific retention periods, users cannot know how long their sensitive health data will be held, making it harder to assess long-term privacy exposure.

Interpretive note: The policy's retention language is broadly stated without specific periods, making it difficult to assess whether actual practices align with GDPR storage limitation and CPRA disclosure requirements.

Clause Stability Stable

0
Changes
3
Months Monitored
Apr 3, 2026
First Seen
May 22, 2026
Last Seen
This clause type exists across 3350 other provisions on other platforms.

Consumer impact (what this means for users)

Your health and personal data may be retained by Noom for an indefinite period based on broadly stated business and legal needs, with no specific timeframes given for most categories; users who want their data deleted should submit an explicit deletion request rather than assuming data is purged after inactivity.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    If you have stopped using Noom or want your data removed, email privacy@noom.com with a deletion request specifying your account details and requesting all associated personal data be deleted.

How other platforms handle this

Grindr Medium

We retain personal information for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. The specific retention periods depend on the type of information and the purposes for which it is processed.

Threads Medium

We keep information for as long as we need it to provide our products, comply with legal obligations, or for other legitimate purposes, such as to maintain safety, security, and integrity.

Hinge Medium

After your account is deleted, we keep data about interactions you've had on our service to prevent abuse, ban evaders and others in an effort to protect and ensure the safety and security of our service and our members.

See all platforms with this clause type →

Monitoring

Noom has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
We retain your personal information for as long as necessary to provide our Services, comply with our legal obligations, resolve disputes, and enforce our agreements. The specific retention period depends on the type of data and the purpose for which it was collected.

— Excerpt from Noom's Noom Privacy Policy

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

REGULATORY LANDSCAPE: GDPR requires that personal data be kept for no longer than necessary for the specified purpose (storage limitation principle); CPRA requires businesses to disclose retention periods or the criteria used to determine them; vague retention language stating data is held as long as necessary without specifying criteria or periods may not fully satisfy GDPR or CPRA disclosure requirements; the FTC has also emphasized data minimization and retention limitation in its guidance on health data. GOVERNANCE EXPOSURE: Medium. The absence of specific retention periods for health and sensitive data categories in the policy creates a compliance gap relative to GDPR storage limitation requirements and CPRA disclosure obligations; this is an area where regulatory guidance has increasingly required specificity rather than general statements. JURISDICTION FLAGS: EU/EEA and UK (GDPR and UK GDPR storage limitation principle requires defined or determinable retention periods); California (CPRA requires disclosure of retention periods or criteria); other US states with comprehensive privacy laws increasingly require similar disclosures. CONTRACT AND VENDOR IMPLICATIONS: Vendor contracts should specify data retention and deletion obligations to ensure that downstream processors do not retain Noom user data beyond permissible periods; particularly relevant for advertising and analytics partners who may maintain separate data stores. COMPLIANCE CONSIDERATIONS: Compliance teams should develop and publish category-specific data retention schedules that satisfy GDPR and CPRA disclosure requirements; automated deletion workflows for data past its retention period should be implemented and auditable; particular attention should be paid to health data retention given the heightened sensitivity of this category.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Monitor free for 14 days

Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.

Applicable agencies

  • FTC
    The FTC's guidance on health data and data minimization is relevant to indefinite or vague data retention practices by consumer health app operators.
    File a complaint →

Applicable regulations

CCPA/CPRA
California, USA
Connecticut Data Privacy Act Amendments
US-CT
CAN-SPAM
United States Federal
FTC Act Section 5
United States Federal
GDPR
European Union
HIPAA
United States Federal
Indiana Consumer Data Protection Act
US-IN
Kentucky Consumer Data Protection Act
US-KY
Universal Opt-Out Mechanism Expansion 2026
US

Provision details

Document information
Document
Noom Privacy Policy
Entity
Noom
Document last updated
May 5, 2026
Tracking information
First tracked
April 28, 2026
Last verified
May 10, 2026
Record ID
CA-P-001846
Document ID
CA-D-00397
Evidence Provenance
Source URL
Wayback Machine
Content hash (SHA-256)
05252f553ca6864667d2e582f332534d7ecc993e8e01284deda5add6a0607bb0
Analysis generated
April 28, 2026 06:52 UTC
Methodology
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: Noom
Document: Noom Privacy Policy
Record ID: CA-P-001846
Captured: 2026-04-28 06:52:27 UTC
SHA-256: 05252f553ca68646…
URL: https://conductatlas.com/platform/noom/noom-privacy-policy/data-retention-policy/
Accessed: July 4, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
Low
Categories

Other risks in this policy

Related Analysis

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Start Compliance free trial

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Noom's Data Retention Policy clause do?

Without specific retention periods, users cannot know how long their sensitive health data will be held, making it harder to assess long-term privacy exposure.

How does this clause affect you?

Your health and personal data may be retained by Noom for an indefinite period based on broadly stated business and legal needs, with no specific timeframes given for most categories; users who want their data deleted should submit an explicit deletion request rather than assuming data is purged after inactivity.

How many platforms have this type of clause?

ConductAtlas has identified this type of provision across 65 platforms. See the full comparison.

Is ConductAtlas affiliated with Noom?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Noom.