What are the institutional and regulatory implications of this document?

1. REGULATORY EXPOSURE: This policy engages GDPR Arts. 6, 9, 13, and 17 (sensitive health data processing requires explicit consent under Art. 9; cross-border transfer mechanisms required under Chapter V); CCPA/CPRA §§1798.100, 1798.110, 1798.120, 1798.121 (sensitive personal information opt-out rights apply to health data); FTC Act Section 5 (unfair or deceptive trade practices, particularly relevant given Noom's 2023 FTC scrutiny); and potentially state health privacy laws including Washingto…

How does Noom's Noom Privacy Policy affect users?

Noom collects deeply sensitive health data including your weight, food logs, physical activity, and self-reported health conditions, and shares this information with third-party advertising and analytics partners, which goes beyond what most users would expect from a health and wellness app. EU and UK users have stronger rights under GDPR to object to processing and request erasure, while California residents can opt out of data sales and sharing under CPRA. You can request deletion of your per…

How often is Noom's Noom Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Noom updates this document?

Yes. Watcher subscribers ($9.99/month) can add Noom to their watchlist and receive same-day email alerts whenever this document or any other Noom document changes.

Noom Privacy Policy — Noom

7 Total

4 High severity

3 Medium severity

0 Low severity

Summary

This is Noom's privacy policy explaining how the weight-loss and wellness app collects and uses your personal health data, including your weight, food logs, exercise habits, and health conditions. The most important thing to know is that Noom shares your sensitive health information with third-party advertising and analytics partners, which is not typical for health apps and could expose your personal wellness data to marketers. You can request deletion of your data or opt out of certain data sharing by contacting Noom at privacy@noom.com or through your account settings.

Technical Summary

This document is Noom's Privacy Policy governing the collection, use, and sharing of personal data by Noom Inc. when users interact with its weight management and behavior-change platform, relying on consent and legitimate interest as legal bases. The policy obligates Noom to disclose data practices and grants users rights to access, delete, correct, and export their data, while Noom retains broad discretion to share data with third-party service providers, analytics vendors, and advertising partners. Notably, Noom collects sensitive health and biometric data — including weight, food intake, exercise habits, and health conditions — and uses this data for advertising and analytics purposes, which represents elevated risk beyond typical consumer app data practices. The policy engages GDPR (EU/EEA users), CCPA/CPRA (California residents), and potentially HIPAA-adjacent considerations given the nature of health data collected, though Noom disclaims HIPAA applicability as a non-covered entity. Material compliance considerations include the adequacy of consent mechanisms for sensitive health data processing, cross-border data transfers under GDPR Chapter V, and California's treatment of health data under the California Consumer Privacy Act as amended by CPRA.

Evidence Provenance

Captured April 19, 2026 06:18 UTC

Document ID CA-D-000397

Version ID CA-V-000753

Source URL https://www.noom.com/noom-privacy-policy/

Wayback Machine View archived versions →

SHA-256 fda3dc10dae1f5bff4e6c09096e6999baa24395c2dd36eadf4b77fef91c03e0f

✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Cryptographically signed

Institutional Analysis

🔒 Institutional analysis locked

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Upgrade to Professional — $149/mo

Change Timeline

April 3, 2026 — Document updated low

Noom updated their Privacy Policy on April 3, 2026, adding brief summary statements at the top of key sections to make it easier to understand what data is collected, how it is used, and how it is shared. The policy now opens with a short overview explaining what the document covers before diving into details. These additions improve transparency by giving users a quick snapshot of Noom's data practices without requiring them to read every word.

24 added · 12 modified
View diff → View full record →
856e9488…
March 24, 2026 — Initial capture

Initial snapshot — monitoring begins

6206ebec…

View full version history (0 captures) →

Analyzed Changes

1 change analyzed since monitoring began.

Updated April 3, 2026

low

What changed Noom updated their Noom Privacy Policy on April 03, 2026. Change detected: 24 sentence(s) added, 12 sentence(s) modified. Document contained 176 sentences after update.

Consumer impact Noom added short summary statements at the beginning of major policy sections, making it quicker for users to understand what personal and health data is collected, how it is used for personalization and marketing, and who it is shared with. These summaries do not change your underlying rights or Noom's data practices — they simply make the existing policy easier to navigate. You can review the updated policy at Noom's website to confirm the summaries accurately reflect the full section text.

Why it matters Noom added plain-language summaries to help users quickly understand how their personal and health data is collected, used, and shared without reading the full policy. While no rights were removed, the explicit acknowledgment of health data collection in the summaries is worth noting for users who share sensitive health information with the app.

Recent Clause-Level Changes Apr 3, 2026

8 provisions unchanged.

View full change record →

High Severity — 4 provisions

Sensitive Health Data Collection

Noom collects very personal health details including your weight, what you eat, how much you exercise, your sleep patterns, and any health conditions or medications you voluntarily enter into the app.

Added April 28, 2026
Third-Party Advertising and Analytics Data Sharing

Noom shares your personal data, potentially including health information, with advertising companies to show you targeted ads both inside and outside the Noom app.

Added April 28, 2026
Cross-Border Data Transfers

If you use Noom from outside the US — including from Europe — your health data is transferred to and stored in the United States, where privacy protections may be weaker than in your home country.

Added April 28, 2026
Use of Cookies and Tracking Technologies

Noom and its advertising partners use cookies and tracking pixels to monitor your activity on the platform and across the web, using this data to show you targeted advertisements.

Added April 28, 2026

Medium Severity — 3 provisions

Data Retention After Account Deletion

When you delete your Noom account, Noom may keep some of your personal data — including health information — for an unspecified period for legal or business reasons.

Added April 28, 2026
User Rights — Access, Correction, Deletion, Portability

Depending on your location, you have rights to see, correct, delete, and download your personal data that Noom holds, and to object to how Noom processes it.

Added April 28, 2026
Children's Data Exclusion

Noom's app is not intended for children under 13, and Noom says it does not knowingly collect data from children under 13 — but there is no active age verification mechanism described.

Added April 28, 2026

Cross-platform context

See how other platforms handle Collection of Sensitive Health Data and similar clauses.

Compare across platforms →

Applicable Regulations

CCPA/CPRA

California, USA

CFAA

United States Federal

CAN-SPAM

United States Federal

GDPR

European Union

HIPAA

United States Federal