Noom may transfer your data to countries outside your own, including the US, which may have less protective privacy laws than your home country.
This analysis describes what Noom's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The provision establishes the operational scope of Noom's data processing infrastructure by authorizing cross-border data transfers without requiring prior user consent for each transfer or limiting transfers to countries with equivalent data protection laws. This framework permits Noom to process data globally while maintaining a single standard of protection tied to its stated Privacy Policy rather than local jurisdiction requirements.
Interpretive note: The policy does not specify which transfer mechanism is used for EU/UK to US data transfers, creating uncertainty about whether GDPR Chapter V requirements are fully satisfied.
If you are an EU or UK user, your health and personal data may be transferred to the United States, where it is subject to US law rather than GDPR; Noom states it takes appropriate safeguards but does not specify the transfer mechanism used, such as Standard Contractual Clauses.
How other platforms handle this
Tabnine is headquartered in the United States and operates globally. If you are located outside the United States, your personal data may be transferred to and processed in the United States or other countries that may not provide the same level of data protection as your home country. We rely on ap...
Pinterest, Inc. is based in the US. If you live outside the US, your information will be transferred to and processed in the US and other countries where our partners, service providers, and affiliates operate. We use approved data transfer mechanisms, including standard contractual clauses, to ensu...
If you are a resident in the EEA, Switzerland or the UK, then these countries may not necessarily have data protection laws or other similar laws as comprehensive as those in your country. We may transfer Personal Information from the EEA, Switzerland or the UK to the U.S. and other third countries ...
Monitoring
Noom has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Your information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different from the laws of your country. We take appropriate safeguards to ensure that your personal information remains protected in accordance with this Privacy Policy.— Excerpt from Noom's Noom Privacy Policy
REGULATORY LANDSCAPE: GDPR Chapter V restricts transfers of personal data to third countries unless an adequate level of protection is ensured; Standard Contractual Clauses, the EU-US Data Privacy Framework, and adequacy decisions are the primary lawful transfer mechanisms; the UK has its own International Data Transfer Agreement for post-Brexit transfers; the absence of specificity about the transfer mechanism used by Noom means the adequacy of protection is difficult for users or regulators to assess from the policy text alone. GOVERNANCE EXPOSURE: Medium. The vague reference to appropriate safeguards without specifying the legal mechanism creates compliance uncertainty; European supervisory authorities and the UK ICO have taken enforcement action against companies that cannot demonstrate valid transfer mechanisms, particularly for sensitive data categories. JURISDICTION FLAGS: EU/EEA (GDPR Chapter V, enforced by lead supervisory authority and local DPAs); UK (UK GDPR and ICO International Data Transfer requirements); transfers of health data attract heightened scrutiny given special category status. CONTRACT AND VENDOR IMPLICATIONS: Noom's agreements with US-based advertising, analytics, and service provider partners should include SCCs or rely on the EU-US Data Privacy Framework where applicable; legal teams should confirm transfer mechanisms are current following post-Schrems II requirements. COMPLIANCE CONSIDERATIONS: The privacy policy should be updated to specify the legal mechanism used for international transfers; a transfer impact assessment may be warranted for transfers of health data to the US; EU and UK users should be informed of the specific safeguards in place so they can make informed decisions about providing sensitive health data.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The provision establishes the operational scope of Noom's data processing infrastructure by authorizing cross-border data transfers without requiring prior user consent for each transfer or limiting transfers to countries with equivalent data protection laws. This framework permits Noom to process data globally while maintaining a single standard of protection tied to its stated Privacy Policy rather than local jurisdiction requirements.
If you are an EU or UK user, your health and personal data may be transferred to the United States, where it is subject to US law rather than GDPR; Noom states it takes appropriate safeguards but does not specify the transfer mechanism used, such as Standard Contractual Clauses.
ConductAtlas has identified this type of provision across 48 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Noom.