Noom may transfer your data to countries outside your own, including the US, which may have less protective privacy laws than your home country.
This analysis describes what Noom's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
For EU and UK users, transferring health data to the US requires specific legal safeguards, and the adequacy of those safeguards is a live area of regulatory scrutiny.
Interpretive note: The policy does not specify which transfer mechanism is used for EU/UK to US data transfers, creating uncertainty about whether GDPR Chapter V requirements are fully satisfied.
If you are an EU or UK user, your health and personal data may be transferred to the United States, where it is subject to US law rather than GDPR; Noom states it takes appropriate safeguards but does not specify the transfer mechanism used, such as Standard Contractual Clauses.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
Your personal information may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction.
Your personal information may be transferred to, stored, and processed in the United States or other countries outside of your country of residence, which may have data protection laws that are different from those in your country.
Monitoring
Noom has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Your information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different from the laws of your country. We take appropriate safeguards to ensure that your personal information remains protected in accordance with this Privacy Policy.— Excerpt from Noom's Noom Privacy Policy
REGULATORY LANDSCAPE: GDPR Chapter V restricts transfers of personal data to third countries unless an adequate level of protection is ensured; Standard Contractual Clauses, the EU-US Data Privacy Framework, and adequacy decisions are the primary lawful transfer mechanisms; the UK has its own International Data Transfer Agreement for post-Brexit transfers; the absence of specificity about the transfer mechanism used by Noom means the adequacy of protection is difficult for users or regulators to assess from the policy text alone. GOVERNANCE EXPOSURE: Medium. The vague reference to appropriate safeguards without specifying the legal mechanism creates compliance uncertainty; European supervisory authorities and the UK ICO have taken enforcement action against companies that cannot demonstrate valid transfer mechanisms, particularly for sensitive data categories. JURISDICTION FLAGS: EU/EEA (GDPR Chapter V, enforced by lead supervisory authority and local DPAs); UK (UK GDPR and ICO International Data Transfer requirements); transfers of health data attract heightened scrutiny given special category status. CONTRACT AND VENDOR IMPLICATIONS: Noom's agreements with US-based advertising, analytics, and service provider partners should include SCCs or rely on the EU-US Data Privacy Framework where applicable; legal teams should confirm transfer mechanisms are current following post-Schrems II requirements. COMPLIANCE CONSIDERATIONS: The privacy policy should be updated to specify the legal mechanism used for international transfers; a transfer impact assessment may be warranted for transfers of health data to the US; EU and UK users should be informed of the specific safeguards in place so they can make informed decisions about providing sensitive health data.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
For EU and UK users, transferring health data to the US requires specific legal safeguards, and the adequacy of those safeguards is a live area of regulatory scrutiny.
If you are an EU or UK user, your health and personal data may be transferred to the United States, where it is subject to US law rather than GDPR; Noom states it takes appropriate safeguards but does not specify the transfer mechanism used, such as Standard Contractual Clauses.
ConductAtlas has identified this type of provision across 55 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Noom.