What can I do about this clause?

{'method': 'EMAIL', 'recipient': 'privacy@noom.com', 'difficulty': 'EASY', 'action_type': 'DELETE_DATA', 'instructions': "Email privacy@noom.com with the subject 'Data Deletion Request' and include your account email address. Request deletion of all health data associated with your account.", 'deadline_days': None, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'FTC', 'reason': 'The FTC has enforcement authority over unfair or deceptive data practices involving sensitive health data shared with advertising partners under FTC Act Section 5.', 'complaint_url': 'https://reportfraud.ftc.gov/'}, {'agency': 'HHS_OCR', 'reason': 'While Noom is not a HIPAA-covered entity, HHS OCR is relevant for understanding the regulatory landscape for health data and may receive complaints related to health privacy expectations.', 'complaint_url': 'https://www.hhs.gov/ocr/complaints/index.html'}

What is the severity of this clause?

ConductAtlas classifies this Sensitive Health Data Collection clause as high severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Do other platforms have similar clauses?

Yes. ConductAtlas has identified similar Sensitive Health Data Collection clauses across approximately 1 other tracked platforms. You can compare how platforms differ on this clause type in the cross-platform comparison view.

Sensitive Health Data Collection — Noom

Share 𝕏 Share in Share 🔒 PDF

What it is

Noom collects very personal health details including your weight, what you eat, how much you exercise, your sleep patterns, and any health conditions or medications you voluntarily enter into the app.

Consumer impact (what this means for users)

Your weight, food logs, health conditions, and medications entered into Noom are collected and may be used for advertising and analytics, exposing highly sensitive personal health information to third parties beyond the core wellness service.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Delete Your Data

Email privacy@noom.com with the subject 'Data Deletion Request' and include your account email address. Request deletion of all health data associated with your account.

Cross-platform context

See how other platforms handle Sensitive Health Data Collection and similar clauses.

Compare across platforms →

Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Health data is among the most sensitive personal information you can share — it can affect insurance eligibility, employment, and personal privacy — and Noom retains and processes this data for purposes that include advertising.

View original clause language

We collect information you provide when you use our Services, including: Health and fitness information such as your height, weight, food and water intake, exercise activity, sleep, and other health-related information you choose to share with us. We may also collect information about health conditions, medications, and other sensitive health information if you choose to provide it.

Institutional analysis (Compliance & legal intelligence)

1. REGULATORY FRAMEWORK: Health data collected by Noom implicates GDPR Art. 9 (special categories of personal data requiring explicit consent), CCPA/CPRA §1798.121 (sensitive personal information including health data carries opt-out rights and heightened obligations), Washington My Health MY Data Act (broad definition of 'consumer health data' covers weight, diet, and conditions), and FTC Act Section 5 (deceptive practices if data use exceeds disclosed purposes). Noom is not a HIPAA-covered entity but state health privacy laws may independently apply. Primary enforcement: FTC, EU DPAs, CPPA, State AGs in WA, CT, CO. 2.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

FTC

The FTC has enforcement authority over unfair or deceptive data practices involving sensitive health data shared with advertising partners under FTC Act Section 5.
File a complaint →
Hhs Ocr

While Noom is not a HIPAA-covered entity, HHS OCR is relevant for understanding the regulatory landscape for health data and may receive complaints related to health privacy expectations.
File a complaint →

Provision details

Document information

Document

Noom Privacy Policy

Entity

Noom

Document last updated

April 29, 2026

Tracking information

First tracked

April 28, 2026

Last verified

April 28, 2026

Record ID

CA-P-003844

Document ID

CA-D-00397

Evidence Provenance

Source URL

https://www.noom.com/noom-privacy-policy/

Wayback Machine

View archived versions →

SHA-256

05252f553ca6864667d2e582f332534d7ecc993e8e01284deda5add6a0607bb0

Verified

✓ Snapshot stored ✓ Change verified

How to Cite

ConductAtlas Policy Archive
Entity: Noom | Document: Noom Privacy Policy | Record: CA-P-003844
Captured: 2026-04-28 06:52:27 UTC | SHA-256: 05252f553ca68646…
URL: https://conductatlas.com/platform/noom/noom-privacy-policy/sensitive-health-data-collection/
Accessed: May 2, 2026

Classification

Severity

High

Sensitive Health Data Collection