Noom collects detailed health information including your weight, food logs, BMI, exercise habits, and sleep patterns when you use the app.
This analysis describes what Noom's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Health data is among the most sensitive categories of personal information; its collection and potential sharing creates meaningful privacy exposure for users.
Weight, food logs, BMI, and exercise data you enter into Noom are collected and may be used for purposes beyond delivering the service, including personalization and sharing with third parties. Users who are concerned about the sensitivity of this data should review Noom's data sharing practices and consider exercising deletion rights.
How other platforms handle this
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.
With your permission, we may also receive data from your mobile device's health app (like Apple HealthKit or Google Health Connect), including hours of sleep and sleep goals. However, we do not infer any health-related characteristics from this information and only process it consistent with the pur...
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
Monitoring
Noom has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We collect information you provide when you use our Services, including: Health and fitness information, such as height, weight, body mass index (BMI), food logs, exercise habits, sleep patterns, and other health-related information you choose to share with us.— Excerpt from Noom's Noom Privacy Policy
REGULATORY LANDSCAPE: Health and fitness data falls within the definition of sensitive personal information under CPRA for California residents, triggering additional rights and potential opt-in consent requirements; under GDPR, health data constitutes a special category of personal data under Article 9, requiring explicit consent or another enumerated lawful basis for processing; Washington State's My Health MY Data Act may also apply to the extent Noom collects consumer health data from Washington residents; the FTC has issued guidance on health data privacy and has taken enforcement action against health app operators under Section 5 of the FTC Act. GOVERNANCE EXPOSURE: High. The collection of weight, food logs, BMI, and behavioral health patterns from a large consumer base creates significant regulatory exposure across multiple US state privacy frameworks and GDPR; the breadth of health data categories collected, combined with downstream sharing with third parties, represents a materially elevated compliance obligation relative to non-health applications. JURISDICTION FLAGS: California (CPRA sensitive data provisions), Washington State (My Health MY Data Act), EU/EEA (GDPR Article 9 special categories), UK (UK GDPR equivalent provisions); users in these jurisdictions have heightened rights and the applicable legal standards for processing this data are more stringent than general personal data. CONTRACT AND VENDOR IMPLICATIONS: Any vendor or employer procuring Noom as a wellness solution should assess whether health data collected by Noom flows into their own data ecosystems; data processing agreements with Noom should specify restrictions on secondary use of employee health data; procurement teams should verify that Noom's vendor contracts with downstream analytics and advertising partners include appropriate health data protections. COMPLIANCE CONSIDERATIONS: Compliance teams should conduct a data mapping exercise to confirm all health data categories collected are accurately reflected in Records of Processing Activities; consent mechanisms for health data collection should be reviewed to confirm they satisfy the explicit consent standard under GDPR and opt-in requirements under applicable US state laws; a data protection impact assessment (DPIA) may be warranted given the sensitivity of the data processed at scale.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Health data is among the most sensitive categories of personal information; its collection and potential sharing creates meaningful privacy exposure for users.
Weight, food logs, BMI, and exercise data you enter into Noom are collected and may be used for purposes beyond delivering the service, including personalization and sharing with third parties. Users who are concerned about the sensitivity of this data should review Noom's data sharing practices and consider exercising deletion rights.
ConductAtlas has identified this type of provision across 2 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Noom.