What can I do about this clause?

{'method': 'EMAIL', 'recipient': 'privacy@noom.com', 'difficulty': 'EASY', 'action_type': 'EXPORT_DATA', 'instructions': 'Email privacy@noom.com to submit a data subject access request (DSAR). Identify yourself as an EU or UK resident, specify the rights you wish to exercise (access, portability, deletion, etc.), and include your account email. Noom must respond within 30 days under GDPR.', 'deadline_days': 30, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'State_AG', 'reason': 'While GDPR is enforced by EU/UK data protection authorities rather than US agencies, EU residents may also contact their national supervisory authority; US state AGs cover analogous state-level rights.', 'complaint_url': 'https://www.naag.org/find-my-ag/'}

What is the severity of this clause?

ConductAtlas classifies this User Rights for EU and UK Residents (GDPR) clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

User Rights for EU and UK Residents (GDPR) — Noom

Share 𝕏 Share in Share 🔒 PDF

Monitor governance changes for Noom Create a free account to receive the weekly governance digest and monitor one platform for governance changes.

Create free account No credit card required.

Document Record

What it is

Users in the European Union and United Kingdom have additional rights under GDPR/UK GDPR, including rights to access, correct, delete, restrict processing, and port their personal data.

ⓘ

This analysis describes what Noom's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

This provision operationalizes statutory GDPR rights by designating a specific contact mechanism and establishing procedures through which residents can exercise data access, correction, deletion, portability, consent withdrawal, and processing objection rights. The clause creates an institutional framework for responding to data subject requests.

Consumer impact (what this means for users)

EU and UK Noom users can exercise legally enforceable rights to control their personal data, including requesting a copy of all data held, correction of inaccurate data, or full deletion — and Noom must respond within statutory deadlines.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Export Your Data
Within 30 days
Email privacy@noom.com to submit a data subject access request (DSAR). Identify yourself as an EU or UK resident, specify the rights you wish to exercise (access, portability, deletion, etc.), and include your account email. Noom must respond within 30 days under GDPR.

How other platforms handle this

Tabnine Medium

Depending on your location, you may have certain rights regarding your personal data, including the right to access, correct, delete, or port your data, the right to restrict or object to processing, and where processing is based on consent, the right to withdraw consent at any time. California resi...

Coinbase Medium

If you are located in the European Economic Area or the United Kingdom, you have certain rights with respect to your personal information under applicable data protection law, including the right to access, rectify, or erase your personal information; the right to restrict or object to processing; a...

OpenAI Medium

Depending on where you live, you may have certain statutory rights in relation to your Personal Data. For example, you may have the right to: Access your Personal Data and information relating to how it is processed. Rectify or update your Personal Data. Delete your Personal Data from our records. R...

See all platforms with this clause type →

Monitoring

Noom has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.

Start Watcher free trial Or create a free account →

▸ View Original Clause Language DOCUMENT RECORD

"
You can request access to, and rectification or erasure of, your information by contacting us at GDPRsupport@noom.com using the email address tied to your Noom account; If any automated processing of your information is based on your consent or a contract with you, you have a right to transfer or receive a copy of the personal data in a usable and portable format; If the processing of your information is based on your consent, you can withdraw consent at any time for future processing; You can object to, or obtain a restriction of, the processing of your information under certain circumstances.

— Excerpt from Noom's Noom Privacy Policy

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

GDPR and UK GDPR impose Article 9 heightened obligations for health data as a special category, requiring explicit consent or another valid legal basis. The adequacy of Noom's consent mechanisms, data transfer safeguards for cross-border flows from the EU/UK to the US, and appointment of an EU/UK representative should be reviewed for compliance.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Watcher free for 14 days

Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.

Applicable agencies

State AG

While GDPR is enforced by EU/UK data protection authorities rather than US agencies, EU residents may also contact their national supervisory authority; US state AGs cover analogous state-level rights.
File a complaint →

Applicable regulations

CCPA/CPRA

California, USA

Connecticut Data Privacy Act Amendments

US-CT

CAN-SPAM

United States Federal

FTC Act Section 5

United States Federal

GDPR

European Union

HIPAA

United States Federal

Indiana Consumer Data Protection Act

US-IN

Kentucky Consumer Data Protection Act

US-KY

Universal Opt-Out Mechanism Expansion 2026

Provision details

Document information

Document

Noom Privacy Policy

Entity

Noom

Document last updated

May 5, 2026

Tracking information

First tracked

March 24, 2026

Last verified

March 24, 2026

Record ID

CA-P-001848

Document ID

CA-D-00397

Evidence Provenance

Source URL

https://www.noom.com/noom-privacy-policy/

Wayback Machine

View archived versions →

Content hash (SHA-256)

a0379f647f8b25f93b2d2c66eb4a79effe9179862952dd8f6dbf28df7f5e2b61

Analysis generated

March 24, 2026 07:12 UTC

Methodology

summarize_document-v7

Evidence

✓ Snapshot stored ✓ Hash verified

Citation Record

Entity: Noom
Document: Noom Privacy Policy
Record ID: CA-P-001848
Captured: 2026-03-24 07:12:11 UTC
SHA-256: a0379f647f8b25f9…
URL: https://conductatlas.com/platform/noom/noom-privacy-policy/user-rights-for-eu-and-uk-residents-gdpr/
Accessed: May 20, 2026

Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.

Classification

Severity

Medium

Other risks in this policy

Collection of Sensitive Health Data high
Sharing Data with Advertising and Analytics Partners high
Do Not Sell or Share My Personal Information (CCPA/CPRA Opt-Out) medium
Data Retention Policy medium
Children's Privacy (Under 13) medium
Use of Cookies and Tracking Technologies medium

Professional Governance Intelligence

Need to monitor specific governance provisions?

Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies

Start Professional free trial

Or start with Watcher →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Noom's User Rights for EU and UK Residents (GDPR) clause do?

How does this clause affect you?

Is ConductAtlas affiliated with Noom?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Noom.