This analysis describes what Oura's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy does not explicitly identify the legal mechanism (Standard Contractual Clauses, adequacy decision, or binding corporate rules) used to transfer personal data from the EU to the U.S., which is a material GDPR compliance gap following the Schrems II ruling.
Oura collects some of the most sensitive personal health data available, including biometric measurements, sleep quality, reproductive health indicators, and location, and uses this data to provide services, improve its products, and support marketing. Users who participate in the Oura Platform and share their data with employers, coaches, or researchers should be aware that Oura explicitly states it is not responsible for how those third parties process or secure that data once shared. You can review and adjust your data sharing settings in the Oura App, opt out of direct marketing, and withdraw consent for location tracking through your device's location permission settings.
How other platforms handle this
You will provide personal information directly to our website in the United States. We may also transfer personal information to our partners and service providers in the United States and other jurisdictions. Please note that such jurisdictions may not provide the same protections as the data prote...
Notion is based in the United States and the information we collect is governed by U.S. law. If you are accessing our Services from outside of the United States, please be aware that information collected through the Services may be transferred to, processed, stored, and used in the United States an...
Your personal information may be transferred to and processed in countries other than your country of residence, including Canada and the United States, where our servers are located and our central database is operated. These countries may have data protection laws that are different from those in ...
Monitoring
Oura has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"This Policy applies to processing of personal data by Oura Health Oy and Ouraring Inc. and its subsidiaries (collectively, "Oura") when you visit our web properties ("Sites"); use the Oura Ring with the Oura App, Oura on the Web, or use other Oura services ("Services").— Excerpt from Oura's Oura Privacy Policy
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy does not explicitly identify the legal mechanism (Standard Contractual Clauses, adequacy decision, or binding corporate rules) used to transfer personal data from the EU to the U.S., which is a material GDPR compliance gap following the Schrems II ruling.
ConductAtlas has identified this type of provision across 79 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Oura.