The policy states that Oura does not sell personal data, which under CCPA/CPRA includes the exchange of personal information for monetary or other valuable consideration.
This analysis describes what Oura's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision asserts that Oura does not sell personal data; however, the policy separately discloses advertising-related data processing on behalf of partners using cookies and similar technologies, which may constitute 'sharing' of personal information for cross-context behavioral advertising under CPRA even if it does not meet the definition of 'sale.' Compliance teams should assess whether the advertising practices described elsewhere in the policy require a CPRA 'opt out of sharing' mechanism in addition to the no-sale representation.
Interpretive note: Whether Oura's cookie-based advertising practices constitute 'sharing' under CPRA is a legal determination that depends on the specific nature of the data exchanged with advertising partners, which is described in the Cookie Policy rather than this document.
The agreement states that Oura does not sell personal data. Separately, the policy discloses that Oura processes data for advertising on behalf of partners using cookie-based technologies, which may be subject to CPRA's opt-out-of-sharing requirements independent of the no-sale assertion.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
We use information to enhance the quality, reliability, and/or accuracy of our AI Features by creating, developing, training, testing, improving, and maintaining AI and ML models run by Strava or our service providers. We use aggregated, de-identified data for this purpose. We also use personal info...
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
Monitoring
Oura has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Oura does not sell your personal data.— Excerpt from Oura's Oura Privacy Policy
1) REGULATORY LANDSCAPE: CCPA/CPRA defines 'sale' as disclosure of personal information for monetary or other valuable consideration, and separately defines 'sharing' as disclosure for cross-context behavioral advertising regardless of monetary consideration. The no-sale assertion addresses the former but may not address the latter. The California Privacy Protection Agency is the primary enforcement authority. The FTC Act may also apply if the no-sale representation is materially misleading. 2) GOVERNANCE EXPOSURE: Medium. If cookie-based advertising audience creation on behalf of partners constitutes 'sharing' under CPRA, California residents would have a right to opt out of that sharing that is separate from the no-sale representation. The policy's opt-out mechanism for direct marketing may not fully satisfy the CPRA opt-out-of-sharing obligation. 3) JURISDICTION FLAGS: California residents are the primary affected group. Virginia, Colorado, Connecticut, and other states with comprehensive privacy laws have analogous concepts to CPRA sharing that may require opt-out mechanisms. 4) CONTRACT AND VENDOR IMPLICATIONS: Advertising and analytics vendor agreements should be reviewed to confirm whether data exchanges through cookie-based audience creation constitute 'sharing' under applicable state law and whether appropriate opt-out signal mechanisms (including Global Privacy Control) are implemented. 5) COMPLIANCE CONSIDERATIONS: Legal teams should assess whether the advertising data flows described in the Cookie Policy constitute 'sharing' under CPRA, ensure that a CPRA-compliant opt-out-of-sharing mechanism is operationally available to California residents, and confirm that the no-sale representation is accurate with respect to all data exchange relationships including those with advertising technology partners.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision asserts that Oura does not sell personal data; however, the policy separately discloses advertising-related data processing on behalf of partners using cookies and similar technologies, which may constitute 'sharing' of personal information for cross-context behavioral advertising under CPRA even if it does not meet the definition of 'sale.' Compliance teams should assess whether the advertising practices described elsewhere …
The agreement states that Oura does not sell personal data. Separately, the policy discloses that Oura processes data for advertising on behalf of partners using cookie-based technologies, which may be subject to CPRA's opt-out-of-sharing requirements independent of the no-sale assertion.
ConductAtlas has identified this type of provision across 2 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Oura.