California residents have the right to see, delete, correct, and opt out of the sale of their personal information, including the right to limit how sensitive health data is used.
This analysis describes what Peloton's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
These rights give California users meaningful control over their Peloton data, including the ability to stop their fitness and health metrics from being used for advertising, which is particularly significant given the sensitivity of that data.
Interpretive note: The specific verbatim CCPA/CPRA rights language was not fully accessible due to HTML truncation; this reflects the substance of Peloton's disclosed California rights framework based on available document content.
California residents can exercise five distinct privacy rights under CPRA, including the right to opt out of advertising data sharing and the right to limit use of sensitive personal information such as health and fitness metrics collected through Peloton's hardware.
Cross-platform context
See how other platforms handle California Resident Rights (CCPA/CPRA) and similar clauses.
Compare across platforms →Monitoring
Peloton has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"If you are a California resident, you have the right to know what personal information we collect about you, the right to delete personal information we have collected from you, the right to correct inaccurate personal information, the right to opt out of the sale or sharing of your personal information, and the right to limit the use and disclosure of sensitive personal information.— Excerpt from Peloton's Peloton Privacy Policy
REGULATORY LANDSCAPE: This provision implements California Consumer Privacy Act and CPRA requirements, enforceable by the California Privacy Protection Agency (CPPA) and the California Attorney General. CPRA significantly expanded the original CCPA by adding the right to correct, the right to limit sensitive personal information use, and heightened obligations for sensitive data categories including health and medical information. Enforcement authority for CPRA rests with the CPPA, which became fully operational in 2023. GOVERNANCE EXPOSURE: Medium. California privacy rights provisions are well-established compliance requirements for companies of Peloton's scale. Key governance risks include ensuring that rights request mechanisms function correctly at scale, that response timelines of 45 days (extendable to 90) are met, and that the opt-out of sale and sharing is technically implemented including GPC signal processing. JURISDICTION FLAGS: This provision applies specifically to California residents. Users in other states with comprehensive privacy laws including Virginia CDPA, Colorado CPA, Connecticut CTDPA, and Texas TDPSA have analogous rights that may also require Peloton to provide access, deletion, and opt-out mechanisms, though these are governed by separate legal frameworks. The CPRA's sensitive personal information provisions are particularly relevant given Peloton's collection of health and fitness data. CONTRACT AND VENDOR IMPLICATIONS: Third-party service providers and contractors receiving California consumer data must be bound by contracts that prohibit selling or sharing data and require the same privacy protections as Peloton. Advertising partners receiving data for cross-context behavioral advertising must be identified in data flow mapping to ensure opt-out signals are passed correctly. COMPLIANCE CONSIDERATIONS: The rights request intake and fulfillment process should be audited to confirm that all five CPRA rights are operationally supported. The sensitive personal information limitation right should be technically implemented to restrict use of health metrics to service delivery purposes when invoked. GPC signal detection and processing should be technically verified across the website and app. Annual data broker registration obligations under California law should be confirmed if applicable.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
These rights give California users meaningful control over their Peloton data, including the ability to stop their fitness and health metrics from being used for advertising, which is particularly significant given the sensitivity of that data.
California residents can exercise five distinct privacy rights under CPRA, including the right to opt out of advertising data sharing and the right to limit use of sensitive personal information such as health and fitness metrics collected through Peloton's hardware.
ConductAtlas has identified this type of provision across 15 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Peloton.