Peloton · Peloton Privacy Policy · View original document ↗

California Resident Rights (CCPA/CPRA)

Medium severity Medium confidence Inferredfromcontext Uncommon · 17 of 343 platforms
Share 𝕏 Share in Share 🔒 PDF
Monitor governance changes for Peloton Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.
Document Record

What it is

California residents have the right to see, delete, correct, and opt out of the sale of their personal information, including the right to limit how sensitive health data is used.

This analysis describes what Peloton's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

These rights give California users meaningful control over their Peloton data, including the ability to stop their fitness and health metrics from being used for advertising, which is particularly significant given the sensitivity of that data.

Interpretive note: The specific verbatim CCPA/CPRA rights language was not fully accessible due to HTML truncation; this reflects the substance of Peloton's disclosed California rights framework based on available document content.

Clause Stability Stable

0
Changes
3
Months Monitored
May 10, 2026
First Seen
May 22, 2026
Last Seen
This clause type exists across 3350 other provisions on other platforms.

Consumer impact (what this means for users)

California residents can exercise five distinct privacy rights under CPRA, including the right to opt out of advertising data sharing and the right to limit use of sensitive personal information such as health and fitness metrics collected through Peloton's hardware.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    Visit Peloton's privacy policy page and use the California privacy rights request link to submit a request to know, delete, correct, or limit your personal information. You will need to verify your identity as part of the process.

How other platforms handle this

Skillshare Medium

If you are a California resident, you have the right to: Know what personal information is being collected about you; Know whether your personal information is sold or disclosed and to whom; Say no to the sale of personal information; Access your personal information; Request deletion of your person...

Garmin Medium

If you are a California resident, you have the right to know what personal information we collect, use, and disclose about you; the right to request deletion of your personal information; the right to opt out of the sale or sharing of your personal information; the right to correct inaccurate person...

Grindr Medium

Depending on where you are located, you may have certain rights regarding your personal information, including the right to access, correct, delete, or restrict processing of your personal information, the right to data portability, and the right to object to or withdraw consent for certain processi...

See all platforms with this clause type →

Monitoring

Peloton has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
If you are a California resident, you have the right to know what personal information we collect about you, the right to delete personal information we have collected from you, the right to correct inaccurate personal information, the right to opt out of the sale or sharing of your personal information, and the right to limit the use and disclosure of sensitive personal information.

— Excerpt from Peloton's Peloton Privacy Policy

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

REGULATORY LANDSCAPE: This provision implements California Consumer Privacy Act and CPRA requirements, enforceable by the California Privacy Protection Agency (CPPA) and the California Attorney General. CPRA significantly expanded the original CCPA by adding the right to correct, the right to limit sensitive personal information use, and heightened obligations for sensitive data categories including health and medical information. Enforcement authority for CPRA rests with the CPPA, which became fully operational in 2023. GOVERNANCE EXPOSURE: Medium. California privacy rights provisions are well-established compliance requirements for companies of Peloton's scale. Key governance risks include ensuring that rights request mechanisms function correctly at scale, that response timelines of 45 days (extendable to 90) are met, and that the opt-out of sale and sharing is technically implemented including GPC signal processing. JURISDICTION FLAGS: This provision applies specifically to California residents. Users in other states with comprehensive privacy laws including Virginia CDPA, Colorado CPA, Connecticut CTDPA, and Texas TDPSA have analogous rights that may also require Peloton to provide access, deletion, and opt-out mechanisms, though these are governed by separate legal frameworks. The CPRA's sensitive personal information provisions are particularly relevant given Peloton's collection of health and fitness data. CONTRACT AND VENDOR IMPLICATIONS: Third-party service providers and contractors receiving California consumer data must be bound by contracts that prohibit selling or sharing data and require the same privacy protections as Peloton. Advertising partners receiving data for cross-context behavioral advertising must be identified in data flow mapping to ensure opt-out signals are passed correctly. COMPLIANCE CONSIDERATIONS: The rights request intake and fulfillment process should be audited to confirm that all five CPRA rights are operationally supported. The sensitive personal information limitation right should be technically implemented to restrict use of health metrics to service delivery purposes when invoked. GPC signal detection and processing should be technically verified across the website and app. Annual data broker registration obligations under California law should be confirmed if applicable.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Monitor free for 14 days

Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.

Applicable agencies

  • State AG
    The California Attorney General and California Privacy Protection Agency enforce CCPA and CPRA rights for California residents.
    File a complaint →

Applicable regulations

BIPA
Illinois, USA
CCPA/CPRA
California, USA
Connecticut Data Privacy Act Amendments
US-CT
CAN-SPAM
United States Federal
FTC Act Section 5
United States Federal
GDPR
European Union
HIPAA
United States Federal
Indiana Consumer Data Protection Act
US-IN
Kentucky Consumer Data Protection Act
US-KY
Universal Opt-Out Mechanism Expansion 2026
US

Provision details

Document information
Document
Peloton Privacy Policy
Entity
Peloton
Document last updated
May 5, 2026
Tracking information
First tracked
April 27, 2026
Last verified
May 10, 2026
Record ID
CA-P-009135
Document ID
CA-D-00220
Evidence Provenance
Source URL
Wayback Machine
Content hash (SHA-256)
e8fc8cb11b93438deea6ca6a3b9483b48da9e48c1c70373df9d2737b0d73f818
Analysis generated
April 27, 2026 14:37 UTC
Methodology
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: Peloton
Document: Peloton Privacy Policy
Record ID: CA-P-009135
Captured: 2026-04-27 14:37:01 UTC
SHA-256: e8fc8cb11b93438d…
URL: https://conductatlas.com/platform/peloton/peloton-privacy-policy/california-resident-rights-ccpacpra/
Accessed: July 1, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
Medium
Categories

Other risks in this policy

Related Analysis

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Start Compliance free trial

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Peloton's California Resident Rights (CCPA/CPRA) clause do?

These rights give California users meaningful control over their Peloton data, including the ability to stop their fitness and health metrics from being used for advertising, which is particularly significant given the sensitivity of that data.

How does this clause affect you?

California residents can exercise five distinct privacy rights under CPRA, including the right to opt out of advertising data sharing and the right to limit use of sensitive personal information such as health and fitness metrics collected through Peloton's hardware.

How many platforms have this type of clause?

ConductAtlas has identified this type of provision across 17 platforms. See the full comparison.

Is ConductAtlas affiliated with Peloton?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Peloton.