Peloton · Peloton Privacy Policy

Collection of Health-Adjacent Fitness Data

High severity
Share 𝕏 Share in Share 🔒 PDF

What it is

Peloton records detailed physical performance data from your workouts, including your heart rate and power output, every time you use their equipment or app.

Consumer impact (what this means for users)

Your heart rate, cadence, and workout output data are collected and stored by Peloton, and may be shared with third parties including advertisers — this goes beyond what most users expect from a fitness device.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    Email privacy@onepeloton.com to request deletion of your fitness and health data. Specify that you want all workout metrics including heart rate data deleted from Peloton's systems and third-party recipients.

Cross-platform context

See how other platforms handle Collection of Health-Adjacent Fitness Data and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Heart rate and physiological fitness metrics are considered health-proximate data and may be subject to heightened legal protections under emerging US state health data laws and GDPR Article 9.

View original clause language
We collect information related to your use of our Products and Services, including workout data such as heart rate, cadence, speed, output, and other performance metrics captured by Peloton hardware and software during your workouts.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: This provision implicates GDPR Art. 9 (special categories of personal data — health data) enforced by EU/EEA supervisory authorities; Washington My Health MY Data Act (RCW 70.372) enforced by the Washington AG; CCPA/CPRA §1798.121 (sensitive personal information — health data) enforced by the CPPA; and FTC Act Section 5 for deceptive data practices enforced by the FTC. The characterization of heart rate data as health information is increasingly supported by regulatory guidance.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • FTC
    The FTC has enforcement authority over deceptive or unfair practices involving health and fitness data under FTC Act Section 5, and has precedent enforcement actions in this area.
    File a complaint →

Provision details

Document information
Document
Peloton Privacy Policy
Entity
Peloton
Document last updated
April 29, 2026
Tracking information
First tracked
April 27, 2026
Last verified
April 27, 2026
Record ID
CA-P-003560
Document ID
CA-D-00220
Evidence Provenance
Source URL
https://www.onepeloton.com/privacy-policy
Wayback Machine
View archived versions →
SHA-256
e8fc8cb11b93438deea6ca6a3b9483b48da9e48c1c70373df9d2737b0d73f818
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Peloton | Document: Peloton Privacy Policy | Record: CA-P-003560
Captured: 2026-04-27 14:37:01 UTC | SHA-256: e8fc8cb11b93438d…
URL: https://conductatlas.com/platform/peloton/peloton-privacy-policy/collection-of-health-adjacent-fitness-data/
Accessed: May 2, 2026
Classification
Severity
High
Categories
Unknown

Other provisions in this document