Peloton · Peloton Privacy Policy

Cross-Border Data Transfers

High severity
Share 𝕏 Share in Share 🔒 PDF

What it is

Your personal data may be moved to the US or other countries that may have weaker privacy protections than your home country, and by using Peloton you are treated as having agreed to this.

Consumer impact (what this means for users)

Your fitness and personal data collected in the EU or UK may be transferred to the US and shared with US-based advertising and analytics vendors, where legal protections may be weaker — and Peloton's consent mechanism for this transfer may not be legally adequate under GDPR.

Cross-platform context

See how other platforms handle Cross-Border Data Transfers and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Relying on user 'consent' via continued use of the service as the legal basis for international data transfers is legally problematic under GDPR, which requires specific transfer mechanisms rather than general consent embedded in terms.

View original clause language
If you are located outside of the United States, please be aware that information we collect, including personal information, may be transferred to, stored, and processed in the United States and other countries where our service providers and partners operate. By using our Services, you consent to the transfer of your information to countries outside of your country of residence, which may have different data protection rules than those in your country.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: This provision directly implicates GDPR Chapter V (Arts. 44-49) governing international data transfers, including the requirement for adequacy decisions, Standard Contractual Clauses (SCCs, updated 2021), or Binding Corporate Rules; UK GDPR Chapter V and the UK International Data Transfer Agreement (IDTA); and the EU-US Data Privacy Framework (DPF, 2023) as the current primary transfer mechanism for US recipients. The CJEU Schrems II judgment (C-311/18) invalidated the previous Privacy Shield and imposed additional due diligence requirements on SCCs.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • State AG
    EU national data protection authorities and the UK ICO have enforcement jurisdiction over unlawful international data transfers under GDPR Chapter V and UK GDPR.
    File a complaint →

Provision details

Document information
Document
Peloton Privacy Policy
Entity
Peloton
Document last updated
April 29, 2026
Tracking information
First tracked
April 27, 2026
Last verified
April 27, 2026
Record ID
CA-P-003564
Document ID
CA-D-00220
Evidence Provenance
Source URL
https://www.onepeloton.com/privacy-policy
Wayback Machine
View archived versions →
SHA-256
e8fc8cb11b93438deea6ca6a3b9483b48da9e48c1c70373df9d2737b0d73f818
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Peloton | Document: Peloton Privacy Policy | Record: CA-P-003564
Captured: 2026-04-27 14:37:01 UTC | SHA-256: e8fc8cb11b93438d…
URL: https://conductatlas.com/platform/peloton/peloton-privacy-policy/cross-border-data-transfers/
Accessed: May 2, 2026
Classification
Severity
High
Categories
Unknown

Other provisions in this document