Peloton collects detailed workout and body data from your equipment and app, including heart rate, performance statistics, and physical measurements you enter.
This analysis describes what Peloton's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Health and fitness data is among the most sensitive categories of personal information, and its collection through always-connected hardware means Peloton builds a detailed picture of your physical condition and activity over time.
Interpretive note: The exact verbatim policy text was not fully accessible due to HTML truncation; the excerpt above reflects the substance of Peloton's disclosed fitness data collection practices based on available document content.
Your heart rate, workout output, and body metrics are collected every time you use Peloton equipment or the app, and this data is stored and may be used for purposes beyond delivering your fitness experience, including advertising personalization.
How other platforms handle this
When you visit the Careers portion of our websites, we collect the information that you provide to us in connection with your job application. This includes but is not limited to business and personal contact information, professional credentials and skills, educational and work history and other in...
American does not knowingly collect personal information directly from children – persons under the age of 13, or another age if required by applicable law – other than when required to comply with the law or for safety and security reasons. Due to the nature of our Services, we may collect travel i...
We may collect information about your location, including precise geolocation information, when you use our Services. We use this information to provide location-based services, such as showing you products available in your area, and for other purposes described in this Privacy Policy.
Monitoring
Peloton has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We collect information about your fitness activity and health when you use our Products and Services, including workout history, performance data (such as output, cadence, resistance, and pace), heart rate data, and body metrics such as height and weight that you provide.— Excerpt from Peloton's Peloton Privacy Policy
REGULATORY LANDSCAPE: Fitness and health metrics including heart rate and body weight collected through consumer hardware are not covered by HIPAA because Peloton does not operate as a covered entity or business associate in the clinical sense. However, California's CPRA classifies health and medical information as sensitive personal information subject to additional use restrictions and a right to limit use. Illinois BIPA may be implicated if biometric identifiers such as heart rate patterns are processed in ways that constitute biometric data under that statute, though applicability is fact-specific. Washington's My Health MY Data Act and similar state-level health data laws may also engage depending on collection and use specifics. GOVERNANCE EXPOSURE: High. The collection of health-adjacent metrics through connected hardware at scale creates significant compliance exposure across multiple state privacy frameworks. The sensitivity of this data category, combined with its use for advertising purposes, heightens regulatory scrutiny risk particularly in California, Illinois, and Washington. JURISDICTION FLAGS: California residents have a CPRA right to limit use and disclosure of sensitive personal information including health data. EU and UK users benefit from GDPR Article 9 protections for health data, which require explicit consent for processing. Illinois users may have BIPA claims depending on the specific biometric processing involved. Washington state's My Health MY Data Act creates additional obligations for health data collected from Washington residents. CONTRACT AND VENDOR IMPLICATIONS: Any vendor or analytics partner receiving health and fitness data from Peloton's platform must be assessed for compliance with applicable health data frameworks. Data processing agreements should specify permissible uses of health metrics and restrict secondary use. Procurement teams should confirm that advertising technology partners are not receiving raw health metrics without adequate consent and contractual controls. COMPLIANCE CONSIDERATIONS: Compliance teams should conduct a data inventory to map which specific fitness metrics qualify as sensitive personal information under CPRA and analogous state laws. Consent mechanisms for health data processing should be reviewed for adequacy under GDPR Article 9 for EU and UK users. A legitimate interest assessment or consent review should confirm the legal basis for using health metrics in advertising personalization workflows.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Health and fitness data is among the most sensitive categories of personal information, and its collection through always-connected hardware means Peloton builds a detailed picture of your physical condition and activity over time.
Your heart rate, workout output, and body metrics are collected every time you use Peloton equipment or the app, and this data is stored and may be used for purposes beyond delivering your fitness experience, including advertising personalization.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Peloton.