Peloton · Peloton Terms of Service · View original document ↗

Fitness Data Collection and Use

High severity Medium confidence Explicitdocumentlanguage Unique · 0 of 343 platforms
Share 𝕏 Share in Share 🔒 PDF
Monitor governance changes for Peloton Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.
Document Record

What it is

Peloton collects detailed workout performance data including heart rate and output metrics from your connected equipment, and may share this with third parties as described in its Privacy Policy.

This analysis describes what Peloton's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

Fitness and health-related data is among the most sensitive categories of personal information, and its collection, use, and sharing are increasingly regulated under state biometric and health data privacy laws.

Interpretive note: The specific categories of fitness data collected and the third-party sharing scope are inferred from standard Peloton ToS and Privacy Policy structure due to document truncation; the full extent of data collection requires verification against the complete Privacy Policy.

Clause Stability Stable

0
Changes
3
Months Monitored
May 11, 2026
First Seen
May 22, 2026
Last Seen
This clause type exists across 3350 other provisions on other platforms.

Consumer impact (what this means for users)

Peloton collects granular workout data including heart rate metrics from your equipment, and this data may be shared with third parties; given the health-sensitive nature of this data, you should review Peloton's Privacy Policy separately for full details on how it is used and shared.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    Contact Peloton's privacy team at privacy@onepeloton.com to request deletion of your personal data, including workout and health metrics, or to exercise other data rights. California and Washington residents may have additional rights under state law.

How other platforms handle this

Ledger Medium

At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.

Strava Medium

If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.

eBay Medium

We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.

See all platforms with this clause type →

Monitoring

Peloton has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
When you use the Service, Peloton may collect information about your workouts, including duration, output, heart rate, cadence, resistance, and other performance metrics. This information is used to provide and improve the Service, personalize your experience, and may be shared with third parties as described in our Privacy Policy.

— Excerpt from Peloton's Peloton Terms of Service

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

(1) REGULATORY LANDSCAPE: Fitness and health performance data collected from connected devices engages an evolving patchwork of state health data privacy laws, including the Washington My Health MY Data Act, which applies to health data including fitness metrics from consumers in Washington state. Illinois BIPA may be implicated if any biometric identifiers, such as heart rate patterns used for identification, are processed. CCPA and CPRA designate health and fitness data as sensitive personal information subject to heightened protections and opt-out rights for California residents. HIPAA is generally not applicable to Peloton as a fitness company rather than a covered healthcare entity, but the regulatory boundary should be confirmed. (2) GOVERNANCE EXPOSURE: High. The combination of connected hardware that collects continuous biometric-adjacent data with a social community platform and third-party data sharing creates significant regulatory exposure as state health data privacy laws proliferate. The Washington My Health My Data Act, in particular, has a private right of action and broad definitions of health data that may encompass fitness metrics. (3) JURISDICTION FLAGS: Washington state residents have the most robust statutory protections for health data, with a private right of action under the My Health My Data Act. California residents have CCPA/CPRA rights to opt out of the sale or sharing of sensitive personal information, including health and fitness data. Illinois residents may have BIPA rights if biometric data processing occurs. EU users have GDPR Article 9 protections for health data as a special category requiring explicit consent. (4) CONTRACT AND VENDOR IMPLICATIONS: Any third-party data sharing described in the Privacy Policy that involves fitness or health data requires assessment under applicable state health data laws and GDPR. Vendor agreements with third-party analytics or advertising partners must include appropriate data processing terms that account for the health-sensitive nature of the data. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should conduct a data mapping exercise to identify all fitness and health metrics collected from Peloton hardware and apps, confirm the legal basis for collection and sharing in each jurisdiction, and assess whether current consent mechanisms meet the requirements of Washington's My Health My Data Act, California's CPRA, and GDPR Article 9 for EU users. The Privacy Policy referenced in the ToS should be reviewed in conjunction with these terms.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Monitor free for 14 days

Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.

Applicable agencies

  • FTC
    The FTC has authority over consumer data practices and may evaluate whether Peloton's fitness data collection and sharing practices meet consumer protection standards
    File a complaint →
  • State AG
    State attorneys general in Washington, California, and Illinois have enforcement authority over health data privacy, CCPA/CPRA, and BIPA, all of which may apply to Peloton's fitness data practices
    File a complaint →

Applicable regulations

BIPA
Illinois, USA
CCPA/CPRA
California, USA
Connecticut Data Privacy Act Amendments
US-CT
CAN-SPAM
United States Federal
FTC Act Section 5
United States Federal
GDPR
European Union
HIPAA
United States Federal
Indiana Consumer Data Protection Act
US-IN
Kentucky Consumer Data Protection Act
US-KY
Universal Opt-Out Mechanism Expansion 2026
US

Provision details

Document information
Document
Peloton Terms of Service
Entity
Peloton
Document last updated
May 5, 2026
Tracking information
First tracked
April 27, 2026
Last verified
May 11, 2026
Record ID
CA-P-010129
Document ID
CA-D-00219
Evidence Provenance
Source URL
Wayback Machine
Content hash (SHA-256)
c5b72ce6bff78fb2f65204125ae822c89db06c36e1d38034329bab78083bd877
Analysis generated
April 27, 2026 14:32 UTC
Methodology
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: Peloton
Document: Peloton Terms of Service
Record ID: CA-P-010129
Captured: 2026-04-27 14:32:49 UTC
SHA-256: c5b72ce6bff78fb2…
URL: https://conductatlas.com/platform/peloton/peloton-terms-of-service/fitness-data-collection-and-use/
Accessed: July 4, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
High
Categories

Other risks in this policy

Related Analysis

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Start Compliance free trial

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Peloton's Fitness Data Collection and Use clause do?

Fitness and health-related data is among the most sensitive categories of personal information, and its collection, use, and sharing are increasingly regulated under state biometric and health data privacy laws.

How does this clause affect you?

Peloton collects granular workout data including heart rate metrics from your equipment, and this data may be shared with third parties; given the health-sensitive nature of this data, you should review Peloton's Privacy Policy separately for full details on how it is used and shared.

Is ConductAtlas affiliated with Peloton?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Peloton.