Peloton collects detailed workout performance data including heart rate and output metrics from your connected equipment, and may share this with third parties as described in its Privacy Policy.
This analysis describes what Peloton's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The clause establishes the scope of fitness data collection and defines the permitted uses and recipient categories for that data. This provision creates the operational framework for data handling practices that directly affect service functionality and data flow to external parties.
Interpretive note: The specific categories of fitness data collected and the third-party sharing scope are inferred from standard Peloton ToS and Privacy Policy structure due to document truncation; the full extent of data collection requires verification against the complete Privacy Policy.
Peloton collects granular workout data including heart rate metrics from your equipment, and this data may be shared with third parties; given the health-sensitive nature of this data, you should review Peloton's Privacy Policy separately for full details on how it is used and shared.
How other platforms handle this
We collect information about how you use the Services, including your orders, browsing behavior, search queries, location data, and interactions with AI features, and we use this information to improve and personalize the Services, for analytics, and for advertising purposes as described in our Priv...
Your use of the Services is also governed by our Privacy Policy, which is incorporated into these Terms by reference. By using the Services, you consent to the data collection and use practices described in the Privacy Policy. Roblox collects information you provide directly, information collected a...
We collect information about you in a variety of ways depending on how you interact with us and our products and services. This includes information you provide directly, information we collect automatically when you use our services, and information we receive from third parties. We may collect ide...
Monitoring
Peloton has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"When you use the Service, Peloton may collect information about your workouts, including duration, output, heart rate, cadence, resistance, and other performance metrics. This information is used to provide and improve the Service, personalize your experience, and may be shared with third parties as described in our Privacy Policy.— Excerpt from Peloton's Peloton Terms of Service
(1) REGULATORY LANDSCAPE: Fitness and health performance data collected from connected devices engages an evolving patchwork of state health data privacy laws, including the Washington My Health MY Data Act, which applies to health data including fitness metrics from consumers in Washington state. Illinois BIPA may be implicated if any biometric identifiers, such as heart rate patterns used for identification, are processed. CCPA and CPRA designate health and fitness data as sensitive personal information subject to heightened protections and opt-out rights for California residents. HIPAA is generally not applicable to Peloton as a fitness company rather than a covered healthcare entity, but the regulatory boundary should be confirmed. (2) GOVERNANCE EXPOSURE: High. The combination of connected hardware that collects continuous biometric-adjacent data with a social community platform and third-party data sharing creates significant regulatory exposure as state health data privacy laws proliferate. The Washington My Health My Data Act, in particular, has a private right of action and broad definitions of health data that may encompass fitness metrics. (3) JURISDICTION FLAGS: Washington state residents have the most robust statutory protections for health data, with a private right of action under the My Health My Data Act. California residents have CCPA/CPRA rights to opt out of the sale or sharing of sensitive personal information, including health and fitness data. Illinois residents may have BIPA rights if biometric data processing occurs. EU users have GDPR Article 9 protections for health data as a special category requiring explicit consent. (4) CONTRACT AND VENDOR IMPLICATIONS: Any third-party data sharing described in the Privacy Policy that involves fitness or health data requires assessment under applicable state health data laws and GDPR. Vendor agreements with third-party analytics or advertising partners must include appropriate data processing terms that account for the health-sensitive nature of the data. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should conduct a data mapping exercise to identify all fitness and health metrics collected from Peloton hardware and apps, confirm the legal basis for collection and sharing in each jurisdiction, and assess whether current consent mechanisms meet the requirements of Washington's My Health My Data Act, California's CPRA, and GDPR Article 9 for EU users. The Privacy Policy referenced in the ToS should be reviewed in conjunction with these terms.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The clause establishes the scope of fitness data collection and defines the permitted uses and recipient categories for that data. This provision creates the operational framework for data handling practices that directly affect service functionality and data flow to external parties.
Peloton collects granular workout data including heart rate metrics from your equipment, and this data may be shared with third parties; given the health-sensitive nature of this data, you should review Peloton's Privacy Policy separately for full details on how it is used and shared.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Peloton.