The policy discloses that Samsung Health and connected devices collect detailed health and fitness metrics including heart rate, sleep patterns, menstrual cycle data, stress levels, and blood oxygen levels.
This analysis describes what Samsung's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision identifies collection of health metrics that, while not covered by HIPAA in a consumer app context, are classified as sensitive personal information under CCPA/CPRA and subject to FTC guidance on health data. Menstrual cycle and reproductive health data have received specific regulatory and legislative attention since 2022.
New high-severity category explicitly collecting sensitive health data including menstrual cycle information through Samsung Health, representing significant expansion into intimate personal health monitoring.
View full change record →This provision establishes that Samsung Health and connected devices collect detailed health and biometric metrics. Under CCPA/CPRA, California residents have the right to limit the use of sensitive personal information, including health data, and to request deletion of this information.
How other platforms handle this
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.
With your permission, we may also receive data from your mobile device's health app (like Apple HealthKit or Google Health Connect), including hours of sleep and sleep goals. However, we do not infer any health-related characteristics from this information and only process it consistent with the pur...
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
Monitoring
Samsung has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Health and Fitness Information: Information about your health, fitness, and wellness, such as height, weight, heart rate, sleep patterns, menstrual cycle, stress levels, blood oxygen levels, and other health metrics that you provide or that are collected through Samsung devices and services such as Samsung Health.— Excerpt from Samsung's Samsung Privacy Policy
REGULATORY LANDSCAPE: Health and fitness data collected by consumer apps is generally not covered by HIPAA, but the FTC Act and FTC's 2024 Health Breach Notification Rule apply to health apps and connected devices. CCPA/CPRA classifies health data as sensitive personal information. State comprehensive privacy laws in Virginia, Colorado, Connecticut, and others impose consent requirements for processing sensitive health data. GOVERNANCE EXPOSURE: High. The collection of reproductive health data, including menstrual cycle information, has been subject to heightened FTC scrutiny and state legislative attention. The FTC's enforcement action against health data companies signals active monitoring of this category. JURISDICTION FLAGS: California CPRA, Virginia CDPA, Colorado CPA, Connecticut CTDPA, and Texas TDPSA all classify health data as sensitive personal information requiring heightened consent or opt-in mechanisms. Washington's My Health MY Data Act imposes additional requirements for consumer health data. CONTRACT AND VENDOR IMPLICATIONS: Data processing agreements with analytics and research partners receiving health data should be reviewed to confirm purpose limitations and data minimization obligations consistent with applicable state law sensitive data requirements. COMPLIANCE CONSIDERATIONS: Compliance teams should audit consent mechanisms for Samsung Health data collection, particularly for sensitive subcategories such as reproductive health and mental health metrics. Retention policies for health data should be documented and reviewed against applicable state law requirements.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision identifies collection of health metrics that, while not covered by HIPAA in a consumer app context, are classified as sensitive personal information under CCPA/CPRA and subject to FTC guidance on health data. Menstrual cycle and reproductive health data have received specific regulatory and legislative attention since 2022.
This provision establishes that Samsung Health and connected devices collect detailed health and biometric metrics. Under CCPA/CPRA, California residents have the right to limit the use of sensitive personal information, including health data, and to request deletion of this information.
ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Samsung.