If WHOOP causes you harm, the most you can recover from them in most circumstances is either what you paid them in the last 12 months or $100, whichever is higher, and you generally cannot recover for lost data, privacy harms, or other non-direct losses.
This analysis describes what Whoop's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This cap means that even if WHOOP's mishandling of your sensitive health data causes significant harm, your financial recovery is likely limited to a relatively small dollar amount, which may not cover actual damages especially in data breach or privacy violation scenarios.
Interpretive note: Enforceability of the liability cap varies by jurisdiction; EU, UK, and California users may have statutory rights that override or limit this cap in practice.
If you suffer harm from WHOOP's service including loss of health data or a privacy breach, the agreement limits WHOOP's financial liability to the greater of your last 12 months of payments or $100, which may be far less than any actual harm you experience.
How other platforms handle this
TO THE MAXIMUM EXTENT PERMITTED BY LAW, NEITHER WHATNOT NOR ITS SERVICE PROVIDERS INVOLVED IN CREATING, PRODUCING, OR DELIVERING THE SERVICES WILL BE LIABLE FOR ANY INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES, OR DAMAGES FOR LOST PROFITS, LOST REVENUES, LOST SAVINGS, LOST BUSINESS OPPORT...
In no event will either party's aggregate liability arising out of or related to this Agreement exceed the total fees paid or payable by Customer in the twelve (12) months preceding the claim. In no event will either party be liable for any indirect, incidental, special, consequential, or punitive d...
Except as stated in Section L.3.b, the liability of each party, and its affiliates and licensors, for any damages arising out of or related to these Terms (i) excludes damages that are consequential, incidental, special, indirect, or exemplary damages, including lost profits, business, contracts, re...
Monitoring
Whoop has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL WHOOP BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR ANY LOSS OF PROFITS OR REVENUES, WHETHER INCURRED DIRECTLY OR INDIRECTLY, OR ANY LOSS OF DATA, USE, GOODWILL, OR OTHER INTANGIBLE LOSSES, RESULTING FROM YOUR ACCESS TO OR USE OF OR INABILITY TO ACCESS OR USE THE SERVICE. IN NO EVENT WILL WHOOP'S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THESE TERMS EXCEED THE GREATER OF (A) THE AMOUNTS YOU HAVE PAID TO WHOOP FOR THE SERVICE IN THE TWELVE (12) MONTH PERIOD PRIOR TO THE EVENT GIVING RISE TO THE LIABILITY, OR (B) ONE HUNDRED DOLLARS ($100).— Excerpt from Whoop's Whoop Terms of Use
REGULATORY LANDSCAPE: Limitation of liability clauses in consumer contracts engage state consumer protection laws and the FTC Act; some states including California have restrictions on limitation of liability clauses in consumer contracts, particularly for gross negligence or intentional misconduct. GDPR imposes data subject rights to compensation for damages resulting from GDPR violations that may not be waivable by contract, meaning this clause may not be enforceable against EU users for GDPR-related claims. The FTC has indicated that excessively one-sided limitation of liability clauses in consumer contracts may constitute unfair practices. GOVERNANCE EXPOSURE: High. The $100 floor and 12-month fee cap is a narrow limitation for a service that collects continuous biometric health data. For users on lower-cost subscription tiers, this cap could be materially below the value of the data collected or the harm caused by a breach or data misuse incident. This creates reputational and regulatory exposure, particularly in the event of a data incident affecting health data. JURISDICTION FLAGS: EU users may have non-waivable rights to compensation under GDPR that override contractual liability caps. California courts have found liability limitations unconscionable in certain consumer contexts, particularly where the disparity in bargaining power is significant and the limitation is combined with other one-sided terms. UK consumer contract law may similarly restrict enforcement of disproportionate limitation clauses against consumers. CONTRACT AND VENDOR IMPLICATIONS: Institutional customers or employers purchasing WHOOP memberships for employees should note that the liability cap may apply to their accounts as well, limiting recourse in the event of a data incident affecting employee health data. B2B procurement teams should negotiate enhanced liability terms and data processing agreements with appropriate indemnification provisions. COMPLIANCE CONSIDERATIONS: Legal teams should assess whether this liability cap is enforceable in each jurisdiction where WHOOP operates, particularly in the EU and UK where consumer protection law may override contractual limitations. The clause's interaction with statutory damages available under BIPA, CCPA, and GDPR should be evaluated to determine whether the cap is intended to, and legally can, limit statutory remedies.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This cap means that even if WHOOP's mishandling of your sensitive health data causes significant harm, your financial recovery is likely limited to a relatively small dollar amount, which may not cover actual damages especially in data breach or privacy violation scenarios.
If you suffer harm from WHOOP's service including loss of health data or a privacy breach, the agreement limits WHOOP's financial liability to the greater of your last 12 months of payments or $100, which may be far less than any actual harm you experience.
ConductAtlas has identified this type of provision across 228 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Whoop.