Introduction
Your fitness tracker collects some of the most intimate data about your body: heart rate, sleep patterns, menstrual cycles, body composition, and location. Understanding how this data is stored, shared, and protected is essential.
What Health Wearables Collect
Modern wearables collect far more than steps. Heart rate variability reveals stress levels. Sleep data shows when you go to bed and wake up. GPS tracks your location during exercise. Body temperature can indicate illness or fertility. This data, aggregated over time, creates an incredibly detailed health profile.
How Companies Use Your Data
Most health wearable companies use your data for product improvement and personalized recommendations. Some share anonymized, aggregated data with research institutions. Read the privacy policy before buying. Key questions to ask:
- Can you delete your data entirely?
- Is data stored on-device or in the cloud?
- Is data encrypted in transit and at rest?
- Can data be shared with third parties?
- What happens to your data if the company is acquired?
Newsletter
Get the latest SaaS reviews in your inbox
By subscribing, you agree to receive email updates. Unsubscribe any time. Privacy policy.
Company Privacy Practices
Apple stores health data on-device by default with end-to-end encryption for iCloud sync. Apple does not sell health data.
Garmin stores data in Garmin Connect cloud. Users can download and delete their data. Garmin's 2020 ransomware incident highlighted cloud storage risks.
Fitbit/Google merged Fitbit data into Google accounts. Google's privacy policy governs how this data may be used for advertising-related purposes, though Google has committed to keeping Fitbit health data separate from ad targeting.
Oura stores data in encrypted cloud servers. Users can export and delete data. The company has committed to not selling individual health data.
Whoop stores data in AWS cloud with encryption. The privacy policy allows anonymized data use for research. Data can be exported and deleted.
Protecting Your Health Data
- Enable two-factor authentication on all health app accounts.
- Use a strong, unique password for each health platform.
- Review app permissions regularly and revoke unnecessary access.
- Disable location sharing when not actively using GPS.
- Periodically review and delete historical data you no longer need.
- Be cautious about sharing health data with third-party apps.
The Regulatory Landscape
HIPAA does not cover most consumer health wearables because they are not medical devices prescribed by healthcare providers. However, the FTC has taken enforcement actions against companies that mishandle health data. State-level privacy laws like California's CCPA provide additional protections.
Conclusion
Health wearables provide valuable insights, but the data they collect deserves careful protection. Choose devices from companies with strong privacy practices, enable all available security features, and stay informed about how your data is being used.
