Amazon Halo Rise

Warning: *Privacy Not Included with this product

Amazon Halo Rise

Wi-Fi Bluetooth

Review date: Nov. 9, 2022


Mozilla says

People voted: Super creepy

We get it. Sleep is hard. Tracking your sleep seems like a good idea, right? Letting Amazon into your bedroom to monitor your sleep by tracking your body movement, breathing, room temperature, humidity and light might not be such a great idea. This little bedside device sits there and uses its sensors to follow your sleep with nothing to wear or charge. It just sits there and watches you. Well, it doesn't really watch you with cameras or microphones, just sensors that know if you're sleeping or not. Then it can wake you up with lights like the brightening sun. Pair it with Alexa to tell it what to do. You'll need the Halo subscription ($3.99 a month) and app to get all the features of this little bedside sleep creeper. Amazon says it is "designed for privacy" but, yeah, we're not so sure about that. It is Amazon after all.

What could happen if something goes wrong?

Amazon proudly states they are not in the business of selling your personal information to others. True. But, Amazon doesn’t need to sell your data to others when they have their own advertising and retail juggernaut to use your data to sell you more stuff. Because Amazon is in the business of selling you more stuff. And it’s not just Amazon hoping to sell you stuff. Amazon has a whole program for others to sell you stuff on on their sites too. And those sellers get to use that data Amazon collects on you to target you with the stuff they want to sell. So, while Amazon might not be in the business of selling your personal information, they are in the business of selling access to your information to others to target ads to sell you more stuff.

And to do this, Amazon likes to collect an enormous amount of data on you. Things like: records of your shopping habits, Alexa search requests, the TV shows you watch and when you watch them, the music you stream, the podcasts you listen to, when you turn your lights on and off, when you lock your doors, identifiers such as your name, address, phone numbers, or IP address, your age, gender, your location, audio and visual information like those Alexa-requests or photos you take, the names and numbers of people listed in your contacts. The list goes on and on and on.

And what do they do with all that personal information they collect on you? Well, they use it to target you advertising, of course. Lots and lots of advertising. They do say they don’t use information that personally identifies you to display interest-based ads (of course, we have to trust them on this). They also use your personal information to identify your preferences and personalize products and services to keep you using those products and services as much as possible. And they say they can share that personal information with a number of third parties.

And when we say a number, we don’t exactly know how many third parties because Amazon doesn’t share that information. But we must assume it’s a lot of third parties because they say they can share your data with everyone from all the companies they use to provide third party services. That means the companies that do things like help them with marketing, manage credit risk, analyze data, send mail and email, and more. Then there’s the third parties that offer services, products, apps, and Alexa skills through Amazon Services. And then there’s the business affiliates and other companies Amazon buys that could get access to your data too. Given that Amazon is a vast empire -- think Ring, Blink, Eero, Whole Foods, and beyond -- that’s potentially a lot of places your data could end up.

And let’s talk for a minute about Alexa itself. Amazon’s helpful artificial intelligence that’s built into everything from your Echo Dot smart speaker to your headphones to your thermostat comes with its own set of questions and concerns. Amazon does make it possible to automatically delete voice recordings immediately after they are processed. That's a nice feature after the controversy around human reviewers listening in to Alexa voice recordings. However, Amazon says when you delete your voice recordings, they still can keep data of the interactions those recordings triggered. So, if you buy a pregnancy test through Amazon Alexa, Amazon won't forget you bought that pregnancy test just because you ask them to delete the voice recording of that purchase. That record of the purchase is data they have on you going forward and may use to target you with ads for more stuff.

And then there are Alexa Skills, those little apps you use to interact with Alexa. These Skills can be developed by just about anyone with the, uhm, skill. And with too many of the Skills, third-party privacy policies are misleading, incomplete, or simply nonexistent, according to one recent study. When your data is processed by an Alexa Skill, deleting your voice recordings doesn’t delete the data the developer of that Skill collects on you. With over 100,000 Alexa Skills out there, many of them developed by third parties, now your data is floating around in places you might never have imagined.

Oh, let’s not forget Amazon’s track record at protecting and respecting their customers' data. That raises some red flags too. Here are a few of the problems we’ve seen over the last few years. There’s the Amazon employee who was caught stealing the personal information of over 100 million CapitolOne customers. And that’s not the only time Amazon employees with access to lots of customer data were caught leaking customers personal information. It’s happened quite a few times, actually. And then there’s the Alexa security bug that opened the door for hackers to potentially access users personal information and even their conversation history. These are some of the known privacy and security issues Amazon has had (there could be more unknown ones as well). And we get it, Amazon is a huge company with many products and employees and it’s impossible to secure everything's 100% of the time. But that’s the point. When you collect such a vast amount of personal information on people, you’ve got to be super, duper, extra careful to secure it everywhere, all the time. Amazon has shown they can’t always do that.

So, what’s the worst that could happen? Well, if you happen to order that pregnancy test through Alexa, Amazon now knows you might be pregnant. Then comes the ads for baby clothes, diapers, cribs, and more. And then tragedy strikes and you lose your pregnancy. To cope you buy wine from Whole Foods. Amazon could now assume you’re no longer pregnant. But they don’t know about this miscarriage, they just know that you were likely pregnant and now likely not. Setting aside the scary post-Roe vs Wade world we live in now where this information could be used by law enforcement, think of the targeted advertising you could get from companies trying to sell you more stuff to deal with your lost pregnancy, get pregnant again, or other ads you don’t need to see while trying to cope with this tragedy. Uhg. So yeah, while Amazon doesn't sell your personal information, they sure do use the heck out of it to target you with more stuff to buy. Is this creepy? Well, with so much data floating around in so many places, yeah, Amazon’s Halo Rise with Alexa can feel pretty creepy.

One more note on Amazon from a privacy researcher’s point of view. Trying to read through Amazon’s crazy network of privacy policies, privacy FAQs, privacy statements, privacy notices, and privacy documentation for their vast empire is a nightmare. There’s so many documents that link to other documents that link back even more documents that understanding and making sense of Amazon’s actual privacy practices feels almost impossible. We wonder if this is by design, to confuse us all so we just give up? Or, if maybe even Amazon’s own employees possibly don’t know and understand the vast network of privacy policies and documentation they have living all over the place? Regardless, this privacy researcher would love to see Amazon do better when it comes to making their privacy policies accessible to the consumers they impact.

Tips to protect yourself

  • Set up Anonymous Mode when using the app to protect your data
  • When starting a sign-up, do not agree to tracking of your data.
  • Do not sign up with third-party accounts. Better just log in with email and strong password.
  • Chose a strong password! You may use a password control tool like 1Password, KeePass etc
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
  • Keep your app regularly updated
  • Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
  • Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
  • mobile

Can it snoop on me? information


Device: No

App: Yes


Device: No

App: Yes

Tracks location

Device: No

App: Yes

What can be used to sign up?

What data does the company collect?

How does the company use this data?

We ding this product for using personal data for targeted advertising purposes, and combining data about you with data it receives from third parties for targeted advertising purposes.

Amazon combines data on its users with data from third parties, for advertisement purposes: "Some third-parties may provide Amazon pseudonymized information about you (such as demographic information or sites where you have been shown ads) from offline and online sources that we may use to provide you more relevant and useful advertising."

"In the twelve months prior to the effective date of this Disclosure, Amazon has not sold any personal information of consumers, as those terms are defined under the California Consumer Privacy Act. "

"Information about our customers is an important part of our business, and we are not in the business of selling our customers' personal information to others."

"The personal information that Amazon disclosed to the third parties identified in the “Does Amazon Share Your Personal Information?” section of the Amazon Privacy Notice about consumers for a business purpose in the twelve months prior to the effective date of this Disclosure fall into the following categories established by the California Consumer Privacy Act, depending on which Amazon Service is used:
- identifiers such as your name, address, phone numbers, or IP address, for example if we use a third party carrier to deliver your order;
- personal information, such as a credit card number, for example if we use a third party payment processor;
- your age, gender, or other protected classifications, for example if you choose to participate in a survey distributed by a survey provider;
- commercial information, such as the details of a product or service you purchased if a third party service provider is assisting to provide that product or service to you;
- internet or other electronic network activity information, such as if we use a service provider to help us gather crash reports for analyzing the health of our devices and services;
- geolocation data, such as providing a delivery partner the location of your vehicle in order to deliver a package if you use Amazon Key;
- audio or visual information, for example if a service provider reviews recordings of customer service phone calls for quality assurance purposes, or if we use a service provider to fulfill your order to print images from your Amazon Photos account;
- education information, for example coursework you may direct us to share with the operator of an educational Alexa skill; and
- professional information, for example if we provide your account details to a service provider for verification as part of enrollment for an Amazon Business account."

Amazon says they do not sell your personal information. They combine your voice data with third-party data to answer your requests as well as to train Alexa's speech recognition. You can choose to not save any voice recordings, but it will cost you some features.

While voice recordings won't be used for ad personalization, the transcripts of recordings, and the list of actions that Alexa did in response to your voice commands, may be.

How can you control your data?

We ding this product for not guaranteeing all users have the same right to access and delete their data, regardless of where they live.

For users outside of California and Europe, Amazon is not clear if they can excercise their deletion rights: "In addition, to the extent required by applicable law, you may have the right to request access to or delete your personal information. If you wish to do any of these things, please contact Customer Service. Depending on your data choices, certain services may be limited or unavailable."

A user can chose to not send voice recording to the Cloud: "On supported devices, you can turn on Do Not Send Voice Recordings, so the audio of your requests to Alexa (for example, “Alexa, what’s the weather?”) will be processed on device and not sent to the cloud. A text transcript of your request will be sent to the cloud so Alexa can respond to your request. You will be able to review and delete those transcripts in your Voice History. Alexa will still send audio to the cloud for features that require the transmission of audio, such as when you make a call or send a message or announcement via Alexa. And, if you create a voice ID, the audio recordings used to teach Alexa your voice will be sent to the cloud. Alexa will also send audio to the cloud if you enable Alexa Guard, including for Smart Alerts and emergency calling with Guard Plus."

You can review and delete your voice recordings, one by one, by date range, or all at once. You can also set up an auto-deletion to automatically delete recordings older than 3 or 18 months. You can choose to not save any voice recordings, at the cost of some features. If you choose not to have any voice recordings saved, the text transcripts of your requests will be still retained for 30 days, after which they will be automatically deleted.

Retention details:
"When you delete voice recordings associated with your account from Voice History, we will delete the voice recordings that you selected and the text transcripts of those recordings from Amazon’s cloud. If you choose not to have any voice recordings saved, the text transcripts of your requests will be retained for 30 days, after which they will be automatically deleted. We retain those text transcripts to allow you to review the requests you make to Alexa in your Voice History, and to improve your Alexa experience and our services. You can delete the text transcripts at any time in the Alexa app by going to Settings > Alexa Privacy > Review Voice History.

We may still retain other records of your Alexa interactions, including records of actions Alexa took in response to your request. This allows us, for instance, to continue to provide your reminders, timers, and alarms, process your orders, remember the things you've taught Alexa, and show your shopping and to-do lists and messages sent through Alexa Communications. If your request was processed by an Alexa skill, deleting your voice recordings does not delete any information retained by the developer of that skill (skill developers do not receive voice recordings)." This is problematic, because a big share of more than 100,0000 skills are developed by third parties that are not necessarily bound by Amazon’s privacy policies. The research by North Carolina State University found that "23.3% of 1,146 skills that requested access to privacy-sensitive data either didn't have privacy policies or their privacy policies were misleading or incomplete. For example, some requested private information even though their privacy policies stated they were not requesting private information." In addition to misleading privacy policies, issues included things like developers being able to claim fake identity ('Samsung', 'Apple'), multiple skills sharing the same Alexa trigger words, etc. "

What is the company’s known track record of protecting users’ data?

Needs Improvement

In 2022, Paige Thompson, a former Amazon employee accused of stealing the personal information of 100 million customers by breaching banking giant CapitalOne in 2019, was found guilty by a Seattle jury on charges of wire fraud and computer hacking.

In July 2021, the Luxembourg National Commission for Data Protection issued a 746 million euro fine to Amazon for allegedly violating the European Union’s General Data Protection Regulation (GDPR).

In August 2020, security researchers from Check Point pointed out a flaw in Amazon's Alexa smart home devices that could have allowed hackers access to personal information and conversation history. Amazon promptly fixed the bug.

In October 2020, Amazon fired an employee for leaking customer email addresses to an unnamed third party.

In October 2019, Forbes reported that Amazon employees were listening to Amazon Cloud Cam recording, to train its AI algorythm.

In April 2019, it was revealed that thousands of employees, many of whom are contract workers and some not even directly employed by Amazon, had access to both voice and text transcripts of Alexa interactions.

Child Privacy Information

Amazon does not sell products for purchase by children. We sell children's products for purchase by adults. If you are under 18, you may use Amazon Services only with the involvement of a parent or guardian. We do not knowingly collect personal information from children under the age of 13 without the consent of the child's parent or guardian. For more information, please see our Children's Privacy Disclosure.

Can this product be used offline?


User-friendly privacy information?


Amazon has a complicated and difficult to navigate mess of privacy policies, privacy notices, privacy FAQs, and other privacy information.

Links to privacy information

Does this product meet our Minimum Security Standards? information




All Amazon Halo health data is encrypted in transit, including going to and from the cloud or between the customers’ Halo Band and the Halo app on their phone. Amazon Halo health data is also encrypted while being stored securely in the Amazon cloud. In addition, Amazon Halo health data is stored securely on the customer’s smartphone, including using available full disc encryption and any other protections provided by their phone’s manufacturer.

Strong password


Password-protected Amazon account is needed to set up Alexa.

Security updates


Manages vulnerabilities


Amazon has a bug bounty program.

Privacy policy


Does the product use AI? information


Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

The feature of the Amazon Halo is AI-powered health to track your wellness (body fat, activity levels, sleep, and tone of voice/emotions.) The AI will also rate your tone for “positivity” and “energy.” The model associates those emotional ratings with vocal qualities like pitch, intensity, tempo, and rhythm.

Questions have been raised about bias in Amazon Halo algorithms.

Is the company transparent about how the AI works?


Does the user have control over the AI features?


*Privacy Not Included

Dive Deeper

  • Amazon’s Halo tests the limits of personal privacy, and offers a glimpse of the future of health
    Geek Wire Link opens in a new tab
  • Amazon Halo review: Affordable but questionable fitness band
    Digital Trends Link opens in a new tab
  • Amazon’s new health band is the most invasive tech we’ve ever tested
    Washington Post Link opens in a new tab
  • Amazon Halo review
    Toms Guide Link opens in a new tab
  • Following Privacy Concerns Surrounding Amazon Halo, Klobuchar Urges Administration to Take Action to Protect Personal Health Data
    Sen. Amy Klobuchar Link opens in a new tab


Got a comment? Let us hear it.