Fitbit Luxe

Warning: *privacy not included with this product

Fitbit Luxe

Google
Bluetooth

Review date: Nov. 1, 2023

|
|

Mozilla says

|
People voted: Very creepy

Fitbit calls this a "fashion forward" fitness and wellness wristband that will help boost your mind, body, and health. That's a lot of responsibilities to put on one little gadget. If you want a fitness tracker that tracks all the things fitness trackers track -- steps, heart rate, stress, sleep, and more -- but doesn't look like a gaudy gadget on your wrist, here you go. Accessorize away with a variety fancy bracelet like straps. As they say, look good, feel good. What might not feel super good though is knowing that, if you're a new user, you're gonna need to sign up with a Google account (and thus share your data with them) whether you like it or not.

What could happen if something goes wrong?

It's 2023 and that means the Fitbit + Google marriage that started back in 2019 has gotten even more intertwined. What's that mean for your Fitbit Luxe? Well, it’s complicated and confusing. If you already have a Fitbit (and account) then you’re a “legacy user” which means your Fitbit is playing by the rules of Fitbit’s privacy policy (as far as we can tell). If you’re a new user, you now have to use a Google Account to login to the Fitbit app and agree to Google’s privacy policy instead (we think). To be honest, it's not compeletly clear to us when only Fitbit's privacy policy apps or when Google's privacy policy applies. So, we'll just tell you about both of them knowing that your data is eventually going to end up with Google anyway.

So, what's going on with Fitibit's privacy? Well, Fitbit can collect a good amount of data, as most fitness trackers do. They say they collect things such as name, email address, phone number, birthdate, gender, height, weight, location, wi-fi access points, and of course all the body related data like steps, activity, sleep, stress, calories burned, and more. Fitbit also says they can collect data from third parties social media sites like Facebook and Google if you choose to connect them (please, don’t) and from employers and insurance companies if you choose to share to receive wellness benefits or discounted or free services (again, not a good idea).

How does Fitbit use all this personal information it collects? Well, the good news is their privacy policy says they never sell your data. However, they do say they can share your personal information with advertising partners for targeted, interest-based advertising across the internet, which isn’t good news. And they say they can use that information to make inferences about you to show you more relevant content -- like using your sleep data to show you content to help you sleep better, which I’m pretty sure wouldn’t actually help me sleep better. So yeah, your Fitbit data is being used to show you ads and keep you using the platform as much as possible. Not surprising, but not great either.

Fitbit also says it can share non-personal information that has been de-identified or aggregated. This is pretty common, but still, can be a bit of a concern as it’s been found to be pretty easy to re-identify these data sets and track down an individual’s patterns, especially with location data. So, be aware with Fitbit--or any fitness tracker--you are strapping on a device that tracks your location, heart rate, sleep patterns, and more. That's a lot of personal information gathered in one place.

What’s the worst that could happen with Fitbit and all the personal and health related data it collects? Well, in 2021 it was reported that health data for over 61 million fitness tracker users, including both Fitbit and Apple, was exposed when a third-party company that allowed users to sync their health data from their fitness trackers did not secure the data properly. Personal information such as names, birthdates, weight, height, gender, and geographical location for Fitbit and other fitness-tracker users was left exposed because the company didn't password protect or encrypt their database. This is a great reminder that yes, while Fitbit might do a good job with their own security, anytime you sync or share that data with anyone else including third party apps, your employer, or a insurance company, it could be vulnerable.I don’t know about you, but I don’t need the world to know my weight, how well I sleep, and where I live. That’s really dang creepy.

Now, about Google and their privacy. Google published a Fitbit FAQ to answer specifically how their privacy policy applies to the unique data that’s collected by the fitness tracking device. In addition to the data that your Fitbit creates about you, Google says they can collect: height, weight, and sex since they need that information to calculate your stride length, distance, and some other fitness stats. They can also collect any information you enter yourself, like your profile photo, period tracking information, and even snore detection data if you pay a premium. Tempting! They also collect “device data” that tells Google how you use the app and when you check it, as well as your precise location (if you let them).

What else? Well, Google can collect information from many of the other third-party fitness and health apps you choose to connect to Fitbit. We usually suggest not doing that. On the other hand, if you’re already using Gmail, Google Drive, and Google Calendar to organize your life, that’s already a heck of a lot of eggs in one data-collecting basket. Through Fitbit Care, Google might partner with your employer or insurance provider, in which case they will get some personal information about you to invite you to the service. The Fitbit Care FAQ doesn’t say what information might be shared back with your employer or insurance company, but I would definitely ask about that before making the relationship between my employer and my fitness data official. I’d hate to have to confront my step count during a performance review.

Now for the million dollar question. Will Google use your private health data to sell you stuff or combine it with the loads of other information they probably have about you? Google says: “Your Fitbit health and wellness data won’t be used for Google Ads, and it will continue to be kept separate from Google Ads data.” (Cue the world’s tiniest party popper -- weeeee.) That’s also what they promised when they bought Fitbit, not that that keeps the privacy-conscious among us from worrying about how exactly this information will be used by one of the world’s largest data companies. As privacy advocacy group NOYB pointed out, Google’s Fitbit is already seemingly skirting Europe’s data privacy law, GDPR, by forcing users to consent to having their data transferred outside the EU if they want to use the app at all.

So can you trust Google with your data? We've always struggled a bit with Google here at *Privacy Not Included. There is no doubt Google is bad for the world's privacy. They kinda set the standard for collecting huge amounts of data on us and using that to target ads. The end result of Google's years and years of data collection and targeted advertising is a huge billion dollar company with tons and tons of power around the world. And now we're all perhaps way too conditioned to having our data being scooped up to target us with ads based on our location, our interests, and inferences that can be drawn about us from all these thousands of data points. This is all really bad for privacy.

That being said. Google has always managed to avoid our *Privacy Not Included warning label because they do some good things too -- like give everyone the ability to delete their data, they do a pretty good job and keeping all the data the hoover up on us secure, and hey, we know they don't really sell that data because, why would they? They want that data for themselves to make lots of money.

This is the year that we've finally decided Google has gotten bad enough we can justify dinging them with our *Privacy Not Included warning label (yes, we don't disagree we should have done it sooner, but we do have a methodology full of criteria we work from and they always walked the line of being bad but not exactly crossing enough of our lines to ding them). Here's why we decided to ding them this year.

First, we already know Google collects a TON of personal information on us, through location tracking, searches, cookies and app tracking technologies, and more. And while Google says they don't sell that information, they do provide access to that information to many, many third parties for advertising purposes. Google goes even farther these days and says that they allow ""specific partners to collect information from your browser or device for advertising and measurement purposes using their own cookies or similar technologies."" That means you're not just being tracked by Google when you use devices but also by these mysterious ""specific partners"" in ways that you might not be aware of or been given the opportunity to consent to. This is bad.

We're in the age of AI now, so there is even more bad. We are very concerned that Google's privacy policy nows says they can ""use publicly available information to help train Google’s AI models."" This is a concern to us and others because we don't know what Google counts as ""publicly available information,"" and we don't know if people are ever given any idea, warning, or opportunity to consent to have this data used to train Google's AI.

The second big concern we have about Google is their track record at being honest and respecting all this personal information they collect on us. Google has racked up quite a long list of fines for privacy violations. In 2023, they settled a lawsuit with the state of California for $93 million for continuing to collect and store location data even after users turned off location tracking, according to the lawsuit. In 2022, they settled a similar lawsuit for continuing to track users' locations after they opted with 40 states for $392 million. Also in 2023, a $5 billion lawsuit was allowed to continue against Google for secretly tracking users internet use when the judge ruled "she could not find that users consented to letting Google collect information about what they viewed online because the Alphabet (GOOGL.O) unit never explicitly told them it would." And in December of 2022, the French data protection authority fined Google $57 million for ""failing to acknowledge how its users' data is processed."" Those are just the fines and lawsuits that have happened since we last reviewed Google in 2022. Over the past few years, there have been even more. South Korea fined Google (and Meta) millions of dollars recently for privacy violations. So did France and Spain. And in the US, Google has faced a host of lawsuits and settlements from Texas, California, Illinois, Arizona, the Federal Trade Commission, and more. All this makes it pretty hard to trust what a company says they do with that massive amount of personal information they collect on you.

One thing about Google we do like: They have a decent way to communicate with users about how they collect and use data in their Safety Center. Google does collect a ton of data on you and your children, especially if you don't take the time to adjust your privacy settings to lock down just how much info they can gather. You should absolutely take the time to adjust these privacy settings. Just beware, you will get notifications that some things might not work right if you change settings. That’s annoying, and probably worth it for a little more privacy.

What’s the worst that could happen? Well, when you give away a lot of personal information, especially sensitive information like your live location and you combine that with health information like your heart rate, mood, or menstrual cycle, that has to come with a lot of trust. And our trust in Google -- who owns Fitbit -- is wavering.

Tips to protect yourself

  • Follow Fitbit's advice to keep your stats private
  • Be very careful what third party companies you consent to share you health data with. If you do decided to share your health data with another company, read their privacy policy to see how they protect, secure, and share or sell your data.
  • Stop sharing friends' lists: Under “Friends” on your profile page, select Privacy Setting and then Private.
  • Do not sign up with third-party accounts. Better just log in with email and strong password.
  • Chose a strong password! You may use a password control tool like 1Password, KeePass etc
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
  • Keep your app regularly updated
  • Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
  • Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
  • When starting a sign-up, do not agree to tracking of your data if possible.
  • mobile

Can it snoop on me? information

Camera

Device: No

App: Yes

Microphone

Device: No

App: Yes

Tracks location

Device: Yes

App: Yes

What can be used to sign up?

A Google Account is required for all new users. A Google Account is required to activate new Fitbit devices released after the launch of Google Accounts for Fitbit. Existing users have the option to use either a Google Account or their existing Fitbit account until at least 2025 at which point they will be required to use a Google Account for login.

What data does the company collect?

How does the company use this data?

We ding this product for collecting extensive information on users, combining it with data from third-party data sources, and targeting ads based on that data, as well as letting its customers target ads based on that data. In addition, we ding this product for allowing "specific partners to collect information from your browser or device for advertising and measurement purposes using their own cookies or similar technologies." We are also concerned about the fact that Google says they can "use publicly available information to help train Google’s AI models," as that could potentially entail a lot of information people don't consent to have used to train their AIs.

Google's Privacy Policy

"Business purposes for which information may be used or disclosed
Advertising: Google processes information to provide advertising, including online identifiers, browsing and search activity, and information about your location and interactions with advertisements."

Research and development: Google uses information to improve our services and to develop new products, features and technologies that benefit our users and the public. For example, we use publicly available information to help train Google’s AI models and build products and features like Google Translate, Bard, and Cloud AI capabilities.

Legal reasons: Google also uses information to satisfy applicable laws or regulations, and discloses information in response to legal process or enforceable government requests, including to law enforcement. We provide information about the number and type of requests we receive from governments in our Transparency Report."

"Google does not sell your personal information. Google also does not “share” your personal information as that term is defined in the California Consumer Privacy Act (CCPA)."

"We use the information we collect to customize our services for you, including providing recommendations, personalized content, and customized search results. For example, Security Checkup provides security tips adapted to how you use Google products. And Google Play uses information like apps you’ve already installed and videos you’ve watched on YouTube to suggest new apps you might like.

Depending on your settings, we may also show you personalized ads based on your interests. <...>
We don’t show you personalized ads based on sensitive categories, such as race, religion, sexual orientation, or health.
We don’t show you personalized ads based on your content from Drive, Gmail, or Photos.
We don’t share information that personally identifies you with advertisers, such as your name or email, unless you ask us to. For example, if you see an ad for a nearby flower shop and select the “tap to call” button, we’ll connect your call and may share your phone number with the flower shop."

"Personal information. This is information that you provide to us which personally identifies you, such as your name, email address, or billing information, or other data that can be reasonably linked to such information by Google, such as information we associate with your Google Account."

"In some circumstances, Google also collects information about you from publicly accessible sources."

"We use various technologies to collect and store information, including cookies, pixel tags, local storage, such as browser web storage or application data caches, databases, and server logs."

"We’ll share personal information outside of Google when we have your consent. "

"We provide personal information to our affiliates and other trusted businesses or persons to process it for us, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures. "

"We may share non-personally identifiable information publicly and with our partners — like publishers, advertisers, developers, or rights holders. For example, we share information publicly to show trends about the general use of our services. We also allow specific partners to collect information from your browser or device for advertising and measurement purposes using their own cookies or similar technologies."

How does Google use location information?
"Your location information can help Google show you more relevant ads. When you search for something like “shoe stores near me,” location information can be used to show you ads from shoe stores near you. Or, let’s say you’re searching for pet insurance, advertisers might show different benefits in different areas."

"Google may also use your past browsing or app activity (such as your searches, website visits, or videos you watched on YouTube) and general areas saved as part of the Web & App Activity setting to show you more useful ads. For example, if you search for where to buy milk nearby on Google, you may see ads for grocery stores in the general area where you frequently browse Google Search while waiting for your bus or train.
Advertisers can only target ads to general areas, such as countries, cities, or regions around their business."

Google's Advertising Technologies Page
"Advertising keeps Google and many of the websites and services you use free of charge. We work hard to make sure that ads are safe, unobtrusive, and as relevant as possible. "

"Other technologies used in advertising...
We may use the IP address, for example, to identify your general location. We may also select advertising based on information about your computer or device, such as your device model, browser type, or sensors in your device like the accelerometer.

Location
Google’s ad products may receive or infer information about your location from a variety of sources. For example, we may use the IP address to identify your general location; we may receive precise location from your mobile device; we may infer your location from your search queries; and websites or apps that you use may send information about your location to us. Google uses location information in our ads products to infer demographic information, to improve the relevance of the ads you see, to measure ad performance and to report aggregate statistics to advertisers....

Advertising identifiers for mobile apps
To serve ads in services where cookie technology may not be available (for example, in mobile applications), we may use technologies that perform similar functions to cookies. Sometimes Google links the identifier used for advertising on mobile applications to an advertising cookie on the same device in order to coordinate ads across your mobile apps and mobile browser....

Connected TVs are another area where cookie technology is not available, and, instead, Google will rely on device identifiers designed for use in advertising to serve ads. Many connected TV devices support an identifier for advertising that is similar in function to mobile device identifiers. These identifiers are built to give users the option to reset them or to opt out of personalized advertising entirely."

"What determines the ads by Google that I see?
Many decisions are made to determine which ad you see. Sometimes the ad you see is based on your current or past location. Your IP address is usually a good indication of your approximate location. So you might see an ad on the homepage of YouTube.com that promotes a forthcoming movie in your country, or a search for ‘pizza’ might return results for pizza places in your town. Sometimes the ad you see is based on the context of a page. If you’re looking at a page of gardening tips, you might see ads for gardening equipment. Sometimes you might also see an ad on the web that’s based on your app activity or activity on Google services; an in-app ad that’s based on your web activity; or an ad based on your activity on another device. Sometimes the ad you see on a page is served by Google but selected by another company. For example, you might have registered with a newspaper website. From information you’ve given the newspaper, it can make decisions about which ads to show you, and it can use Google’s ad serving products to deliver those ads. You may also see ads on Google products and services, including Search, Gmail, and YouTube, based on information, such as your email address, that you provided to advertisers and the advertisers then shared with Google."

"We do have restrictions on this type of ad. For example, we prohibit advertisers from selecting an audience based on sensitive information, such as health information or religious beliefs."

Fitbit Privacy Policy

"JOINT PROCESSING FOR PROFILE INFORMATION
From June 6, 2023, Fitbit users will have the opportunity to move their accounts to Google. This means that some Fitbit users will be part of the Google service while others may remain part of the Fitbit service. As a result, to ensure our users can still view their friends lists (including where your friends move their service to Google), Fitbit and Google will share with each other limited profile information about their Fitbit users, notably the user’s name, photo and friends list (“Joint Processing”)."

"GEOLOCATION INFORMATION
The Services include features that use precise geolocation data, including GPS signals, device sensors, Wi-Fi access points, and cell tower IDs. We collect this type of data if you grant us access to your location. You can always remove our access using your Fitbit device or mobile device settings. We may also derive your approximate location from your IP address."

"We never sell the personal information of our users. We do .... work with partners who provide us with analytics and advertising services. This includes helping us understand how users interact with the Services, serving advertisements on our behalf across the internet, and measuring the performance of those advertisements. These companies may use cookies and similar technologies to collect information about your interactions with the Services and other websites and applications."

"We may preserve or disclose information about you to comply with a law, regulation, legal process, or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of the Services or the physical safety of any person."

"You may direct us to disclose your information to others, such as when you use our community features like the forums, 7-day leaderboard, and other social tools. <...> You may also direct us to share your information in other ways, for example, when you give a third-party application access to your account, or give your employer access to information when you choose to participate in an employee wellness program. Remember that their use of your information will be governed by their privacy policies and terms."

"We may share non-personal information that is aggregated or de-identified so that it cannot reasonably be used to identify an individual. We may disclose such information publicly and to third parties, for example, in public reports about exercise and activity, to partners under agreement with us, or as part of the community benchmarking information we provide to users of our subscription services."

"To the extent that information we collect is health data or another special category of personal data subject to the GDPR, we ask for your explicit consent to process the data. We obtain this consent separately when you take actions leading to our obtaining the data, for example, when you pair your device to your account, grant us access to your exercise or activity data from another service, or use the female health tracking feature. You can use your account settings and tools to withdraw your consent at any time, including by stopping use of a feature, removing our access to a third-party service, unpairing your device, or deleting your data or your account."

How can you control your data?

Google's Privacy Policy

"You can export a copy of content in your Google Account if you want to back it up or use it with a service outside of Google."
"To delete your information, you can:
Delete your content from specific Google services
Search for and then delete specific items from your account using My Activity
Delete specific Google products, including your information associated with those products
Delete your entire Google Account"

"In some cases, rather than provide a way to delete data, we store it for a predetermined period of time. For each type of data, we set retention timeframes based on the reason for its collection. For example, to ensure that our services display properly on many different types of devices, we may retain browser width and height for up to 9 months. We also take steps to anonymize or pseudonymize certain data within set time periods. For example, we anonymize advertising data in server logs by removing part of the IP address after 9 months and cookie information after 18 months. We may also retain pseudonymized data, such as queries that have been disconnected from users’ Google Accounts, for a set period of time."

Fitbit Privacy Policy
Editing and Deleting Data.
By logging into your account and using your account settings, you can change and delete your personal information. For instance, you can edit or delete the profile data you provide and delete your account if you wish. Learn more here.

If you choose to delete your account, please note that while most of your information will be deleted within 30 days, it may take up to 90 days to delete all of your information, like the data recorded by your Fitbit device and other data stored in our backup systems. This is due to the size and complexity of the systems we use to store data. We may also preserve data for legal reasons or to prevent harm, including as described in the How Information Is Shared section.

What is the company’s known track record of protecting users’ data?

Needs Improvement

Google
In September 2023, the US Department of Justice launched a trial against Google arguing "that Google abused its power as a monopoly to dominate the search engine business." Full disclosure, Mozilla testified in this trial.

In September 2023, Google was set to pay $93M in settlement over deceptive location tracking.

In August 2023, a US District Court judge allowed a $5 Billion lawsuit to continue against Google for alleged privacy violations of users for secretly tracking them without their consent.

In January 2023, Google confirmed data breach in its cell network provider Google Fi. The breach is linked to the recent T-Mobile hack. Google announced the breach immediately. Google says the hackers accessed limited customer information, including phone numbers, account status, SIM card serial numbers and information related to details about customers’ mobile service plans, such as whether they have selected unlimited SMS or international roaming.

In December 2022, Google was fined by EU watchdog over GDPR violations.

In September 2022, Google lost anti-trust ruling of EU which put a fine of over $4.34B on Google because of its Android monopoly.

Google received plenty of fines from European, American, and Korean authorities in the last few years. The biggest was the $170M fine from New York Attorney General for mishandling the children consent. The other cases include the fine of $100M for violating the Biometric Information Privacy Act in Illinois, $71.8M fine for mishandling consent in South Korea, $57M fine for violating GDPR in France, as well as other fines from local Data Protection Authorities in Ireland, Italy, and Spain.

In August 2019, the company admitted that partners who work to analyze voice snippets from the Assistant leaked the voice snippets of some Dutch users. More than 1,000 private conversations were sent to a Belgian news outlet, some of the messages reportedly revealed sensitive information such as medical conditions and customer addresses.

In December 2018, a bug exposed the data of 52.5 million Google+ users.

Nest Security Bulletin contains details of security vulnerabilities that previously affected Google Nest's devices.

Fitbit:
In August 2023, Fitbit faced three data transfer complaints in the EU, that allege the company is illegally exporting user data in breach of the bloc’s data protection rules: "European privacy rights not-for-profit, noyb, has filed the complaints with data protection authorities in Austria, the Netherlands and Italy on behalf of three (unnamed) Fitbit users. Commenting in a statement, Maartje de Graaf, data protection lawyer at noyb, said: “First, you buy a Fitbit watch for at least €100. Then you sign up for a paid subscription, only to find that you are forced to ‘freely’ agree to the sharing of your data with recipients around the world. Five years into the GDPR, Fitbit is still trying to enforce a ‘take it or leave it’ approach.”

In 2021 Fitbit's security measures did not prevent the major data leak of 61 million fitness tracker data records, including Fitbit user data, by the third-party company GetHealth. In September 2021, a group of security researchers discovered GetHealth had an unsecured database containing over 61 million records related to wearable technology and fitness services. GetHealth accessed health data belonging to wearable device users around the world and leaked it in an non-password protected, unencrypted database. The list contained names, birthdates, weight, height, gender, and geographical location, as well as other medical data, such as blood pressure.

In 2020, it was reported the emails and passwords of nearly 2 million Fitbit users were leaked online.

Child Privacy Information

Google provides a Privacy Link guide with information about privacy of kids aged 6-8, 9-12, and 13-17.

Privacy Notice for Google Accounts and Profiles Managed with Family Link, for Children under 13 (or applicable age in your country)
"For your child to have their own Google Account or profile, we may need your permission to collect, use or disclose your child’s information as described in this Privacy Notice and the Google Privacy Policy. When you allow your child to use our services, you and your child are trusting us with your information. We understand this is a big responsibility and work hard to protect your information and put you in control. You can choose whether your child can manage their activity controls for things like Web & App Activity and YouTube History.

This Privacy Notice for Google Accounts and Profiles Managed with Family Link, for Children under 13 (or applicable age in your country) and the Google Privacy Policy explain Google’s privacy practices. To the extent there are privacy practices specific to your child’s account or profile, such as with respect to limitations on personalized advertising, those differences are outlined in this Privacy Notice.

This Privacy Notice does not apply to the practices of any third party (non-Google) apps, actions or websites that your child may use. You should review the applicable terms and policies for third party apps, actions, and sites to determine their appropriateness for your child, including their data collection and use practices."

Once you grant permission for your child to have a Google Account or profile, their account or profile will generally be treated like your own with respect to the information that we collect. For example, we collect:
Information you and your child create or provide to us...
Information we get from your child’s use of our services....(including)....
Your child’s apps, browsers & devices...
Your child’s location information...
Your child’s voice & audio information..."

"We may use your child’s information to provide recommendations, personalized content, and customized search results. For example, depending on your child’s settings, Google Play may use information like apps your child has installed to suggest new apps they might like.
In addition, we may combine the information we collect among our services and across your child’s devices for the purposes described above. Depending on your child’s account or profile settings, their activity on other sites and apps may be associated with their personal information in order to improve Google’s services.
Google will not serve personalized ads to your child, which means ads will not be based on information from your child’s account or profile. Instead, ads may be based on information like the content of the website or app your child is viewing, the current search query, or general location (such as city or state). When browsing the web or using non-Google apps, your child may encounter ads served by other (non-Google) ad providers, including ads personalized by third parties."

"We may also share non-personally identifiable information (such as trends about the general use of our services) publicly and with our partners — like publishers, advertisers, developers, or rights holders. For example, we share information publicly to show trends about the general use of our services. We also allow specific partners to collect information from browsers or devices for advertising and measurement purposes using their own cookies or similar technologies."

Fitbit Privacy Policy
"We appreciate the importance of taking additional measures to protect children’s privacy.

Fitbit allows parents to set up accounts for their children to use with select Fitbit devices (“Children’s Account”). Children’s Accounts are subject to a separate Privacy Policy for Children’s Accounts which explains what information we collect to set up these accounts, what information we collect from a child’s use of our Services, and how we use and share that information. Parents or guardians must consent to the use of their child’s data in accordance with the Privacy Policy for Children’s Accounts in order to create such an account.

Persons under the age of 13, or any higher minimum age in the jurisdiction where that person resides, are not permitted to create accounts unless their parent has consented in accordance with applicable law. If we learn that we have collected the personal information of a child under the relevant minimum age without parental consent, we will take steps to delete the information as soon as possible. Parents who believe that their child has submitted personal information to us and would like to have it deleted may contact us at [email protected]."

Can this product be used offline?

Yes

User-friendly privacy information?

No

Users must comb through privacy policies for both Fitbit and Google to make sure they've covered all their bases when it comes to privacy documentation for Fitbit products. It is complicated and cumbersome and confusing.

Links to privacy information

Does this product meet our Minimum Security Standards? information

Yes

Encryption

Yes

Strong password

Yes

Security updates

Yes

Manages vulnerabilities

Yes

Privacy policy

Yes

Does the product use AI? information

Yes

Google publishes academic papers about its AI research (https://ai.google/) and makes several tools available via open source. https://ai.google/tools

FitBit Coach and FitBit Care services are said to be based on Machine Learning.

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

Is the company transparent about how the AI works?

Yes

Does the user have control over the AI features?

Yes

*privacy not included

Dive Deeper

  • Your Fitbit is useless – unless you consent to unlawful data sharing
    noyb Link opens in a new tab
  • Google Stops Selling Fitbits in Regions Where it Doesn't Sell Pixels
    Gizmodo Link opens in a new tab
  • Fitbit targeted with trio of data transfer complaints in Europe
    TechCrunch Link opens in a new tab
  • Fitbit Setup Requirements
    Fitbit Link opens in a new tab
  • Fitbit users will be forced to migrate to Google accounts by 2025
    The Verge Link opens in a new tab
  • Fitbit Increases Security Requirements, Mandates Google Login From 2023
    Infosecurity Link opens in a new tab
  • Google’s New Plan to Make Fitbit Data More Useful for Healthcare
    Health Tech Insider Link opens in a new tab
  • 2 Million Fitbit Accounts Were Exposed by Cybercriminals
    HackerNoon Link opens in a new tab
  • Standard Privacy Report for Fitbit
    Common Sense Link opens in a new tab
  • Google Now Owns Fitbit: What It Means For Your Fitness Data Privacy
    Forbes Link opens in a new tab
  • 61M Fitbit, Apple Users Had Data Exposed in Wearable Device Data Breach
    Health IT Security Link opens in a new tab
  • Google closes $2.1B acquisition of Fitbit as Justice Department probe continues
    Fierce Healthcare Link opens in a new tab
  • Here's what your Fitbit knows about you
    Avast Link opens in a new tab
  • Fitbit Joins Google
    Fitbit Link opens in a new tab

Comments

Got a comment? Let us hear it.