NordicTrack Treadmill

Warning: *Privacy Not Included with this product

NordicTrack Treadmill

iFIT Health & Fitness Inc.
Wi-Fi Bluetooth

Review date: Nov. 1, 2023

|
|

Mozilla says

|
People voted: Very creepy

Nowhere to run to, nowhere to hide. That's what you get with these connected treadmills from NordicTrack. Climb on the road to nowhere, hop in one of the live, interactive training sessions you stream on the HD touchscreen right in front of you, and take off. The personal trainers can control your treadmill's incline, decline, and speed in real time so you have no choice but to sprint up that hill! Google Maps technology lets you run anywhere in the world. And you get tons of personalized stats to tell you how much harder you need to run to beat your buddy. Just the motivation you need to lose those extra few pounds. Unfortunately, NordicTrack isn't exactly stellar at privacy.

What could happen if something goes wrong?

NordicTrack has cleaned up their act a little bit since we reviewed them last year, but they’re still bad. They’ve gone from “awful" to “awe come on, you can do better than that!” Their privacy policy no longer says outright that they can sell your personal data -- except in the context of digital tracking technologies like cookies. Don’t get us wrong, that’s still not good, but it is pretty standard these days. (If you’re curious, it looks like the old privacy policy is still up on their Canadian site for some reason.)

One of the terrible, bad, no-good things that NordicTrack is still up to? They say, “By creating an account with us, you agree that we may contact you for marketing and transactional purposes by phone, e-mail, mail, or text message, even if your number is on a do-not-call list or is a wireless number.” Yikes!!!! And while we’re sharing bad news, we feel it’s our duty to mention that in spring of 2023, some users said that their NordicTrack treadmills and exercise bikes became “very expensive spider resort[s]” in that they suddenly stopped working. Ouff.

Back on privacy, NordicTrack seems to collect and share a good amount of data on their users, including buying data from data brokers and gathering it from public sources. Ugh. They say they will use all the data they can collect on you to target you with advertising and marketing and make suggestions to you about goods or services that may be of interest to you. Eh, not good but also, kinda the way the world works these days. They also say they can collect, use, and share aggregated data for “any purpose.” That’s pretty normal too but it’s worth pointing out that many privacy researchers have demonstrated that it can be easy to re-identify that data.

So, if you buy a NordicTrack exercise machine and sign up for their iFit app for workouts, expect your data to be collected, used to target you with all kinds of ads, your phone number is now fair game for marketing texts or phone calls from them. You’re gonna need a good workout to help get rid of the stress of all that. Maybe go outside for some exercise, that seems safer. Good news though, residents of California and Virginia in the US can opt out of some of this data gathering and selling. Just those states’ residents though, thanks to their stronger privacy laws, no one else. Yay for strong privacy laws! Uh, hang on. NordicTrack says that even in those states they reserve the right to “charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive” or can refuse it. Hmm. That’s an interesting take on the law. One thing we can say about NordicTrack is that they are bad in unique and unpredictable ways.

Tips to protect yourself

- Be very careful what third party companies you consent to share you health data with. If you do decided to share your health data with another company, read their privacy policy to see how they protect, secure, and share or sell your data.
- Do not sign up with third-party accounts. Better just log in with email and strong password.
- Chose a strong password! You may use a password control tool like 1Password, KeePass etc
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless necessary)
- Keep your app regularly updated
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
- When starting a sign-up, do not agree to tracking of your data if possible.

  • mobile

Can it snoop on me? information

Camera

Device: No

App: Yes

Microphone

Device: No

App: No

Tracks location

Device: Yes

App: Yes

What can be used to sign up?

What data does the company collect?

How does the company use this data?

We ding this product as it says it can collect vast volumes of data, including data from data brokers, advertisers, and search information providers, and shares or sells some personal data for purposes that include marketing.

Privacy Policy

"HOW IS YOUR PERSONAL DATA COLLECTED?
We may collect the categories of personal information described above either directly or indirectly, including the following categories of sources:
Direct interactions
Automated technologies or interactions
Other technologies. We may use standard Internet technology, such as web beacons and other similar technologies, to track your use of iFIT sites.
Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:
Technical data from the following parties:
Analytics providers such as Google based in or outside the US
Advertising networks based inside or outside the US
Search information providers based inside or outside the US ...
Identity and contact data from data brokers or aggregators based inside or outside the US
Identity and contact data from publicly available sources based inside or outside the US"

"By creating an account with us, you agree that we may contact you for marketing purposes by phone, e-mail, mail, or text message, even if your number is on a do-not-call list or is a wireless number."

"HOW WE USE YOUR PERSONAL DATA
Most commonly, we will use your personal data for the following business purposes: <...>
For providing you with customized and personalized recommendations for other iFIT health or fitness opportunities that we think may be of interest to you. <...>
Where it is necessary for our legitimate interests (or those of a third party), and your interests and fundamental rights do not override those interests. <...>
For marketing purposes. <...>"

"Generally, for those consumers located in the European Union, we do not rely on consent as a legal basis for processing your personal data, other than in relation to sending third party direct marketing communications to you via e-mail or text message. You have the right to withdraw consent to marketing at any time by contacting us."

"We have set out below a description of the ways we may use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. ...

Purpose/Activity: To deliver relevant website and app content and advertisements to you and to measure or understand the effectiveness of the advertising we serve to you
Type of data: Identity, Contact, Profile, Usage, Marketing and communications, Technical
Lawful basis for processing: Necessary for our legitimate interests (to study how customers use our products and services, to develop them, to grow our business, and to inform our marketing strategy) ...

Purpose/Activity: To make suggestions and recommendations to you about goods or services that may be of interest to you
Type of data: Identity, Contact, Technical, Usage, Profile
Lawful basis for processing: Necessary for our legitimate interests (to develop our products and services, and to grow our business). Consent (if the data is classified as sensitive data)."

"We use digital technologies, like cookies, beacons, Ad IDs, IP addresses and pixels for online advertising and analytics. We may disclose certain online identifiers with our advertising partners and analytics providers. Disclosing these identifiers with third parties for advertising or analytics purposes may be defined as the “sale” or “sharing” of your information under certain state privacy laws. You may have the right to opt-out of these uses. If you opt-out this type of “sale” or “sharing” of your information, we will not deliver customized advertising to you. You may still see non-targeted advertising about our products and services. You may opt-out of the sale or sharing of your information for marketing or analytics by clicking on the "Do Not Sell or Share My Personal Information” link and unselecting marketing and analytics cookies."

"Notice of right to opt-out
For California and Virginia Residents
iFIT uses digital technologies, including online identifiers, to provide you with personalized marketing and perform online analytics. We may disclose these online identifiers to our analytics and marketing partners. For California residents, the disclosure of your online identifiers to these partners may be considered the “sale” or “sharing” of your information. You have the right to opt-out of this use. For Virginia residents, you have the right to opt-out of having your personal data processed for the purposes of targeted advertising."

How can you control your data?

We can not confirm if all users regardless of location can get their data deleted.

Privacy Policy

"YOUR LEGAL RIGHTS

Under certain circumstances, you may have rights under data protection laws in relation to your personal data. In addition to the rights discussed in the opt-out section above, you may have the following rights.

<...>
Request erasure of your personal data. This enables you to ask us to delete your personal data. You also have the right to ask us to delete or remove your personal data when you have successfully exercised your right to object to processing (see below), when we may have processed your information unlawfully, or when we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons, which we will inform you, if applicable, at the time of your request.
<...>
Right to Opt-Out of the Sale or Sharing. We use digital technologies, like cookies, beacons, Ad IDs, IP addresses and pixels for online advertising and analytics. We may disclose certain online identifiers with our advertising partners and analytics providers. Disclosing these identifiers with third parties for advertising or analytics purposes may be defined as the “sale” or “sharing” of your information under certain state privacy laws. You may have the right to opt-out of these uses. If you opt-out this type of “sale” or “sharing” of your information, we will not deliver customized advertising to you. You may still see non-targeted advertising about our products and services. You may opt-out of the sale or sharing of your information for marketing or analytics by clicking on the "Do Not Sell or Share My Personal Information” link and unselecting marketing and analytics cookies."

What is the company’s known track record of protecting users’ data?

Average

In late 2022 and early 2023, Consumer Reports reported some NordicTrack users found that a software update to the iFit platform on some NordicTrack touch screen devices caused the machines to become inoperable. Users also reported trouble getting NordicTrack to fix this issue, and a class action lawsuit was filed.

Child Privacy Information

"Our services are not offered to Children. We do not knowingly collect, use, sell or share the personal information of children that are less than 16 years of age. "

Can this product be used offline?

Yes

User-friendly privacy information?

No

NordicTrack and iFit's privacy policy is not the worst we've seen but can be confusing and not exactly user-friendly.

Links to privacy information

Does this product meet our Minimum Security Standards? information

Yes

Encryption

Yes

Strong password

Yes

Security updates

Yes

Manages vulnerabilities

Yes

Privacy policy

Yes

Does the product use AI? information

Yes

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

NordicTrack provides recommendations on your workout.

Is the company transparent about how the AI works?

Can’t Determine

Does the user have control over the AI features?

Yes

*Privacy Not Included

Dive Deeper

  • Owners Resort to Hacking Smart Treadmills After NordicTrack Locks Them Out
    ExtremeTech Link opens in a new tab
  • iFIT Class Action Says Software Update Left Fitness Equipment ‘Totally Inoperable’ [UPDATE]
    ClassAction.org Link opens in a new tab
  • Peloton vs. NordicTrack: Which exercise bike is better for you?
    Tom's Guide Link opens in a new tab
  • Some NordicTrack and ProForm Exercise Machines Have Suddenly Stopped Working
    Consumer Reports Link opens in a new tab

Comments

Got a comment? Let us hear it.