Warning: *privacy not included with this product
Peloton isn't just about bikes anymore. They also sell a couple of high-priced treadmills too. Those big bucks get you a shock-absorbing treadmill with a 24 or 32 inch touch screen built in so you can feel like you're running on the beach with your trainer when in fact you're stuck inside your apartment. Their app tracks your workouts and gives you access to things like yoga classes and strength training too. Tragically, Peloton had to issue a recall on their Tread+ treadmills when a child was killed when they were pulled under the treadmill. The company also had to issue a recall on their Tread treadmill because the console could detach and fall. Oof, 2021 was not a good year for Peloton Tread.
What could happen if something goes wrong?
Peloton became one of the go-to workout machines for those who could afford them during the pandemic. They’ve had a rough 2021 though. Here’s what happened. Peloton sells expensive treadmills alongside their popular exercise bikes. Tragically, a 6-year old was killed in an accident on one of these treadmills. Due to safety concerns, Peloton issued a recall and added a feature called Tread Lock that requires a four-digit passcode to keep their treadmills from starting up for anyone without authorized access.
Sounds great, right? Here’s the problem. Peloton treadmill users needed that Tread Lock four-digit passcode to unlock their treadmill and Tread Lock required a $39 per month subscription. If users cannot unlock their treadmill, they can’t use the machine at all. Peleton offered the Tread Lock subscription at no cost for three months and in August updated that so all Tread owners could access Tread Lock and Just Run without a subscription. This is good as many Peloton users worried their costly treadmills would turn into expensive towel racks - not something they signed up for when they bought the treadmill. This issue of who owns and controls a connected device after purchase will almost certainly be a growing concern in the years ahead. Especially with a company like Peloton, which makes quite a lot of money off the content sold to users of their workout equipment.
As for Peloton’s privacy, they do a decent job. They say they don’t sell your personal information. They may share your information with third parties for marketing after they de-identify it, which is normal and generally ok, although we should probably put out that many privacy researchers have demonstrated how it can be relatively easy to de-anonymize such data. Unfortunately, we could find no mention of their data retention or deletion policies. In early 2021, a bug in the Peloton system reportedly exposed personal user data on their servers, including gender, age, location, and more, to anyone on the internet. It appears to be fixed now, but what's not good is that it took Peloton more than three months — and a call from a journalist — to address the vulnerability, according to the security researcher who discovered the problem.
What’s the worst that could happen? Well, a child dying is pretty much the worst thing that could happen. We’re glad Peloton worked to fix this problem. We hope nothing like that ever happens again.
Tips to protect yourself
- Opt out from sharing of your information with third parties for marketing purposes via the form
- Once you do not use a device any more, make sure to request deletion of all your data
What can be used to sign up?
What data does the company collect?
Name, email, phone number, address, age, gender, location
Weight, height, voice recordings, visual image
Friends you follow
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
Peloton had a reported security vulnerability in 2021 that may have leaked user privacy account data from their servers and apparently didn't fix it in a timely manner.
Can this product be used offline?
User-friendly privacy information?
Links to privacy information
Does this product meet our Minimum Security Standards?
Peloton’s leaky API let anyone grab riders’ private account dataTechCrunch
Tour de Peloton: Exposed user dataPen Test Partners
Peloton Recalls Tread+ Treadmills After One Child Died and More than 70 Incidents ReportedUnited States Consumer Product Safety Commission
Peloton Recalls Its Tread+ and Tread Treadmills After They're Linked to Serious Safety HazardsConsumer Reports
Peloton Tread+ Recall: What Owners Need to KnowNew York Times
Peloton is updating its treadmills to again be useful without a subscriptionThe Verge
Peloton comes out with new treadmill after recallMobi Health News
Peloton is figuring out how to moderate extremist contentAxios
Peloton Studio Security BreachTom
Got a comment? Let us hear it.