Whoop Strap 4
With the Whoop Strap (that's fun to say three times real fast) you don't buy a device, you join a membership. The device comes with the membership. For $30 a month you get the Whoop Strap device, access to the Whoop app which gives you tons and tons of metrics on things like sleep, stress, and exercise. The Whoop app (that's also really fun to say!) also gives you access to customized coaching to help you sleep better and train better. Given the growing following this little strap full of LEDs and photodiodes seems to have, it seems there's a lot to whoop about with Whoop. Yeah, yeah, even I know that pun was bad.
Update: In June 2022, after Roe vs Wade was overturned allowing US states to make access to abortion illegal, we took another look at Whoop's privacy and security as a device that can track menstrual cycle and reproductive health data. Our updated review is below. Overall, Whoop does a pretty good job of protecting their users privacy and security and clearly states how they will handle potential law enforcement requests for any reproductive health tracking data.
What could happen if something goes wrong?
The Whoop Strap is an interesting device. By all accounts, it measures a lot of body metrics, like body temperature, respiratory rate, and blood oxygen data quite well. And data is the name of the game for Whoop, so using algorithms to analyze all this data is key. All this becomes much more interesting when you read about how Whoop is being used to try and identify covid-19 symptoms early on. And how workplaces are asking (requiring?) their employees to wear such a tracking band to help them identify workers at risk for covid to keep them out of the workplace before they can infect others. It’s an interesting use of this sort of tracking technology with some good public health implications while also raising some serious privacy concerns.
When it comes to how Whoop handles your data, things seem pretty OK to us. Whoop says they do not sell personal data. Yay! And Whoop says they don’t use any personally identifiable wellness data for advertising purposes. Again, yay! They do use some personal data such as website browsing patterns and other similar usage behavior for interest-based advertising though. Boo, but not the hugest boo ever.
And they do say they may "use Aggregated Data, De-identified Data or other anonymous data from Personal Data we collect, including Wellness Data, for our business purpose...," and research purposes too. We don't love this, although it is pretty common. And it’s a good time to remind you that it’s been found to be pretty easy to de-anonymize some types of data and track down an individual’s patterns, especially with location data. Our biggest concern for the handling of all this sensitive personal data the Whoop collects is what happens to it when users opt to share with others through social media or corporate wellness programs. Once you agree to share your Whoop personal data with these sorts of third parties, then you need to rely on them to protect it and read their privacy policies to understand they can use it.
All in all Whoop does collect a huge amount of sensitive personal data, as most fitness trackers do. They also seem to do a decent job protecting this data and the privacy of their users. What’s the worst that could happen? Well, it seems in our brave new world these days it’s not too far fetched to think an employer could require you to wear one of these bands to monitor you for covid symptoms. But they take that monitoring way beyond that and look to see which employees drink on the weekends. The company then decides that’s against their code of conduct and fires you for what you do in your off hours. That’s some Big Brother potential right there. Here’s hoping that never happens.
Update, August 2022 following the overturn of Roe vs Wade protection reproductive health rights in the United States.
We reviewed the privacy and security practices of Whoop following the overturning of Roe vs Wade in the US. Whoop does offer what they call Menstrual Cycle Coaching and has participated in research that used their tracking wearable to study the impact of exercise on pregnant people and babies.
So, what should people using these features know about Whoop? Well, it's good they don't share personal wellness data with third parties for advertising, although they do share some personal usage and tracking data for that purpose. They also say they can share personal data with "Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services they render to us." Which is potentially a lot of sharing and the more sharing the more we worry. Finally, when it comes to sharing personal information with law enforcement they say they share data with "law enforcement, government authorities, and private parties we believe in good faith to be necessary or appropriate to comply with the law or legal process," which is a rather vague outline of how they share. We much prefer when companies state they won't give up user data to law enforcement unless required to under subpoena, and even then, we like to see them commit to only giving up the bare minimum necessary.
All in all, should people be concerned about using Whoop to track things like period, fertility, and pregnancy? Well, as with most of the things we reviewed, we'd recommend caution. Whoop does collect a good amount of data and does share some of it and doesn't have a clear and strong policy of not sharing with law enforcement. Could something go wrong with this data? Yes. Is it likely that it will, we sure hope not as Whoop tends to be OK (but not great) on privacy otherwise.
Tips to protect yourself
- Minimize volumes of data collected about you by an app
- Use two-factor authentication
- Be very careful what third party companies you consent to share you health data with. If you do decided to share your health data with another company, read their privacy policy to see how they protect, secure, and share or sell your data.
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images and videos)
- Keep your app regularly updated
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
Can it snoop on me?
Camera
Device: No
App: No
Microphone
Device: No
App: No
Tracks location
Device: No
App: Yes
What can be used to sign up?
Yes
Phone
No
Third-party account
Yes
What data does the company collect?
Personal
Name, email and mailing address, phone number, location
Body related
Heart rate, skin temperature, blood oxygen saturation level and acceleration; metadata on workouts and sleep birthday, sex or gender identity, weight, height, and fitness/athlete level.
Social
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
No known incidents in the last 3 years.
Child Privacy Information
Can this product be used offline?
User-friendly privacy information?
Simple privacy principles are provided.
Comments
Got a comment? Let us hear it.