Whoop Strap 4
Wearables Fitness Trackers Reproductive Health Reproductive Health: Wearables

Whoop Strap 4

Whoop
Bluetooth

Review date: Aug. 9, 2022

|
Mozilla researched 8 hours
|

Mozilla says

|
People voted: Somewhat creepy

With the Whoop Strap (that's fun to say three times real fast) you don't buy a device, you join a membership. The device comes with the membership. For $30 a month you get the Whoop Strap device, access to the Whoop app which gives you tons and tons of metrics on things like sleep, stress, and exercise. The Whoop app (that's also really fun to say!) also gives you access to customized coaching to help you sleep better and train better. Given the growing following this little strap full of LEDs and photodiodes seems to have, it seems there's a lot to whoop about with Whoop. Yeah, yeah, even I know that pun was bad.

Update: In June 2022, after Roe vs Wade was overturned allowing US states to make access to abortion illegal, we took another look at Whoop's privacy and security as a device that can track menstrual cycle and reproductive health data. Our updated review is below. Overall, Whoop does a pretty good job of protecting their users privacy and security and clearly states how they will handle potential law enforcement requests for any reproductive health tracking data.

What could happen if something goes wrong?

The Whoop Strap is an interesting device. By all accounts, it measures a lot of body metrics, like body temperature, respiratory rate, and blood oxygen data quite well. And data is the name of the game for Whoop, so using algorithms to analyze all this data is key. All this becomes much more interesting when you read about how Whoop is being used to try and identify covid-19 symptoms early on. And how workplaces are asking (requiring?) their employees to wear such a tracking band to help them identify workers at risk for covid to keep them out of the workplace before they can infect others. It’s an interesting use of this sort of tracking technology with some good public health implications while also raising some serious privacy concerns.

When it comes to how Whoop handles your data, things seem pretty OK to us. Whoop says they do not sell personal data. Yay! And Whoop says they don’t use any personally identifiable wellness data for advertising purposes. Again, yay! They do use some personal data such as website browsing patterns and other similar usage behavior for interest-based advertising though. Boo, but not the hugest boo ever.

And they do say they may "use Aggregated Data, De-identified Data or other anonymous data from Personal Data we collect, including Wellness Data, for our business purpose...," and research purposes too. We don't love this, although it is pretty common. And it’s a good time to remind you that it’s been found to be pretty easy to de-anonymize some types of data and track down an individual’s patterns, especially with location data. Our biggest concern for the handling of all this sensitive personal data the Whoop collects is what happens to it when users opt to share with others through social media or corporate wellness programs. Once you agree to share your Whoop personal data with these sorts of third parties, then you need to rely on them to protect it and read their privacy policies to understand they can use it.

All in all Whoop does collect a huge amount of sensitive personal data, as most fitness trackers do. They also seem to do a decent job protecting this data and the privacy of their users. What’s the worst that could happen? Well, it seems in our brave new world these days it’s not too far fetched to think an employer could require you to wear one of these bands to monitor you for covid symptoms. But they take that monitoring way beyond that and look to see which employees drink on the weekends. The company then decides that’s against their code of conduct and fires you for what you do in your off hours. That’s some Big Brother potential right there. Here’s hoping that never happens.

Update, August 2022 following the overturn of Roe vs Wade protection reproductive health rights in the United States.
We reviewed the privacy and security practices of Whoop following the overturning of Roe vs Wade in the US. Whoop does offer what they call Menstrual Cycle Coaching and has participated in research that used their tracking wearable to study the impact of exercise on pregnant people and babies.

So, what should people using these features know about Whoop? Well, it's good they don't share personal wellness data with third parties for advertising, although they do share some personal usage and tracking data for that purpose. They also say they can share personal data with "Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services they render to us." Which is potentially a lot of sharing and the more sharing the more we worry. Finally, when it comes to sharing personal information with law enforcement they say they share data with "law enforcement, government authorities, and private parties we believe in good faith to be necessary or appropriate to comply with the law or legal process," which is a rather vague outline of how they share. We much prefer when companies state they won't give up user data to law enforcement unless required to under subpoena, and even then, we like to see them commit to only giving up the bare minimum necessary.

All in all, should people be concerned about using Whoop to track things like period, fertility, and pregnancy? Well, as with most of the things we reviewed, we'd recommend caution. Whoop does collect a good amount of data and does share some of it and doesn't have a clear and strong policy of not sharing with law enforcement. Could something go wrong with this data? Yes. Is it likely that it will, we sure hope not as Whoop tends to be OK (but not great) on privacy otherwise.

Tips to protect yourself

  • Minimize volumes of data collected about you by an app
  • Use two-factor authentication
  • Be very careful what third party companies you consent to share you health data with. If you do decided to share your health data with another company, read their privacy policy to see how they protect, secure, and share or sell your data.
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images and videos)
  • Keep your app regularly updated
  • Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
mobile Privacy Security A.I.

Can it snoop on me? information

Camera

Device: No

App: No

Microphone

Device: No

App: No

Tracks location

Device: No

App: Yes

What can be used to sign up?

What data does the company collect?

How does the company use this data?

Whoop does not sell personal data. Whoop uses aggregated or de-identified wellness data that no longer identifies a particular individual, for research purposes. Whoop does not use personally identifiable wellness data for marketing or advertising purposes.

Whoop does not use personally identifiable Wellness Data for marketing or advertising purposes.

Your data may be shared with advertising partners that may collect information on Whoop website through Cookies and other automated technologies, including for the interest-based advertising. Whoop does not share your wellness data with advertising partners.

How the company says they may share data with law enforcement:
"We use Personal Data for the following purposes:
Respond to law enforcement requests and as required by applicable law, court order, or governmental regulations."

How can you control your data?

Whoop will delete/give you access to your personal data if you ask to, including if asked when you cancel your membership. You may request a full deletion of your account and corresponding data by emailing [email protected]

Whoop may share your data to respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.

What is the company’s known track record of protecting users’ data?

Average

No known incidents in the last 3 years.

Child Privacy Information

"If you are under 13, or 16 where applicable, please do not attempt to register for the Services or send any Personal Data about yourself to us. If we learn that we have collected Personal Data from a child under age 13, or 16 where applicable, we will delete that information as quickly as possible. If you believe that a child under 13, or 16 where applicable, may have provided us Personal Data, please contact us at [email protected]"

Can this product be used offline?

No

User-friendly privacy information?

Yes

Simple privacy principles are provided.

Links to privacy information

Does this product meet our Minimum Security Standards? information

Yes

Encryption

Yes

Strong password

Yes

Security updates

Yes

Manages vulnerabilities

Yes

Privacy policy

Yes

Does the product use AI? information

Can’t Determine

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

Is the company transparent about how the AI works?

Can’t Determine

Does the user have control over the AI features?

Can’t Determine

*privacy not included

Dive Deeper

  • Employers Want to Track Your Health With Wearable Fitness Trackers During COVID
    Mel Magazine
  • How Whoop is Fighting Covid-19
    WHOOP
  • The Whoop Strap 4.0 launches today, 2 years after its predecessor
    Ars Technica
  • The Whoop Strap and Oura Ring Are Measuring the Impact of Menstruation and Pregnancy on Athletes as Women's Research and Tech Finally Rise
    SportTechie
  • New WHOOP Feature: Menstrual Cycle Coaching
    WHOOP
  • WHOOP Features Support Reproductive Health Through All Life Stages
    WHOOP
  • Using wearable tech to keep babies, pregnant women healthy
    WVU Today

Comments

Got a comment? Let us hear it.