Peloton Tread

Waarschuwing: *bij dit product is privacy niet inbegrepen

Peloton Tread

Peloton
Wifi Bluetooth

Beoordelingsdatum: 20 november 2023

|
|

Mozilla zegt

|
Mensen stemden op: Enigszins griezelig

Peloton isn't just about bikes anymore. They also sell a couple of high-priced treadmills. Those big bucks get you a shock-absorbing treadmill with a 24 inch touch screen built in so you can feel like you're running on the beach with your trainer when in fact you're stuck inside your apartment. Their app tracks your workouts and gives you access to things like yoga classes and strength training too. Tragically, Peloton had to issue a recall on their Tread+ treadmills when a child was killed when they were pulled under the treadmill. The company also had to issue a recall on their Tread treadmill because the console could detach and fall. Oof, 2021 was not a good year for Peloton Tread. Sadly, their privacy and security isn't so great either.

Wat kan er gebeuren als er iets misgaat?

Peloton became one of the go-to workout machines for those who could afford them during the pandemic. They’ve had a pretty rough go of it since though. In early 2023, they agreed to pay a $19 million civil penalty for a flaw that resulted in a 6-year old being killed in an accident on one of their treadmills back in 2021. Worse, the United States Consumer Product Safety Commission reported that Peloton was aware of “incidents associated with pull under and entrapment in the rear of the treadmills, including reports of injuries” before that design flaw ended in tragedy. The CPSC also said that company staff claimed Peloton continued to distribute the dangerous treadmills even after they recalled it. (If you have one of these machines, you can now request a safety guard from Peloton that will be available in early 2024.)

After the incident, Peloton did add additional safety features including a four-digit passcode to keep their treadmills from starting up for anyone without authorized access. Sounds great, right? Unfortunately they added a paywall too which meant unless you paid a subscription fee, your pricey Peloton could turn into an expensive towel rack. They did reverse that decision and unlock the “Just Ride,” “Just Run,” and “Just Walk” features plus a limited number of pre-recorded classes per month for “non-members.” But this issue of who owns and controls a connected device after purchase will almost certainly be a growing concern in the years ahead. Especially with a company like Peloton, which makes quite a lot of money off the content sold to users of their workout equipment.

And Peloton isn’t out of the woods yet regarding the safety of their machines. They had to issue another recall in mid-2023 for their bikes -- because the seat post can break or detach during use. As if spin classes needed to be any scarier.

As for Peloton’s privacy, they aren't exactly stellar there either. They say they don’t sell your personal information for money. In their U.S. States Privacy Notice for states with stricter privacy laws, like California and others, they clarify that some of the ways they share might be considered a sale according to those laws, referring specifically to website cookies and tracking technologies. That's pretty standard stuff, but still not the best. They do say they can share sensitive personal information (like age and gender), how you use your Peloton (like class performance history and leaderboard rank) as well as geolocation with third party advertising partners. That’s not cool. In their general privacy policy, they do say they will only share your “Fitness Data” in aggregated and anonymized format, which is normal and generally ok, although we should probably put out that many privacy researchers have demonstrated how it can be relatively easy to de-anonymize such data.

Security-wise, there have been some blunders too. In early 2021, a bug in the Peloton system reportedly exposed personal user data on their servers, including gender, age, location, and more, to anyone on the internet. It appears to be fixed now, but what's not good is that it took Peloton more than three months -- and a call from a journalist -- to address the vulnerability, according to the security researcher who discovered the problem. Recently, in the summer of 2023, it was reported that Pelotons may still have a number of security issues that could allow bad actors to get access to sensitive information. Eesh.

What’s the worst that could happen? Well, a child dying is pretty much the worst thing that could happen. We hope nothing like that ever happens again. As for what's the worst things that could happen from a privacy perspective...well, we sure hope Peloton gets their security act together because their pricey treadmills do come with cameras and microphones included and no one needs to hack into those and watch you grunting away during your workout.

Tips om uzelf te beschermen

  • Opt out from sharing of your information with third parties for marketing purposes via the form
  • Be very careful what third party companies you consent to share you health data with. If you do decided to share your health data with another company, read their privacy policy to see how they protect, secure, and share or sell your data.
  • Once you do not use a device any more, make sure to request deletion of all your data.
  • Do not sign up with third-party accounts. Better just log in with email and strong password.
  • Chose a strong password! You may use a password control tool like 1Password, KeePass etc
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless necessary)
  • Keep your app regularly updated
  • Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
  • Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
  • When starting a sign-up, do not agree to tracking of your data if possible.
  • mobile

Kan het me bespioneren? informatie

Camera

Apparaat: Ja

App: Nee

Microfoon

Apparaat: Ja

App: Nee

Volgt locatie

Apparaat: Ja

App: Ja

Wat is er nodig om u aan te melden?

Welke gegevens verzamelt het bedrijf?

Hoe gebruikt het bedrijf deze gegevens?

We ding this product for combining collected data with data from third parties, and sharing it for personalisation and advertising.

PELOTON PRIVACY POLICY

"WHY WE USE PERSONAL INFORMATION [...]
For personalisation and advertising. Peloton uses data for personalisation and advertising that may include:
Providing you with a personalized and tailored Service, to serve you with Peloton advertising on third party properties;
To serve you with relevant advertising and content on our Services;
Understanding and assessing the effectiveness of our ads displayed; and
We may contract with third-party advertising companies and social media companies to display ads on their service. These companies may use cookies and similar technologies to track your activity, the information collected by these third parties in this manner is subject to that third party’s own privacy policies. We may also use aggregated information from these sources for creating similar audiences in order to better target advertisements on their networks to potential consumers who appear to have shared characteristics. For more information, see our Cookies Policy and Section 7 “Your Privacy Rights and Preferences” below."

"Information we collect from other sources
Other Applications.
[...]
Security.
[...]
Other Sources. We may receive information about you from other sources to supplement information provided by you. The supplemental information allows us to enhance our ability to provide you with information about our business, products and Services and to provide you with any marketing communications that you have provided your consent to receive. Please see “Your Privacy Rights and Preferences” below for how to unsubscribe.

This may include:
Marketing such as where we are conducting a joint marketing campaign with a selected partner and you have provided consent for us to receive your information or data resellers whose data may be used for research or marketing purposes.
Publicly available sources
Partners we work with may, with your consent, collect information from your use of other connected devices, such as those made by other companies, to interact with our Services, such as activity trackers.
Financial sources such as credit bureaus and certain generalized credit ratings, with your consent, in order to provide rental or other Services to you."

"Sensitive Personal Information. We will only process Sensitive Personal Information where it is necessary, and where you give consent, for the purposes of providing Peloton Services, carrying out our legal obligations or exercising specific rights as permitted by law. The definition of Sensitive Personal Information depends on jurisdiction and where you are located, but geolocation, race, sexuality, and religion are examples of what may be considered sensitive in some locations....We ask that you not disclose Sensitive Personal Information to us through or in connection with our Services unless we have explicitly requested such disclosure from you."

"In some cases, research may be deidentified, compiled and analyzed on an aggregate basis, we may share this aggregate data with our affiliates, agents, service providers and other third parties with whom we do business. This includes, but is not limited to for example usage, performance, product, and music. This aggregate information does not identify you personally."

"Competent Law Enforcement Bodies, Regulators, Government Agencies, Courts or other Third Parties. We may share your personal information, including CCTV images, with competent law enforcement bodies, regulators, our insurers, external legal advisors, government agencies, courts or other third parties where we believe disclosure is necessary: (i) to comply with applicable law; (ii) to exercise, establish or defend our legal rights (including to collect amounts owed to Peloton); (iii) to protect your rights or vital interests or those or any other person; or (iv) to detect, prevent or otherwise address security, fraud or technical issues."

U.S. STATES PRIVACY NOTICE

"Please Note: Laws in some U.S. States define the term “sale” broadly, and it may include selling/sharing certain information for particular purposes through technology such as cookies and similar tracking technologies. We never sell personal information to third parties for money (as defined by state privacy laws). However, when you visit our websites, we and our partners may collect certain information about you, your devices, and your behavior through cookies, tags or similar technologies that may be considered a “sale/share” even if no money is exchanged."

"Some states allow residents to have the right to opt out of disclosures of Personal Information to third parties for valuable consideration (which may be considered a “sale” or “share” for example under California law even if no money is exchanged). If you reside in one of these states, and would like to minimize “selling” of your information with third parties for marketing purposes, see the “Your Rights” below."

Peloton shares 'geolocation', that may include 'internet protocol (IP) address, GPS location, longitude/latitude, city, county, zip code and region, and your location and your smart device’s proximity to “beacons,” Bluetooth networks and/or other proximity systems' to third-party advertising partners.

Hoe kunt u uw gegevens beheren?

We ding this product because it is It is not clear if all users, regardless of location, can get their data deleted.

PELOTON PRIVACY POLICY

"Depending on the country or U.S. state in which you are located, we respect your ability to know, access, correct, transfer, restrict the processing of, and delete your personal data. Please note that those rights do not always apply and there are certain exceptions to them.

Please also be advised that we continue to maintain some of your personal data where permitted by law, and that such information has not been deleted from Peloton systems. ...

"Please note that if you Delete your account this will result in the deletion of your Peloton account and all associated information, including workouts and achievements."

"Your rights to access and manage personal information

We recognize the importance of your personal information and provide simple ways for you to exercise the following rights: access (right to know), portability, rectification (correction or update), deletion (erasure), object and restrict processing. You can exercise these rights via the following ways:

Submit a request via our Privacy Request Form.
Update your profile and account settings - please see our Privacy Settings article for details.
To request that we not serve you recommendations or personalized content based on inferences (described above in section 2 (For Personalization and Advertising) please email us: [email protected].
Contact us if you have any questions - please see Section 12 'How To Contact Us'."

"DATA RETENTION
Peloton retains the personal information we receive as described in this Privacy Policy for as long as you use our Services or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements and comply with applicable laws. CCTV images are retained for 14 days in Germany and 30 days elsewhere. When we are no longer required to retain the personal information as described above, we will destroy, erase, or de-identify it.

Legal requirements, however, may require us to retain some or all of the personal information we hold for a period of time that is longer than that for which we might otherwise hold it."

Hoe staat het bedrijf bekend als het gaat om het beschermen van gebruikersgegevens?

Verbetering nodig

In July 2023, Check Point security experts unveiled vulnerabilities found in workout equipment made by Peloton. Exploiting these vulnerabilities could potentially grant threat actors access to user databases, exposing sensitive data of Peloton users.

Peloton had a reported security vulnerability in 2021 that may have leaked user privacy account data from their servers and apparently didn't fix it in a timely manner.

Privacyinformatie voor kinderen

"Peloton Services are not directed to, or intended for, children. We do not knowingly collect personal information directly from children who do not meet the minimum age requirement applicable in your jurisdiction, and if you do not meet the age requirements as specified in our Terms of Service.

If we become aware that we have collected personal data from a child under the minimum age, we promptly delete the personal data."

Kan dit product offline worden gebruikt?

Ja

Gebruikersvriendelijke privacy-informatie?

Nee

Peloton's privacy policies aren't the most difficult to read and understand that we've ever seen. We're still not sure we'd call them user-friendly though.

Koppelingen naar privacy-informatie

Voldoet dit product aan onze minimale beveiligingsnormen? informatie

Ja

Versleuteling

Ja

Sterk wachtwoord

Ja

Beveiligingsupdates

Ja

Beheert kwetsbaarheden

Ja

Privacybeleid

Ja

Gebruikt het product AI? informatie

Ja

Is deze AI onbetrouwbaar?

Kan niet bepalen

Wat voor soort beslissingen neemt de AI over u of voor u?

Peloton Tread uses AI solely to provide class recommendations to users.

Is het bedrijf transparant over hoe de AI werkt?

Ja

Peloton publishes several whitepapers explaining how AI works.

Heeft de gebruiker controle over de AI-functies?

Ja

*privacy niet inbegrepen

Dieper duiken

Opmerkingen

Hebt u een opmerking? Laat het ons weten.