Privacy Policy
OURA RING
Privacy Policy
Contents
- Oura's Commitment to Privacy
- About This Privacy Policy
- Why Does Oura Process Your Personal Data?
- Oura Platform
- Online Customers & Site Visitors
- U.S. States with Enhanced Privacy Requirements
- Data Sharing and Transfers
- Safeguarding Your Data
- Data Retention
- Use of Cookies
- Your Rights as a Data Subject
- Controller Contact Information
1. Oura's Commitment to Privacy
At Oura, protecting your personal data is a task we take seriously. Our products are designed to help you to track important aspects of your health like your daily habits, reproductive health, and the quality of your sleep — we understand that data does not get much more personal than this. That's why we firmly believe that you should be in charge when it comes to your personal data.
This Privacy Policy ("Policy") is designed to provide you with the information you need to take control of your personal data, which is a fundamental aspect of empowering your health journey. Please take a moment to carefully review this Policy.
2. About This Privacy Policy
This Policy applies to processing of personal data by Oura Health Oy and Ouraring Inc. and its subsidiaries (collectively, "Oura") when you visit our web properties ("Sites"); use the Oura Ring with the Oura App, Oura on the Web, or use other Oura services ("Services").
OURA HEALTH OY
Headquarters
Elektroniikkatie 10
90590 Oulu, Finland
dataprotection@ouraringr.com
OURARING INC.
US Subsidiary
222 Kearny Street, 7th Floor
San Francisco, CA 94108
United States
3. Why Does Oura Process Your Personal Data?
The sections below explain the categories of personal data we collect and process, as well as the reasons we do so. You will also find information on our legal basis for processing your data, and our data sources.
3.1 Device & Application Users — Processing Purposes
When you use Oura Services, we collect and process your personal data for the following purposes:
We process personal data when you use our Services, such as to provide you with personalized insights about your readiness, sleep, activity, and other inferences about your health status.
We process personal data to provide customer service and manage our customer communication. For example, if you contact our virtual assistant with questions regarding your account, we may use the provided information to answer your questions, and for solving any issues you may have.
We may process personal data regarding your use of the Services to protect your privacy. This may involve the use of privacy enhancing technologies and other privacy-protective techniques. When information is aggregated or anonymized, it is no longer personal data.
We process personal data regarding your use of our Services to understand how you use our Services and how we can improve them. For example, we may process personal data to improve your user experience in the Oura App or to develop cutting-edge features to provide you with new insights about your health. When feasible, we do this using data that has been processed in a manner to protect your privacy, such as by pseudonymization.
We may process personal data about human performance and wellbeing to benefit our users and improve the cutting-edge insights we provide with our Services. Some features of our Services may use third-party automated technology to provide a more personalized experience, and to give you comprehensive insights about your data. When feasible, we do this using data that has been processed in a manner to protect your privacy.
We process marketing-related personal data to provide online advertising and other marketing communications on behalf of Oura and our partners. We use cookies and similar technologies on our website to create audiences for online advertisement. You can opt out of direct marketing communications from Oura.
We process personal data you provide to Oura to enable third party integrations, services, features, and offerings. For example, with your permission, our Services may integrate with third-party services like Google Health Connect and Apple HealthKit, or those of our partners. Oura takes measures to help ensure third-party services protect your personal data, which means that Oura only processes your data with respect to third-party integrations when you choose to integrate them with our Services, or when you provide the necessary consents.
In certain cases, we must process certain data when it is required by applicable laws and regulations. Such statutory obligations are related, for example, to accounting and tax requirements, legal claims, or other legal purposes. Oura will oppose any request to provide legal authorities with access to user data for surveillance or prosecution purposes. We will notify users if we receive any such request whenever legally permissible.
3.2 Legal Basis for Processing
Data protection law in Europe and the U.K. requires a "lawful basis" for collecting and retaining personal information from residents of the European Economic Area. Our lawful bases for processing your data depend on the particular processing purposes, including:
When processing personal data for the purpose of providing our Services, we process personal data on the basis of a user contract, which is formed when you create your account and accept this Policy and our Terms of Use.
We process your sensitive personal data only with your consent. In some cases, you can provide your consent to us for processing your data through your actions, such as by adding sensitive personal data into your notes, or by adding health related tags in the Oura App.
We process your personal data based on our legitimate interests when we process it for the purposes of marketing our Services and Sites, providing our customer service, and improving our Services. When choosing to use your personal data on the basis of our legitimate interests, we carefully weigh our own interests against your right to privacy, in compliance with applicable law.
Oura must process certain information to comply with statutory obligations which may vary in each country. For example, such obligations can relate to consumer protection or tax laws.
3.3 Processed Data and Data Source
In most cases, Oura collects personal data directly from you, such as when you register for an account, tag your data in the Oura mobile or web app, or use your Oura Ring. We may also process personal data that is produced from the information you provide to us. Oura may also rely on trusted third-party processors to process data on our behalf, such as our cloud service providers.
Oura processes the following personal data categories when you use our Services:
- Contact information such as email address or physical address.
- User information such as gender, height and weight, User ID, and other information you may provide to us about yourself or your account.
- Device information such as IP address and location data.
- User-provided activity and contextual information such as the activities, notes, comments, user feedback, and tags you provide within the app.
- Measured data such as heart rate, movement data, temperature data, and respiration data.
- Calculated user, sleep, health, and activity data such as sleep phases (deep, light, REM, awake), activity levels throughout the day, readiness level, and body mass index (calculated based on height and weight).
Please note that some of the personal data we process, including any data concerning your health, is considered special or sensitive personal data. Under applicable law, such data is processed only if you have given your consent for processing.
If you access or use any of Oura's location-based services, Oura may process the approximate or precise location of your device while the service is active. Oura does not process such location data without first obtaining your consent. You may disable such location processing at any time using your device's location permission settings.
4. Oura Platform
Oura Platform is a service that allows you to share your Oura Ring data with your doctor, coach, trainer, employer, researchers, and/or any other person or entity ("Data Recipient(s)") with whom you choose to share your data after receiving an invitation to do so.
Once your data is shared to the Oura Platform, the Data Recipient becomes the controller of your personal data and is responsible for its use and processing in accordance with all applicable data protection and privacy laws. Oura is not responsible for the Data Recipient's processing of your data or the security of any personal data that the Data Recipient has extracted from the Oura Platform.
Data accessible to recipients
Account Data (user-provided)
- Name
- E-mail address
- Gender
- Birth date and year
- Height and weight
- Activities
- Notes and tags
Automatically Collected Data
- Heart rate
- Movement data
- Temperature data
- Duration of sleep
- Sleep phases (deep, light, REM, awake)
- Activity data throughout the day
- Automatically generated tags
Technical & Usage Data
- User ID (randomly generated)
- IP address and high-level location
- Metadata regarding service use
Your personal data is disclosed to the Data Recipient only if you give consent. You can withdraw your data sharing consent at any time from the settings menu on the Oura App. You can stop the flow of data to the Data Recipient so that the Data Recipient cannot receive new data from you or through Oura Platform. However, please note that withdrawing your consent does not affect the processing of data that the Data Recipient already extracted from Oura Platform.
5. Online Customers & Site Visitors
If you visit Oura's Sites or complete orders on Oura's online store, we process personal data for the following purposes:
We process personal data to power our offerings, which may include when you visit our Sites. For example, this may include processing your data to enable Site performance.
We process personal data to process, handle, and deliver your purchases, and to facilitate your shopping.
We process personal data to provide customer service and manage customer communication. For example, if you contact our virtual assistant with questions regarding our Sites or Services, we may use the provided information to answer your questions, and for solving any issues you may have.
We may process personal data regarding your use of our Services to protect your privacy. This may involve the use of privacy enhancing technologies and other privacy-protective techniques.
We process personal data to analyze and improve our Sites. For example, we may process personal data to analyze Site performance, improve user experience, and optimize the Site's content and layout. When feasible, we will do this using data that has been processed to protect your privacy.
We process personal data to provide online advertising and marketing communications on behalf of Oura and our partners. We use cookies on our Site to create targeted audiences for online advertisement. You can always opt out of Oura direct marketing communications.
In certain cases, we must process certain personal data when it is required by applicable legislation. Such statutory obligations are related, for example, to accounting and tax requirements, legal claims, or other legal purposes.
5.1 Processed Data — Online Store & Site Visitors
We process the following personal data categories when you visit our Site:
- Contact information such as name, email address and address.
- Delivery information such as your purchases and chosen payment method.
- Device information such as IP address, time of visit, and location data.
- User activity such as browsing patterns on the Site and any communications you have with us.
6. U.S. States with Enhanced Privacy Requirements
NOTICE FOR ALL U.S. CONSUMERS
This notice supplements the information contained in Oura's Privacy Policy and applies solely to all visitors, users, and others who reside in states within the U.S. with enhanced privacy notice requirements, such as California ("customers" or "you"), and who access Oura's Sites or Services.
When a customer interacts with Oura's Sites or Services, Oura collects information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, device, or household ("personal information" or "personal data").
In the preceding twelve (12) months, Oura has not sold personal information to third parties, including data aggregators, as it is against our policies.
6.1 Consumer Rights
If you are a resident of a state with enhanced rights related to the personal information Oura may process about you, you have certain rights:
You have the right to request that we disclose the personal information we have collected about you over the past 12 months, including: the categories of personal information collected, sources for that information, our business or commercial purposes for collecting it, the categories of third parties with whom we share it, and the specific pieces of personal information we collected about you.
You have the right to request correction of your personal information. Please note that you can correct and update some of your basic information via the Oura App.
You have the right to request erasure of your personal information, subject to certain exceptions, such as when we have a legal obligation to retain the data in question.
You can request disclosure, access to, correction, and/or deletion of your personal data by sending an email to dataprotection@ouraringr.com or by creating a ticket via the Oura Help page on the Oura App, including your full name, address, email address, and phone number. We will respond to all validated requests within 45 days.
If we decide not to take action in response to your request, you may submit an appeal by sending an email to dataprotection@ouraringr.com and marking your request as an "Appeal." We will resolve your appeal within the time frames established by applicable law. If your appeal is denied, we will explain why.
Oura does not discriminate against users who request to exercise their privacy rights. Unless an exception applies, this includes our promise not to: deny you goods or services; charge you different prices or rates; provide you a different level or quality of goods or services; or suggest that you may receive a different price or rate for goods or services.
7. Data Sharing and Transfers
7.1 Personal Data Sharing
Oura does not sell or rent your personal information, and only shares your personal data with certain trusted service providers and partners so that we can provide and improve our services, to provide partner services and other offerings, and to operate our business. Whenever we share data with third-party service providers, we require that they use your information only for the purposes we've authorized.
Like most companies, Oura uses service providers for purposes such as:
- Providing and improving our online service platform.
- Storing our users' data.
- Providing customer services.
- Managing and organizing our marketing activities. Oura only shares website usage data with our advertising network partners for the purposes of analyzing and optimizing our marketing. Oura does not share Service data with third-party advertisers.
- Analyzing information regarding the use of our Sites and Services to improve our service quality.
7.2 Legal Frameworks for International Transfers
Oura is a global company with servers around the world, and your personal data may at times be processed on servers located outside of the country where you live. Although data protection laws vary among countries, regardless of where your personal data is processed, we apply the same protections described in this Policy.
Oura participates in the EU-US Data Privacy Framework, the UK Extension to the EU-US Data Privacy Framework, and the Swiss-US Data Privacy Framework (collectively, the "Data Privacy Frameworks") as set forth by the US Department of Commerce regarding the processing of personal data from the European Economic Area, the United Kingdom and Gibraltar, and Switzerland.
Oura is subject to the investigatory and enforcement powers of the US Federal Trade Commission. In certain situations, Oura may be required to disclose the personal information we process under the Data Privacy Frameworks in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
7.3 Personal Data Disclosures
We also reserve the right to disclose personal data under certain specific circumstances, including:
- When we have your express consent to do so.
- When it is reasonably necessary for our legitimate interests in conducting our business, such as in the event a merger, acquisition, or sale.
- To protect Oura's legal rights and property.
- To comply with valid legal requirements. Oura will oppose any request to provide legal authorities with access to user data for surveillance or prosecution purposes; we will notify users if we receive any such request, whenever legally permissible.
Otherwise, your personal data is never shared with any individual or other organization.
8. Safeguarding Your Data
Oura uses technical and organizational safeguards to keep your data safe and secure. When appropriate, these safeguards include measures such as anonymization or pseudonymization of personal data, strict access control, and the use of encryption to protect the data we process.
Our personnel receive adequate training to ensure personal data is processed only in accordance with our internal policies, consistent with our obligations under applicable law. We also limit access to your sensitive personal data to personnel that have specifically been granted such access.
Online services that we provide via our Site protect your personal data in-transit using encryption and other security measures. We also regularly test our service, systems, and other assets for possible security vulnerabilities.
We update our Services regularly to protect your personal data. We recommend that you make sure that you always have the latest app and firmware versions installed in order to maximize protection of your data.
9. Data Retention
The retention period for your personal data generally depends on the duration of your Oura account lifecycle. Your personal data will be deleted when it is no longer needed for the purpose for which it was originally collected, unless we have a legal obligation to retain data for a longer period of time. For example, your measurement data regarding your sleep, readiness, and activity is stored only so long as your Oura account is active.
Oura also has legal obligations to retain certain personal data for a specific period of time, such as for tax purposes. These required retention periods may include, for example, accounting and tax requirements, legal claims, or for any other legal purposes. Please note that obligatory retention periods for personal data vary based on the relevant law.
If you wish, you may request deletion of your Oura account by contacting dataprotection@ouraringr.com or you can remove your account data from the Services within the Oura App or Oura on the Web by following the instructions available on the Oura Help Center.
10. Use of Cookies
We use cookies and various other technologies to collect and store analytics and other information when customers use our Site, as well as for personalization and advertising purposes. The cookies we use include both first-party and third-party cookies.
Cookies are small text files sent and saved on your device that allows us to identify visitors of our Site, facilitate the use of our Site, and to create aggregate information of our visitors. This helps us to improve our service and better serve our customers, and will not harm your device or files. We use cookies and similar technologies to tailor our Site and the information we provide in accordance with the individual interests of our customers.
Cookies are also used for tracking your browsing habits and for targeting and optimizing advertising, both on our Site as well as on other sites you may visit. We also use cookies and similar technologies for integrating our social media accounts on our Site.
For more information on Oura's use of cookies and how you can set your cookie preferences, please contact us at support.ouraringr.com.
11. Your Rights as a Data Subject
Whenever Oura processes your personal data, you have certain rights that enable you to control how your personal data is being processed. If you wish to exercise your rights as a data subject, please contact dataprotection@ouraringr.com or create a ticket via the Oura Help page on the Oura App with your request to do so.
You have the right to know what personal data is processed about you. You may contact us to request access to the personal data we have collected about you, and we will confirm whether we are processing your data, and provide you with information about the personal data we have collected and processed. By using the Oura App, you can easily access the sleep, readiness, and activity data that we process about you.
You have the right to request the deletion of your personal data in certain circumstances. We will comply with such requests unless we have a valid legal basis not to do so, or a legal obligation to preserve the data.
You have the right to request correction of any incorrect or incomplete personal data we have stored about you. Please note that you can correct and update some of your basic information directly within our Services.
You have the right to request receipt of the personal data you have provided to us in a structured and commonly used format. The right to data portability only applies when we process your personal data for certain reasons, such as by contract or by your consent. Please note that the Oura App provides you with the ability to export your own data.
You have the right to object to or opt out of the processing of your personal data under certain circumstances. In the event that we do not have legitimate grounds to continue processing such personal data, we will no longer process your personal data after we have received and verified your objection. However, Oura does not sell your data, profile, or engage in targeted advertising based on your personal data, and you always have the right to opt out of direct marketing at any time.
You have the right to request that we restrict processing some types of personal data under certain circumstances. For example, if you contest the accuracy of your data, you can make a restriction request that we do not process your data until Oura has verified the accuracy of your data.
If we have requested your consent in order to process your personal data, you have the right to withdraw your consent for such processing at any time where this right is provided by local law. It should be noted, however, that withdrawing your consent may lead to issues or restrictions on your ability to fully utilize Oura Services. Please note that you can always unsubscribe from receiving our newsletter and other marketing emails by using the 'Unsubscribe' link provided in the emails you receive from us.
Oura strives to address your privacy concerns. If you have contacted Oura about your issue and are still unhappy with our response, subject to applicable law, you may contact your local supervisory authority regarding your issue. However, we urge you to first contact us at dataprotection@ouraringr.com so that we can more quickly resolve your issue before escalating the issue.
12. Controller Contact Information
For any privacy-related questions or to exercise your rights under this Policy, please contact us through the following channels:
Elektroniikkatie 10, 90590 Oulu, Finland
222 Kearny Street, 7th Floor, San Francisco, CA 94108, United States
Policy Updates
We reserve the right to update this Policy from time to time at our sole discretion. We strive to let you know about any material changes by notifying you on our Site or by sending you an email or push notification. Your continued use of Oura's services after any changes to this Policy constitutes your acceptance of the revised terms.