We invest in features and security measures to protect customer and end user data. We continuously evaluate our privacy practices to ensure we are aligned with applicable privacy laws including the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR). You can learn more about our commitment to privacy in our Privacy Policy, the WHOOP Privacy Principles and the WHOOP Privacy Policy.
We keep customer and end user data safe in compliance with applicable privacy laws. Data is encrypted both in transit and at rest for heightened security. Customer and end user data is stored in AWS RDS and S3 services with 256-bit encryption. We employ “least privilege” requirements to ensure that only employees with a valid business purpose are given access to end user data. Access rights are reviewed on an annual basis.
Additionally, WHOOP Unite servers continuously run alert and intrusion monitoring software and are penetration-tested regularly.
We can prepare insights reports based on aggregate data and trends to help our customers better understand the kind of support their end users need. Insight reports can be tailored by industry, department, or otherwise to highlight specific areas of need. All reports are generated in a manner consistent with applicable end user consent. For more information on end user privacy rights, see the WHOOP Privacy Principles and the WHOOP Privacy Policy.