Security and Privacy

We understand the importance of establishing a secure relationship between our customers and their end users. WHOOP Unite™ takes security, privacy, and compliance seriously. We want you to understand how we use, collect, and share both customer and end user data and the measures we take to protect this data.

A cell phone screen displays data from the WHOOP app

Continuous Investment and Evaluation

We invest in features and security measures to protect customer and end user data. We undergo periodic evaluations with a third-party audit firm to ensure that our controls are designed and operating effectively, and we continuously evaluate our privacy practices to ensure we are aligned with applicable privacy laws including the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR). You can learn more about our commitment to privacy in the WHOOP Privacy Principles and the WHOOP Privacy Policy.

Security and privacy trust services criteria
Privacy notice for European residents
Privacy notice for California residents
Close up on a soldier's wrist with a WHOOP wearable on it

Security and Compliance

We keep customer and end user data safe in compliance with applicable privacy laws. Data is encrypted both in transit and at rest for heightened security. Customer and end user data is stored in AWS RDS and S3 services with 256-bit encryption. We employ “least privilege” requirements to ensure that only employees with a valid business purpose are given access to end user data. Access rights are reviewed on an annual basis. 

Additionally, WHOOP Unite servers continuously run alert and intrusion monitoring software and are penetration-tested regularly.      

Data Management

We can share end user data in a variety of ways, including through our analytics dashboard, exportable .csv files, or monthly insight reports. WHOOP Unite provides our customers with the ability to receive data in an identifiable format, or alternatively, in a partially or fully de-identified, anonymized format, dependent on the customer's need and subject to end user consent. 

We provide valuable product experiences and services in exchange for fees.
Therefore, we never sell personal data. This is our promise. Because of how
broadly the CCPA defines “sale,” we make it clear that we use third-party cookies
and other tracking technologies.

A professional business person wearing WHOOP looks at her app data to see how to improve her health & performance
Receive detailed insights into your team through the Unite Platform

Insights and Reporting

We can prepare insights reports based on aggregate data and trends to help our customers better understand the kind of support their end users need. Insight reports can be tailored by industry, department, or otherwise to highlight specific areas of need. All reports are generated in a manner consistent with applicable end user consent. For more information on end user privacy rights, see the WHOOP Privacy Principles and the WHOOP Privacy Policy.

Ready to take the next step?

We know privacy and security are important to you. Contact us to see what WHOOP Unite can do for your organization.

Back to Top