We keep customer and end user data safe in compliance with applicable privacy laws. Data is encrypted both in transit and at rest for heightened security. Customer and end user data is stored in AWS RDS and S3 services with 256-bit encryption. We employ “least privilege” requirements to ensure that only employees with a valid business purpose are given access to end user data. Access rights are reviewed on an annual basis.
Additionally, WHOOP Unite servers continuously run alert and intrusion monitoring software and are penetration-tested regularly.