We believe that transparency is the key to any healthy relationship. At Fitbit, we’re all about healthy. We appreciate that you are trusting us with information that is important to you, and we want to be transparent about how we use it.
Here we describe the privacy practices for our devices, applications, software, websites, APIs, products, and services (the “Services”). You will learn about the data we collect, how we use it, the controls we give you over your information, and the measures we take to keep it safe.
Specifically, we’ll cover:
When you use our Services, we collect the following types of information.
Some information is required to create an account on our Services, such as your name, email address, password, date of birth, gender, height, weight, and in some cases your mobile telephone number. You may also choose to provide other types of information, such as a profile photo, community username, food log, alarm, and messages on discussion boards or to your friends on the Services.
To help improve your experience or enable certain features of the Services, you may choose to provide us with additional information. For example, you may connect with friends on the Services or invite friends who have not yet joined by providing their email addresses, accessing social networking accounts, or using the contact list on your mobile device. We do not store your contact list and delete it after it is used for adding contacts as friends.
If you contact us or participate in a survey, contest, or promotion, we collect the information you submit such as your name, contact information, and message.
If you choose to connect your account on our Services to your account on another service, we may receive information from the other service. For example, if you connect to Facebook or Google, we may receive information like your name, profile picture, age range, language, email address, and friend list. You may also choose to grant us access to your exercise or activity data from another service. You can stop sharing the information from the other service with us by removing our access to that other service.
Some Fitbit devices support payments and transactions with third parties. If you activate this feature, you must provide certain information for identification and verification, such as your name, credit, debit or other card number, card expiration date, and CVV code. This information is encrypted and sent to your card network, which upon approval sends back to your device a token, which is a set of random digits for engaging in transactions without exposing your card number. For your convenience, we store the last four digits of your card number and your card issuer’s name and contact information. You can remove the token from your account using your account settings. We do not store your transaction history.
If you purchase Fitbit merchandise on our website, you provide your payment information, including your name, credit or debit card number, card expiration date, CVV code, and billing address. We do not store this payment information. We store your shipping address to fulfill your order.
Your device collects data to estimate a variety of metrics like the number of steps you take, your distance traveled, calories burned, weight, heart rate, sleep stages, active minutes, and location. The data collected varies depending on which device you use. When your device syncs with our applications or software, data recorded on your device is transferred from your device to our servers.
The Services include features that use precise location data, including GPS signals, device sensors, Wi-Fi access points, and cell tower IDs. We collect this type of data if you grant us access to your location. You can always remove our access using your Fitbit device or mobile device settings. We may also derive your approximate location from your IP address.
When you access or use our Services, we receive certain usage data. This includes information about your interaction with the Services, for example, when you view or search content, install applications or software, create or log into your account, pair your Fitbit device to your account, or open or interact with an application on your Fitbit device
We also collect data about the devices and computers you use to access the Services, including IP addresses, browser type, language, operating system, Fitbit or mobile device information (including device and application identifiers), the referring web page, pages visited, location (depending on the permissions you have granted us), and cookie information.
We use the information we collect to provide and support our Services and make them better for all our users. Here’s how:
Using the information we collect, we are able to deliver the Services, improve them, and research and develop new ones. For example, we use the information to provide you with the Services you request; understand how you and other users interact with the Services; track exercise, activity, and other trends; provide customer support; troubleshoot and protect against errors; perform data analysis and testing; conduct research and surveys; and develop new features and Services.
We may also use your information to help you find and connect with other users and to allow other users to find and connect with you on the Services. For example, your account contact information allows other users to add you as a friend. When another user has your email or mobile phone number in their contact list or in their friend network on a connected service, we show that user that you are a user of the Services.
When you allow us to collect precise location information, we use that information to provide and improve features of the Services such as recording where a workout took place or mapping an activity.
We use the information we collect to personalize the Services, make inferences, and show you more relevant content. Here are some examples:
We use your information to send you Service notifications and inform you of new features or products we think you would be interested in. You can control marketing communications and most Service notifications by using your notification preferences in account settings or via the 'Unsubscribe' link in an email. We also use your information to respond to you when you contact us.
We use the information we collect to promote the safety and security of the Services, our users, and other parties. For example, we may use the information to authenticate users, facilitate secure payments, protect against fraud and abuse, respond to a legal request or claim, conduct audits, and enforce our terms and policies.
We do not share your personal information except in the limited circumstances described below.
You may direct us to disclose your information to others, such as when you use our community features like the forums, 7-day leaderboard, and other social tools. For certain information, we provide you with privacy preferences in account settings and other tools to control how your information may be accessed by other users on the Services. Just remember that if you choose to participate in a challenge, information like your profile photo, posted messages, total steps in the challenge, personal statistics, and achievements, is not governed by your privacy preferences and will be visible to all other challenge participants.
You may also authorize us to share your information with others, for example, with a third-party application when you give it access to your account, or with your employer when you choose to participate in an employee wellness program. Remember that their use of your information will be governed by their privacy policies and terms. You can revoke your consent to share with third-party applications or employee wellness programs using your account settings.
We transfer information to our corporate affiliates, service providers, and other partners who process it for us, based on our instructions, and in compliance with this policy and any other appropriate confidentiality and security measures. These partners provide us with services globally, including for customer support, information technology, payments, sales, marketing, data analysis, research, and surveys.
We may preserve or disclose information about you to comply with a law, regulation, legal process, or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of the Services or the physical safety of any person.
Please note: Our policy is to notify you of legal process seeking access to your information, such as search warrants, court orders, or subpoenas, unless we are prohibited by law from doing so. In cases where a court order specifies a non-disclosure period, we provide delayed notice after the expiration of the non-disclosure period. Exceptions to our notice policy include exigent or counterproductive circumstances, for example, when there is an emergency involving a danger of death or serious physical injury to a person.
We may share non-personal information that is aggregated or de-identified so that it cannot reasonably be used to identify an individual. We may disclose such information publicly and to third parties, for example, in public reports about exercise and activity, to partners under agreement with us, or as part of the community benchmarking information we provide to users of our subscription services.
If we are involved in a merger, acquisition, or sale of assets, we will continue to take measures to protect the confidentiality of personal information and give affected users notice before transferring any personal information to a new entity.
We provide you with account settings and tools to access and manage the personal information associated with your account. You can also download certain account information, including data about your activities, body, foods, and sleep, through your account settings.
We store information associated with your account until your account is deleted. You can delete your account at any time by contacting Customer Support. Please note that it may take a bit of time to delete your account information, and we may preserve it for legal reasons or to prevent harm, including as described in the How Information Is Shared section.
We appreciate the importance of taking additional measures to protect children’s privacy. Persons under the age of 13, or the equivalent minimum age in the relevant jurisdiction, are not permitted to create accounts unless their parent has consented in accordance with applicable law. If we learn that we have collected the personal information of a child under the relevant minimum age without parental consent, we will take steps to delete the information as soon as possible. Parents who believe that their child has submitted personal information to us and would like to have it deleted may contact us at email@example.com.
We work hard to keep your data safe. We use a combination of technical, administrative, and physical controls to maintain the security of your data. This includes using Transport Layer Security (“TLS”) to encrypt many of our Services. No method of transmitting or storing data is completely secure, however. If you have a security-related concern, please contact Customer Support.
We operate internationally and may transfer information collected within the European Economic Area and Switzerland to the United States for the purposes described in this policy. Fitbit, Inc. complies with the EU-US and Swiss-US Privacy Shield principles regarding the collection, use, sharing, and retention of personal information from the EEA and Switzerland, as described in our EU-US Privacy Shield certification and Swiss-US Privacy Shield certification. Learn more about Privacy Shield here.
We are subject to the oversight of the US Federal Trade Commission and remain responsible for personal information that we transfer to others who process it on our behalf as described in the How Information Is Shared section. If you have a complaint about our Privacy Shield compliance, please contact us. You can also refer a complaint to our chosen independent dispute resolution body JAMS, and in certain circumstances, invoke the Privacy Shield arbitration process.
We will notify you before we make material changes to this policy and give you an opportunity to review the revised policy before deciding if you would like to continue to use the Services. You can review previous versions of the policy in our archive.
If you have questions about this policy, or about our use of your information, please contact us at firstname.lastname@example.org.
199 Fremont Street, 14th Floor
San Francisco, CA 94105
Effective: October 30, 2017
Archive of Previous Privacy Policies