We believe that transparency is the key to any healthy relationship. At Fitbit, we are all about healthy attitudes. We appreciate that you are trusting us with information that is important to you, and we want to be transparent about how we use it.
Here we describe the privacy practices for our devices, applications, software, websites, APIs, products, and services (the “Services”). You will learn about the data we collect, how we use it, the controls we give you over your information, and the measures we take to keep it safe.
Specifically, we’ll cover:
When you use our Services, we collect the following types of information.
INFORMATION YOU PROVIDE US
Some information is required to create an account on our Services, such as your name, email address, password, date of birth, gender, height, weight, and in some cases your mobile telephone number. This is the only information you have to provide to create an account with us. You may also choose to provide other types of information, such as a profile photo, biography, country information and community username.
To help improve your experience or enable certain features of the Services, you may choose to provide us with additional information, like your logs for food, weight, sleep, water or female health tracking; an alarm; and messages on discussion boards or to your friends on the Services.
You may also connect with friends on the Services or invite friends who have not yet joined by providing their email addresses, accessing social networking accounts, or using the contact list on your mobile device. We do not store your contact list and delete it after it is used for adding contacts as friends.
If you contact us or participate in a survey, contest, or promotion, we collect the information you submit such as your name, contact information, and message.
PAYMENT AND CARD INFORMATION
Some Fitbit devices support payments and transactions with third parties. If you activate this feature, you must provide certain information for identification and verification, such as your name, credit, debit or other card number, card expiration date, and CVV code. This information is encrypted and sent to your card network, which upon approval sends back to your device a token, which is a set of random digits for engaging in transactions without exposing your card number. For your convenience, we store the last four digits of your card number and your card issuer’s name and contact information. You can remove the token from your account using your account settings. We do not store your transaction history.
If you purchase Fitbit merchandise on our website, you provide your payment information, including your name, credit or debit card number, card expiration date, CVV code and billing address. We do not store this payment information. We store your delivery address to fulfil your order. Note that third-party payment processors may retain this information in accordance with their own privacy policies and terms.
LIVE COACHING SERVICES
Our live coaching services are a platform for you to communicate with a live health, fitness or wellness coach (“Live Coaching Services”). Coaches may be provided by third parties, such as your employer or insurance company, or by our third-party coaching service providers. If you use our Live Coaching Services, we collect information about such use, including the plan, goals and actions you record with your coach, your calendar events, communications with your coach, notes your coach records about you, and other information submitted by you or your coach.
INFORMATION WE RECEIVE FROM YOUR USE OF OUR SERVICES
Your device collects data to estimate a variety of metrics like the number of steps you take, your distance travelled, calories burned, weight, heart rate, sleep stages, active minutes and location. The data collected varies depending on which device you use. Learn more about the features of our various devices and how you can use MobileTrack. When your device syncs with our applications or software, data recorded on your device is transferred from your device to our servers.
The Services include features that use precise geolocation data, including GPS signals, device sensors, Wi-Fi access points, and mobile mast IDs. We collect this type of data if you grant us access to your location. You can always remove our access using your Fitbit device or mobile device settings. We may also derive your approximate location from your IP address.
When you access or use our Services, we receive certain usage or network activity information. This includes information about your interaction with the Services, for example, when you view or search content, install applications or software, create or log into your account, pair your device to your account, or open or interact with an application on your Fitbit device.
We also collect data about the devices and computers you use to access the Services, including IP addresses, browser type, language, operating system, Fitbit or mobile device information (including device and application identifiers), the referring web page, pages visited, location (depending on the permissions you have granted us), and cookie information.
INFORMATION WE RECEIVE FROM THIRD PARTIES
If you choose to connect your account on our Services to your account on another service, we may receive information from the other service. For example, if you connect to Facebook or Google, we may receive information like your name, profile picture, age range, language, email address, and friend list. You may also choose to grant us access to your exercise or activity data from another service. You can stop sharing the information from the other service with us by removing our access to that other service.
We may partner with third parties, such as employers and insurance companies that offer Fitbit Services to their employees and customers. In such cases, those companies may provide us with your name, email address or similar information (like a telephone number or subscriber ID) so that we can invite you to participate or determine your eligibility for particular benefits, such as discounts or free services.
We use the information we collect for the following purposes.
PROVIDE AND MAINTAIN THE SERVICES
Using the information we collect, we are able to deliver the Services to you and honor our Terms of Service contract with you. For example, we need to use your information to provide you with your Fitbit dashboard tracking your exercise, activity, and other trends; to enable the community features of the Services; and to give you customer support.
For the Services’ community features, we may use your information to help you find and connect with other users and to allow other users to find and connect with you. For example, your account contact information allows other users to add you as a friend. When another user has your email or mobile phone number in their contact list or in their friend network on a connected service, we show that user that you are a user of the Services.
If you use the Live Coaching Services, we use your information to connect you with coaches, allow you to communicate with them through our Services, and help you achieve your goals to lead a healthier, more active life. For example, the goals that you provide allow you to develop a personal plan and set of actions in consultation with your coach.
IMPROVE, PERSONALISE AND DEVELOP THE SERVICES
We use the information we collect to improve and personalise the Services and to develop new ones. For example, we use the information to troubleshoot and protect against errors; perform data analysis and testing; conduct research and surveys; and develop new features and Services.
When you allow us to collect precise location information, we use that information to provide and improve features of the Services such as recording where a workout took place or mapping an activity.
We also use your information to make inferences and show you more relevant content. Here are some examples:
Information like your height, weight, gender and age allows us to improve the accuracy of your daily exercise and activity statistics like the number of calories you burned and the distance you travelled.
Based on your sleep data, we may make inferences about your sleeping patterns and provide you with customised insights to help you improve your sleep.
We may personalize exercise and activity goals for you based on the goals you previously set and your historical exercise or activity data.
COMMUNICATE WITH YOU
We use your information when needed to send you Service notifications and respond to you when you contact us. We also use your information to promote new features or products that we think you would be interested in. You can control marketing communications and most Service notifications by using your notification preferences in account settings or via the “Unsubscribe” link in an email.
PROMOTE SAFETY AND SECURITY
We use the information we collect to promote the safety and security of the Services, our users and other parties. For example, we may use the information to authenticate users, facilitate secure payments, protect against fraud and abuse, respond to a legal request or claim, conduct audits and enforce our terms and policies.
We give you account settings and tools to access and control your personal data, as described below, regardless of where you live. If you live in certain jurisdictions, you may have legal rights with respect to your information, which your account settings and tools allow you to exercise, as outlined below.
Accessing and Exporting Data. By logging into your account, you can access much of your personal information, including your dashboard with your daily exercise and activity statistics. Using your account settings, you can also download information in a commonly used file format, including data about your activities, body, foods, and sleep. Learn more here.
Editing and Deleting Data. By logging into your account and using your account settings, you can change and delete your personal information. For instance, you can edit or delete the profile data you provide and delete your account if you wish. Learn more here.
If you choose to delete your account, please note that while most of your information will be deleted within 30 days, it may take up to 90 days to delete all of your information, like the data recorded by your Fitbit device and other data stored in our backup systems. This is due to the size and complexity of the systems we use to store data. We may also preserve data for legal reasons or to prevent harm, including as described in the How Information Is Shared section.
Objecting to Data Use. We give you account settings and tools to control our data use. For example, through your privacy settings, you can limit how your information is visible to other users of the Services; using your notification settings, you can limit the notifications you receive from us; and under your application settings, you can revoke the access of third-party applications that you previously connected to your Fitbit account. You can also use the Fitbit application to unpair your device from your account at any time.
We keep your account information, like your name, email address, and password, for as long as your account is in existence because we need it to operate your account. In some cases, when you give us information for a feature of the Services, we delete the data after it is no longer needed for the feature. For instance, when you provide your contact list for finding friends on the Services, we delete the list after it is used for adding contacts as friends. We keep other information, like your exercise or activity data, until you use your account settings or tools to delete the data or your account because we use this data to provide you with your personal statistics and other aspects of the Services. We also keep information about you and your use of the Services for as long as necessary for our legitimate business interests, for legal reasons, and to prevent harm, including as described in the How We Use Information and How Information Is Shared sections.
We appreciate the importance of taking additional measures to protect children’s privacy.
Persons under the age of 13, or any higher minimum age in the jurisdiction where that person resides, are not permitted to create accounts unless their parent has consented in accordance with applicable law. If we learn that we have collected the personal information of a child under the relevant minimum age without parental consent, we will take steps to delete the information as soon as possible. Parents who believe that their child has submitted personal information to us and would like to have it deleted may contact us at email@example.com.
We work hard to keep your data safe. We use a combination of technical, administrative, and physical controls to maintain the security of your data. This includes using Transport Layer Security (“TLS”) to encrypt many of our Services. No method of transmitting or storing data is completely secure, however. If you have a security-related concern, please contact Customer Support.
We operate internationally and transfer information to the United States and other countries for the purposes described in this policy.
We rely on multiple legal bases to lawfully transfer personal data around the world. These include your consent and EU Commission approved model contractual clauses, which require certain privacy and security protections. You may obtain copies of the model contractual clauses by contacting us.
Please note that the countries where we operate may have privacy and data protection laws that differ from, and are potentially less protective than, the laws of your country. You agree to this risk when you create a Fitbit account and click “I agree” to data transfers, irrespective of which country you live in. For a list of the locations where we have offices, please see our company information here. If you later wish to withdraw your consent, you can delete your Fitbit account as described in the Your Rights To Access and Control Your Personal Data section.
While not relied upon for international data transfers, Fitbit LLC complies with the EU-US and Swiss-US Privacy Shield principles regarding the collection, use, sharing and retention of personal information as described in our Privacy Shield certification. Learn more about Privacy Shield here. Fitbit LLC is subject to the oversight of the US Federal Trade Commission and remains responsible for personal information that we transfer to others who process it on our behalf as described in the How Information Is Shared section. If you have a complaint about our Privacy Shield compliance, please contact us. You may also refer a complaint to your local data protection authority, and in certain circumstances, invoke binding arbitration to resolve complaints not resolved by other means as described in Annex I to the Privacy Shield Principles.
If you live in the European Economic Area (EEA), United Kingdom (UK) or Switzerland, please review these additional privacy disclosures under the European Union’s General Data Protection Regulation (“GDPR”).
YOUR DATA CONTROLLER
Fitbit International Limited, an Irish company, is your data controller and provides the Services if you live in the EEA, UK or Switzerland. For our contact information, please see the Who We Are and How To Contact Us section.
HEALTH AND OTHER SPECIAL CATEGORIES OF PERSONAL DATA
To the extent that information we collect is health data or another special category of personal data subject to the GDPR, we ask for your explicit consent to process the data. We obtain this consent separately when you take actions leading to our obtaining the data, for example, when you pair your device to your account, grant us access to your exercise or activity data from another service, or use the female health tracking feature. You can use your account settings and tools to withdraw your consent at any time, including by stopping use of a feature, removing our access to a third-party service, unpairing your device, or deleting your data or your account.
OUR LEGAL BASES FOR PROCESSING PERSONAL DATA
For personal data subject to the GDPR, we rely on several legal bases to process the data, including:
When you have given your consent, which you may withdraw at any time using your account settings and other tools;
HOW TO EXERCISE YOUR LEGAL RIGHTS
Please review the Your Rights To Access and Control Your Personal Data section for how your account settings and tools allow you to exercise your rights under the GDPR to access and control your personal data.
If you need further assistance regarding your rights, please contact our Data Protection Officer at firstname.lastname@example.org, and we will consider your request in accordance with applicable laws. You also have a right to lodge a complaint with your local data protection authority or with the Irish Data Protection Commission, our lead supervisory authority, whose contact information is available here.
If you are a California resident, please review the following additional privacy disclosures under the California Consumer Privacy Act ("CCPA").
HOW TO EXERCISE YOUR LEGAL RIGHTS
You have the right to understand how we collect, use and disclose your personal information, to access your information, to request that we delete certain information, and to not be discriminated against for exercising your privacy rights. You may exercise these rights using your account settings and tools as described in the Your Rights To Access and Control Your Personal Data section, for example:
By logging into your account and using your account settings, you may exercise your right to access your personal information and to understand how we collect, use, and disclose it. Learn more here.
Your account settings also let you exercise your right to delete personal information. Learn more here.
If you need further assistance regarding your rights, please contact our Data Protection Officer at email@example.com, and we will consider your request in accordance with applicable laws.
CATEGORIES OF INFORMATION WE COLLECT, USE, AND DISCLOSE FOR BUSINESS PURPOSES
As described in the Information We Collect section, we collect the categories of personal information listed below. We receive this information from you, your device, your use of the Services, your coach if you use our Live Coaching Services, third parties (like the other services you have connected to your Fitbit account, or your employer or insurance company if they offer you Fitbit Services as an employee or customer), and as otherwise described in this policy. We use and disclose these categories of information for the business purposes described in the How We Use Information and How Information Is Shared sections, respectively. The categories are:
Identifiers, like your name or username, email address, mailing address, phone number, IP address, account ID, device ID, cookie ID, and other similar identifiers.
Demographic information, such as your gender, age, health information, and physical characteristics or description, which may be protected by law.
Commercial information, including your payment information and records of the Services or devices you purchased, obtained or considered (for example, if you added them to your shopping cart on the Fitbit online store but did not purchase them).
Biometric information, such as your exercise, activity, sleep or health data, including the number of steps you take, distance travelled, calories burned, weight, heart rate, sleep stages, active minutes, female health data, Live Coaching Services data, and any similar information to which you grant us access from another service.
Internet or other electronic network activity information, such as the usage data we receive when you access or use our Services. This includes information about your interactions with the Services and about the devices and computers you use to access the Services.
Geolocation data, including GPS signals, device sensors, Wi-Fi access points and cell tower IDs, if you have granted us access to that information.
Electronic, visual or similar information, such as your profile photo or other photos.
Professional or employment related information, including any information (like your name, email address or similar information) that your employer provides to us so that we can invite you to participate in or determine your eligibility for Fitbit Services that they offer to their employees.
Other information that you provide, including account information such as your biography or country; information for features of the Services, for example, an alarm, information about your friends, and logs for food, weight, sleep, water or female health tracking; Live Coaching Services data (provided by you or your coach); messages on the Services; and information recorded by your device which may vary depending on the device you use.
Inferences drawn from any of the above, including the number of calories you burned, distance you travelled, sleep insights, and personalised exercise and activity goals.
We never sell the personal information of our users. We do work with partners who provide us with advertising services as described in the Analytics and Advertising Services Provided By Others section. To learn more about how these partners collect data and your options for controlling the use of your information for interest-based advertising, please read our Cookie Use statement
We will notify you before we make material changes to this policy and give you an opportunity to review the revised policy before deciding if you would like to continue to use the Services. You can review previous versions of the policy in our archive.
If you have questions about this policy, or need help exercising your privacy rights, please contact our Data Protection Officer at firstname.lastname@example.org.
If you live in the USA, UK or Switzerland, you may also contact us at:
Fitbit International Limited
76 Lower Baggot Street
Dublin 2, Ireland
If you reside elsewhere, you may contact us at:
199 Fremont Street, 14th Floor
San Francisco, CA 94105