Whoop Insights ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services (collectively, the "Service").
Please read this Privacy Policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy.
Information We Collect
Information You Provide:
- Account Information: Email address, name, and password when you create an account.
- WHOOP Data: When you upload your WHOOP data export, we receive physiological metrics including recovery scores, strain scores, sleep data, heart rate variability (HRV), resting heart rate, and journal entries.
- Payment Information: If you subscribe to a paid plan, payment is processed by Stripe. We do not store your full credit card number.
- Communications: When you contact us, we collect the information you provide in your message.
Information Collected Automatically:
- Usage Data: Pages visited, features used, time spent on the Service.
- Device Information: Browser type, operating system, device identifiers.
- Log Data: IP address, access times, referring URLs.
How We Use Your Information
- Provide, maintain, and improve the Service
- Train machine learning models on YOUR data to generate personalized insights (models are trained per-user and are not shared)
- Process transactions and send related information
- Send administrative messages, updates, and security alerts
- Respond to your comments, questions, and support requests
- Monitor and analyze usage trends to improve user experience
- Detect, prevent, and address technical issues and fraud
How We Protect Your Data
- Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
- Data Minimization: Raw WHOOP data is processed and immediately discarded. We only store aggregated model outputs.
- Access Controls: Strict access controls limit who can access user data.
- Regular Audits: We conduct regular security assessments.
Data Retention
- Account Data: Retained while your account is active and for 30 days after deletion.
- Model Outputs: Retained while your account is active. Deleted within 30 days of account deletion.
- Raw WHOOP Data: Processed and immediately discarded. Not retained.
- Payment Records: Retained as required by law (typically 7 years for tax purposes).
Sharing Your Information
We do NOT sell your personal information. We may share information with:
- Service Providers: Third parties who perform services on our behalf (hosting, payment processing, analytics). These providers are contractually obligated to protect your data.
- Legal Requirements: When required by law, subpoena, or government request.
- Business Transfers: In connection with a merger, acquisition, or sale of assets (you will be notified).
- With Your Consent: When you explicitly authorize sharing.
Your Rights
Depending on your location, you may have the right to:
- Access: Request a copy of your personal data.
- Correction: Request correction of inaccurate data.
- Deletion: Request deletion of your data (Account Settings → Delete All Data).
- Portability: Request your data in a portable format.
- Opt-Out: Opt out of marketing communications.
To exercise these rights, contact us at contact@data-insights.cloud.
Cookies and Tracking
We use cookies and similar technologies for:
- Essential Cookies: Required for the Service to function (authentication, security).
- Analytics Cookies: Help us understand how users interact with the Service.
You can control cookies through your browser settings. Disabling essential cookies may affect functionality.
Children's Privacy
The Service is not intended for users under 16 years of age. We do not knowingly collect information from children under 16. If we learn we have collected such information, we will delete it promptly.
International Transfers
Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last Updated" date. Your continued use of the Service after changes constitutes acceptance.