Privacy Policy

At OurasRings, we prioritize your privacy and the security of your personal data. Our products are designed to help you monitor vital aspects of your health, including daily habits, sleep quality, and reproductive health. Given the personal nature of this information, we believe it is crucial that you maintain control over your data.

This Privacy Policy (“Policy”) aims to inform you about how we collect, use, and safeguard your personal information, empowering you to manage your health effectively. Please take a moment to review this Policy thoroughly.

Scope of This Privacy Policy

This Policy governs the processing of personal data by OuraRings when you visit our website (“Site”), use the Oura Ring in conjunction with the Oura App, or access any other services we offer (“Services”). Note that this Policy does not cover Oura Teams or third-party data processors. For more information on Oura Teams’ privacy practices, please refer to their specific policy.

Why Do We Process Your Personal Data?

The sections below describe the types of personal data we collect and process and the reasons for doing so. You’ll also find information on the legal basis for processing your data and our sources of data.

Users of Devices and Applications

Processing Purposes

When you engage with Oura Services, we gather and process your personal data for the following reasons:

  • Service Provision
    We use your personal data to deliver our Services and provide tailored insights into your health, including activity levels, sleep quality, and readiness.
  • Customer Support
    Personal data is processed to assist with customer inquiries and manage communications. If you reach out to our support team regarding your Oura App data, we will use the information provided to address your queries effectively.
  • Privacy Protection
    We may utilize personal data to safeguard your privacy by employing various privacy-enhancing technologies. Once data is aggregated or anonymized, it ceases to be classified as personal data.
  • Service Improvement
    We analyze personal data to enhance our Services and user experience, including the development of new features and functionalities. Whenever possible, we use privacy-protected data for this purpose.
  • Performance Analysis
    We may analyze personal data related to human performance and wellness to enhance our offerings, always ensuring the privacy of our users is protected.
  • Marketing Activities
    We process marketing-related data to facilitate online advertising and communications about our Services. Our Cookie Policy outlines how we use cookies and similar technologies for audience creation for advertising.
  • Third-Party Integrations
    With your permission, we process personal data to enable integrations with third-party services, like Google Health Connect and Apple HealthKit. We take steps to ensure third-party services maintain the security of your personal data.
  • Legal Compliance
    In specific instances, we must process certain data to comply with applicable laws and regulations. We will resist any legal requests for user data unless legally required to comply.

Legal Basis for Processing Your Data

Data protection laws in the European Economic Area require a lawful basis for collecting and processing personal information. Our legal bases include:

  • Contractual Necessity
    We process personal data under a user contract established when you create your account and accept our Terms of Use.
  • Consent
    Sensitive personal data is processed only with your explicit consent. You may also provide consent through your interactions within the Oura App.
  • Legitimate Interest
    We process personal data for marketing, customer service, and service improvement based on our legitimate business interests, carefully weighing these against your privacy rights.
  • Legal Obligations
    We may need to process certain data to comply with statutory requirements that vary by jurisdiction, such as consumer protection laws.

Data Processed and Sources

Typically, we collect personal data directly from you when you register for an account, enter data in the Oura App, or use your Oura Ring. We may also process information generated from your interactions with our Services. Additionally, we rely on trusted third-party processors to assist us in managing data on our behalf, including cloud service providers.

When you utilize our Services, we may process the following categories of personal data:

  • Contact Information
    Email addresses and physical addresses.
  • User Information
    Gender, height, weight, User ID, and other information you provide.
  • Device Information
    IP addresses and location data.
  • User-Provided Activity Data
    Activities, notes, comments, feedback, and tags entered in the app.
  • Measured Data
    Data related to heart rate, movement, temperature, and respiration.
  • Calculated Data
    Information regarding sleep phases, activity levels, readiness scores, and body mass index.

Please note that some personal data, including health-related information, is classified as sensitive and will only be processed with your explicit consent. If you enable location-based services within our Services, we may also process your approximate or precise location. You have the option to disable this at any time via your device’s location settings.

Additionally, with your consent, you may share limited personal data, such as your sleep and readiness scores, with other Oura users. You can modify your sharing preferences at any time.

For Online Customers and Site Visitors

Processing Purposes

If you visit our Site or place an order through our online store, we process personal data for the following reasons:

  • Service Provision
    We use personal data to support our offerings and ensure the performance of our Site.
  • Order Fulfillment
    Personal data is necessary to process, manage, and deliver your purchases.
  • Customer Support
    We process personal data to assist with customer inquiries regarding our Site or Services.
  • Privacy Protection
    Similar to the earlier section, we may process data to ensure your privacy when using our Services.
  • Site Improvement
    We analyze data to enhance the performance of our Site and optimize user experience.
  • Marketing Activities
    Personal data is processed to manage advertising and marketing communications.
  • Legal Compliance
    We process certain data as required by applicable laws, such as tax and accounting regulations.

Legal Basis for Processing

Our legal bases for processing your data for online customers include:

  • Contractual Necessity
    When processing data to fulfill and deliver your orders, we rely on the contractual basis formed when you place an order.
  • Consent
    Your consent is required for electronic direct marketing purposes.
  • Legitimate Interest
    We process personal data for marketing, customer service, and development purposes based on our legitimate business interests.
  • Legal Obligations
    Compliance with statutory obligations necessitates processing certain information.

Processed Data and Data Sources

We generally collect personal data directly from you when you make a purchase or contact us. When you visit our Site, we may collect analytical data using cookies and other technologies for service development and advertising.

Categories of personal data processed when you visit our Site include:Contact Information

  • Names, email addresses, and mailing addresses.

Order Information

  • Details of purchases and payment methods.

Device Information

  • IP addresses, timestamps of visits, and location data.

User Activity

  • Browsing patterns and interactions with our customer service.

U.S. STATES WITH ENHANCED PRIVACY REQUIREMENTS

NOTICE FOR ALL U.S. CONSUMERS
This notice supplements the information contained in Ourarings’ Privacy Policy and applies solely to all visitors, users, and others who reside in states within the U.S. with enhanced privacy notice requirements, such as California (“customers” or “you”), and who access Ourarings’ Sites or Services.

Please be aware that in some instances where Ourarings is acting as a Business Associate under the Health Insurance Portability and Accountability Act (HIPAA), the U.S. state privacy rights outlined in this section may not apply. In those instances and subject to our HIPAA policies, Ourarings may choose to offer self-serve tools that enable you to access and delete your personal data from the Ourarings App.

Collection, Use, and Sharing of Information

When a customer interacts with Ourarings’ Sites or Services, Ourarings collects information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, device, or household (“personal information” or “personal data”). Information about the categories of personal information we collect, the purposes for which your personal information is processed, and any sharing of your personal information can be found in the relevant sections of this Policy:

  • Device and Application User: Categories of collected personal information and processing purposes
  • Online Store and Website Visitor: Categories of collected personal information and processing purposes

Sharing of Personal Data

In the preceding twelve (12) months, Ourarings has not sold personal information to third parties, including data aggregators, as it is against our policies. We have collected and disclosed only the categories of personal information processed by Ourarings under this Policy as described in the Data Sharing and Disclosures section.

CONSUMER RIGHTS

If you are a resident of a state with enhanced rights related to the personal information Ourarings may process about you, you have certain rights:

Right to Know About the Personal Information We Collect and Share

U.S. state laws may give you the right to request that we disclose the personal information we have collected about you over the past 12 months, which we only provide after we receive and validate your request. Once we receive and confirm your verifiable request, we will disclose to you:

  • The categories of personal information we collected about you;
  • The categories of personal information we have disclosed about you (if any);
  • The categories of sources for the personal information we collected about you;
  • Our business or commercial purposes for collecting or selling that personal information;
  • The categories of third parties with whom we share that personal information; and
  • The specific pieces of personal information we collected about you.

Right of Correction

You have the right to request correction of your personal information. After we receive and validate your request, we will correct your personal information unless an exception applies. Please note that you can correct and update some of your basic information via the Ourarings App and via Ourarings on the Web.

Right of Deletion

You have the right to request erasure of your personal information, subject to certain exceptions, such as when we have a legal obligation to retain the data in question. After we receive and validate your request, we will delete your personal information and direct our service providers to delete your personal information unless an exception applies.

How to Make Disclosure, Access, Correction, or Deletion Requests

If you reside in a state that provides for enhanced privacy rights, you can request disclosure, access to, correction, and/or deletion of your personal data as described above by submitting a verifiable consumer request to us by:

  • Sending an email to support@ouraringcanada.ca, including the following information along with your request: your full name, company name https://ouraringcanada.ca/contact/ (if applicable), address, email address, and a phone number. We may request that you provide additional information if necessary to confirm your identity. This is for security purposes and is required by law in some cases.

Only you, or a person registered with the appropriate mechanism associated with your state of residency that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

You have the right to make a free request up to two times in any 12-month period. We will respond to all validated requests within 45 days of receiving your request unless we request an extension. In the event that we reasonably require an extension to respond to your request, we will notify you of any such extension within the initial 45-day period.

Non-Discrimination

Ourarings does not discriminate against users who request to exercise their privacy rights. Unless an exception applies, this includes our promise not to:

  • Deny you goods or services;
  • Charge you different prices or rates for goods or services, including granting discounts or other benefits, or imposing penalties;
  • Provide you a different level or quality of goods or services; or
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Data Sharing and Transfers

Ourarings does not sell or rent your personal information and only shares your personal data with certain trusted service providers and partners so that we can provide and improve our services, to provide partner services and other offerings, and to operate our business. Whenever we share data with third-party service providers, we require that they use your information only for the purposes we’ve authorized, and for the limited reasons explained in this Policy. We also require these service providers to protect your personal information to at least the same standards that we do.

Like most companies, Ourarings uses service providers for purposes such as:

  • Providing and improving our online service platform;
  • Storing our users’ data;
  • Providing customer services;
  • Managing and organizing our marketing activities. Ourarings only shares website usage data with our advertising network partners for analyzing and optimizing our marketing. Ourarings does not share Service data with third-party advertisers; and
  • Analyzing information regarding the use of our Sites and Services to improve our service quality.

We use industry-standard data protection measures to safeguard all international transfers of personal data through data protection agreements with our service providers.

LEGAL FRAMEWORKS FOR INTERNATIONAL TRANSFERS

Ourarings is a global company with servers around the world, and your personal data may at times be processed on servers located outside of the country where you live. Although data protection laws vary among countries, regardless of where your personal data is processed, we apply the same protections described in this Policy. We also comply with certain legal frameworks relating to the transfer of personal data, such as the frameworks described below.

Ourarings participates in the EU-US Data Privacy Framework, the UK Extension to the EU-US Data Privacy Framework, and the Swiss-US Data Privacy Framework (collectively, the “Data Privacy Frameworks”) as set forth by the U.S. Department of Commerce regarding the processing of personal data from the European Economic Area, the United Kingdom and Gibraltar, and Switzerland. Ourarings has further certified that we adhere to the principles of the Data Privacy Frameworks.

Click here to learn more about the Data Privacy Frameworks. If there is any conflict between the terms in this Policy and the Data Privacy Frameworks principles, the principles shall govern.

If Ourarings transfers personal information received under the Data Privacy Frameworks to a third party, the third party’s processing of the personal data must also be in compliance with our Data Privacy Frameworks obligations, and we will remain liable under the Data Privacy Frameworks for any failure to do so by the third party unless we prove we are not responsible for the event giving rise to the damage.

Ourarings is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. In certain situations, Ourarings may be required to disclose the personal information we process under the Data Privacy Frameworks in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Personal Data Disclosures
We also reserve the right to disclose personal data under certain specific circumstances, including:

  • When we have your express consent to do so;
  • When it is reasonably necessary for our legitimate interests in conducting our business, such as in the event of a merger, acquisition, or sale;
  • To protect Ourarings’ legal rights and property; and
  • To comply with valid legal requirements. Ourarings will oppose any request to provide legal authorities with access to user data for surveillance or prosecution purposes; we will notify users if we receive any such request, whenever legally permissible. Otherwise, your personal data is never shared with any individual or other organization.

Safeguarding Your Data
Ourarings uses technical and organizational safeguards to keep your data safe and secure. When appropriate, these safeguards include measures such as anonymization or pseudonymization of personal data, strict access control, and the use of encryption to protect the data we process.

Our personnel receive adequate training to ensure personal data is processed only in accordance with our internal policies, consistent with our obligations under applicable law. We also limit access to your sensitive personal data to personnel who have specifically been granted such access.

Online services that we provide via our Site protect your personal data in transit using encryption and other security measures. We also regularly test our service, systems, and other assets for possible security vulnerabilities.

We update our Services regularly to protect the personal data we process, including any new features that enhance your privacy.