At Oura, we know that your health data is deeply personal. Our commitment to protecting your privacy and data security is fundamental to our company and built into our privacy-first business model.

 “Our obligation is to protect our members’ data and privacy,” says Tom Hale, chief executive officer of Oura. “Oura adheres to the stringent global privacy standards and has technical and organizational safeguards to keep members’ data safe and secure.”

 Read our privacy policy and learn more about how Oura protects your data here.

Keeping Your Health Data Safe and Secure

 Oura uses advanced technology and organizational safeguards to keep your data safe and secure. Where appropriate, these safeguards include measures such as anonymization or pseudonymization of personal data, strict access control, and the use of encryption to protect the data we process.

 Oura Member data is not for sale, and we will never sell or rent your health data, including to the government. Oura will also oppose any request to provide legal authorities with access to user data if it will be used for individual surveillance or prosecution purposes in violation of our users’ privacy.

Separate from the services we provide to Oura members, Oura provides an enterprise, government-only solution that secures sensitive data for our service men and women as part of our work with the Department of Defense (DoD). Oura Enterprise Platform is used for government contracts to handle sensitive federal employee data, for which extra safeguards are often required.

Unless you’re a service member who’s enrolled in a DoD health or human-performance program that uses Oura Ring, AND you’ve consented to share your data with that program, your data will never be shared with the DoD. Your data does not touch Oura’s DoD-only offering and Oura does not—and will never share—your data with the DoD or other government entities.

You can learn more in our privacy policy and terms of use. We are committed to your privacy and to helping you take control of your personal data. 

Data Privacy in an AI World 

The integration of artificial intelligence (AI) is transforming technology, and with it, the conversation around data security and privacy is more critical than ever. Our vision is to build an AI-forward business where privacy comes first. 

Our subscription model is a crucial part of this commitment. It allows us to make significant investments in data security and privacy without the financial pressure to monetize your data. Unlike other companies that might be struggling to stay afloat, our model insulates us from the incentive to  sell or rent your information. This is a crucial distinction that allows us to prioritize the privacy of your data.

Our adherence to European Union and U.S. laws and regulations sets us apart, and we have policies and technologies in place to meet our legal and ethical obligations.

This commitment to privacy is essential not only for you, our members, but also for our partners. It’s a non-negotiable requirement for entities like healthcare entities and other organizations with strict data protection needs. Our privacy-first approach has allowed us to become a trusted partner for organizations that handle sensitive information.

READ MORE: The Future of Wellness: AI, Privacy, and the ŌURA Difference

Oura’s Continued Investments in Privacy

Our significant investments include:

  • GDPR and HIPAA Compliance: We have dedicated teams and resources to help us meet and exceed the privacy standards set by these critical privacy regulations.
  • Dedicated Security Team: We have a Chief Information Security Officer (CISO), a Data Protection Officer (DPO), a dedicated security team and dozens of platform engineers, and an expert legal team focused on protecting your data.
  • Strong Consent and Data-Sharing Policies: We will never share your sensitive personal data with third parties without your explicit consent. This is a core tenet of our platform and a key reason we stand apart from other companies.

Beyond policies, our privacy-first architecture includes:

  • Security and Anonymization in the Cloud: Our cloud infrastructure is designed to handle highly sensitive data. We use advanced anonymization techniques and maintain strict data management protocols.
  • On-Device Processing: The Oura platform is designed to process data directly on the ring and your phone which is why you can access core app functionality when you are  out of service on a camping trip or a hike.
  • Edge Inference and Owned Models: We process algorithms locally within the ring’s firmware and on your mobile phone, minimizing the need to send raw data to the cloud. We are also investing in our own AI models to run on the edge to provide additional privacy, which we highlighted in our WebAI announcement. Edge architecture enables Oura to control the privacy and security of the models we use and the data those models can access.
  • Technical Guardrails: We employ AES 256 encryption to protect your data at rest and utilize TLS 1.2 or greater encryption when you access your data via dashboards or via Oura on the web so that sensitive information is protected from unauthorized access.

We are committed to your privacy and to helping you take control of your personal data.  At Oura, your privacy is our priority.