At Oura, we know that your health data is deeply personal. Our commitment to protecting your privacy and data security is fundamental to our company and built into our privacy-first business model.

“Our obligation is to protect our members’ data and privacy,” says Tom Hale, chief executive officer of Oura. “Oura adheres to the stringent global privacy standards and has technical and organizational safeguards to keep members’ data safe and secure.”

Read our privacy policy and learn more about how Oura protects your data here.

Keeping Your Health Data Safe and Secure

Oura uses advanced technology and organizational safeguards to keep your data safe and secure. Where appropriate, these safeguards include measures such as anonymization or pseudonymization of personal data, strict access control, and the use of encryption to protect the data we process.

Oura Member data is not for sale, and we will never sell or rent your health data, including to the government. Oura will also oppose any request to provide legal authorities with access to user data if it will be used for individual surveillance or prosecution purposes in violation of our users’ privacy.

Separate from the services we provide to Oura Members, Oura provides an enterprise, government-only solution that secures sensitive data for our service men and women as part of our work with the U.S. Department of Defense (DoD). Oura Enterprise Platform is used for government contracts to handle sensitive federal employee data, for which extra safeguards are often required. Unless you’re a service member who’s enrolled in a DoD health or human-performance program that uses Oura Ring, AND you’ve consented to share your data with that program, your data will never be shared with the DoD. Your data does not touch Oura’s DoD-only offering and Oura does not—and will never—unlawfully share your data with the DoD or other government entities without your consent.

 You can learn more in our privacy policy and terms of use. 

Data Privacy in an AI World

The integration of artificial intelligence (AI) is transforming technology, and with it, the conversation around data security and privacy is more critical than ever. Our vision is to build an AI-forward business where privacy comes first.

Our subscription model is a crucial part of this commitment. It allows us to make significant investments in data security and privacy without the financial pressure to monetize your data. Unlike other companies that might be struggling to stay afloat, our model insulates us from the incentive to  sell or rent your information. This is a crucial distinction that allows us to prioritize the privacy of your data.

 Our adherence to European Union, U.S., and other global laws and regulations sets us apart, and we have policies and technologies in place to meet our legal and ethical obligations.

 This commitment to privacy is essential not only for you, our Members, but also for our partners. It’s a non-negotiable requirement for entities like healthcare entities and other organizations with strict data protection needs. Our privacy-first approach has allowed us to become a trusted partner for organizations that handle sensitive information.

READ MORE: The Future of Wellness: AI, Privacy, and the ŌURA Difference

How Oura Keeps Your Data Secure

At Oura, data security and protection is foundational to our mission. Oura is committed to safeguarding data with robust security measures and transparent privacy practices.  

  • Data Flow and Protection: Oura Ring connects to the Oura App using a Secure Bluetooth Low Energy connection. Data is encrypted in transit between the Oura App and the Oura Cloud using TLS 1.2 or greater. Oura runs its primary infrastructure on databases that utilize AES 256 encryption at rest, by default.
  • Tight Access Control: Oura’s security policies restrict employee access to the minimum required to perform their job duties. For example, a customer support agent cannot access your sensitive information unless they’re helping you with an issue you explicitly asked for help with that involves your sensitive information.
  • Device Management: Oura maintains strict policies for workstations and mobile devices, such as automatic screen locks, authentication requirements, enforced encryption at rest, and endpoint protection.
  • Cloud Security: Oura complements security practices with additional measures like threat detection and response, infrastructure entitlements management, vulnerability scanning and management, penetration testing, and change control.
  • Vulnerability Management: Oura engages in continuous vulnerability and patch management, including regular penetration tests and automated scanning.
  • Education and Training: At Oura, security awareness training includes a mix of cyber hygiene education, interactive phishing simulations, and privacy training.
  • Data Deletion: You are in control of your data; at any point, you can request for your data to be deleted from Oura systems. We comply with these requests according to our Privacy Policy. Learn how to do so here
  • Passwordless Login: Oura  is the only smart ring that enables a passwordless login flow, using a one-time-password (OTP) instead, protecting your account and data from common password attacks. 
  • Bluetooth Privacy: Unique among smart rings, Oura Ring utilizes Bluetooth LE Privacy, a feature that scrambles your smart ring’s Bluetooth address to protect you from tracking.
  • Prompt and Transparent Communication: In the unlikely event of a data breach, Oura is committed to prompt and transparent communication with affected users, in line with GDPR and other regulatory requirements.
  • Vulnerability Disclosure: Oura highly values the contributions of security researchers who help us maintain a secure environment for members. While Oura does not currently run a formal bug-bounty program, vulnerability reports and tips are very welcome and appreciated. If a potential security issue is discovered, please contact the security team directly at security@ouraring.com. Reports will receive the attention they deserve, and submitters will be kept informed about any future bug bounty program launches.

Oura’s Continued Investments in Privacy

Oura protects members’ data, allowing them to focus on what matters most: their wellbeing.

Our significant privacy-first investments include:

  • GDPR and HIPAA Compliance: We have dedicated teams and resources to help us meet and exceed the privacy standards set by these critical privacy regulations.
  • Dedicated Security Team: We have a Chief Information Security Officer (CISO), a Data Protection Officer (DPO), a dedicated security team and dozens of platform engineers, and an expert legal team focused on protecting your data.
  • Strong Consent and Data-Sharing Policies: We will never share your sensitive personal data with third parties without your explicit consent. This is a core tenet of our platform and a key reason we stand apart from other companies.
  • Edge Inference and Owned Models: We process many algorithms locally within the ring’s firmware and on your mobile phone, minimizing the need to send raw data to the cloud, which is why you can access core app functionality when you are  out of service on a camping trip or a hike. We are also investing in our own AI models to run on the edge to provide additional privacy, which we highlighted in our webAI announcement. Edge architecture enables Oura to control the privacy and security of the models we use and the data those models can access.

We are committed to your privacy and to helping you take control of your personal data.  At Oura, your privacy is our priority.