ŌURA Data Protection and Trust

Last Updated: June 10, 2024

Oura’s Commitment to Data Security

At Oura, the security and privacy of Members' data are foundational to the company’s mission. Oura is committed to safeguarding personal data with robust security measures and transparent practices.

Data Flow and Protection

The Oura Ring connects to the Oura App via Bluetooth using Secure BLE. Data is encrypted in transit between the Oura App and the Oura Cloud using TLS 1.2 or greater. Oura runs its primary infrastructure on AWS and its databases utilize AES 256 encryption at rest, by default.

In addition to the Oura App, Oura Members can access dashboards, exports, and more, directly on Oura on the Web (via cloud.ouraring.com), where access requires authentication and is encrypted in transit between site and user using TLS 1.2 or greater.

Security Measures

Education and Training

At Oura, security awareness training includes a mix of cyber hygiene education, interactive phishing simulations, privacy training, and specialized security training by role (for relevant employees).

Device Management

Oura maintains strict policies for workstations and mobile devices, such as automatic screen locks, authentication requirements, enforced encryption at rest, and endpoint protection.

Cloud Security

Oura complements AWS’s high-security standards with additional measures like threat detection and response, infrastructure entitlements management, vulnerability scanning and management, penetration testing, and change control.

Vulnerability Management

Oura engages in continuous vulnerability and patch management, including regular penetration tests and automated scanning.

Compliance and Regulations

GDPR and International Transfers

Oura adheres to GDPR and other international frameworks, ensuring that personal data is handled with the highest standards of privacy and security.

US State and Federal Laws

Oura complies with applicable US state and federal data protection laws, such as the California Consumer Protection Act.

Vulnerability Disclosure

Oura highly values the contributions of security researchers who help us maintain a secure environment for Members. While Oura does not currently run a formal bug-bounty program, vulnerability reports and tips are very welcome and appreciated. If a potential security issue is discovered, please contact the security team directly at security@ouraring.com. Reports will receive the attention they deserve, and submitters will be kept informed about any future bug bounty program launches.

Oura protects Member’s data, allowing them to focus on what matters most: their wellbeing.