Privacy Policy

Effective Date: June 10, 2026

WHOOP Personal Insights is a personal application used to access and analyze WHOOP data that a user authorizes through WHOOP OAuth. This application is operated by Xinghao Dong and is not affiliated with or endorsed by WHOOP.

Data We Access

With user authorization, this application may access the following WHOOP data, depending on the scopes granted during the OAuth flow:

• Recovery data, including recovery score, heart rate variability, resting heart rate, SpO2, and skin temperature.
• Sleep data, including sleep duration, sleep stages, sleep performance, consistency, and efficiency.
• Cycle data, including strain, kilojoules, and heart rate summaries.
• Workout data, including activity strain, heart rate summaries, timestamps, and workout metadata.
• Body measurement data, if authorized, including height, weight, and maximum heart rate.
• Basic profile data, if authorized, including name, email, and WHOOP user ID.

How We Use Data

Data is used only to retrieve, analyze, summarize, and display the user's own WHOOP health and fitness information. The application does not use WHOOP data for advertising or third-party profiling.

Data Sharing

We do not sell, rent, or share WHOOP data with third parties. Data may be processed by systems controlled by the application owner solely for the purpose of providing the requested analysis or functionality.

Data Storage

WHOOP data and OAuth tokens may be stored locally or in systems controlled by the application owner for analysis and account access. OAuth tokens are treated as confidential credentials and are not intentionally exposed in public clients, public repositories, or client-side code.

Data Retention and Deletion

Stored WHOOP data is retained only as long as needed for the personal analysis or application functionality. Users may request deletion of stored data by contacting the application owner. Users may also revoke access through their WHOOP account or by asking the application owner to revoke access.

Security

Reasonable technical and organizational measures are used to protect WHOOP data and OAuth credentials. No method of storage or transmission is completely secure, so absolute security cannot be guaranteed.

Changes to This Policy

This policy may be updated as the application changes. The effective date above will be updated when material changes are made.

Contact

For questions or deletion requests, contact the application owner through GitHub: https://github.com/xdong99.