Skip to content

Instantly share code, notes, and snippets.

@tmustier

tmustier/whoop-privacy-policy.md

Created April 18, 2026 15:59
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save tmustier/9a329bc28ad4da9ef47f50faf5bf565c to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save tmustier/9a329bc28ad4da9ef47f50faf5bf565c to your computer and use it in GitHub Desktop.
Download ZIP
Privacy policy for personal-use WHOOP API integration
Raw
whoop-privacy-policy.md

Privacy Policy

Last updated: 18 April 2026

This privacy policy applies to the personal-use application ("the App") created by the developer ("the Developer") that integrates with the WHOOP Developer API.

1. Purpose of the App

The App is a personal-use integration. It is used solely by the Developer to access their own WHOOP health and fitness data for personal analysis. It is not offered to, distributed to, or intended for use by any other person.

2. Data Accessed

When authorised by the Developer (and only the Developer), the App may access the following data from the WHOOP API:

  • Profile information (name, email)
  • Body measurements (height, weight, max heart rate)
  • Cycle data (physiological cycles, strain, average heart rate)
  • Recovery data (recovery score, HRV, resting heart rate)
  • Sleep data (sleep performance, stages, duration)
  • Workout data (activity strain, heart rate, energy)

3. How Data Is Used

Data retrieved from the WHOOP API is used exclusively by the Developer for personal review and analysis. Data is not shared with, sold to, or disclosed to any third party.

4. How Data Is Stored

Any data retrieved is stored locally on the Developer's own devices. Access tokens and refresh tokens are stored in local environment files or an OS keychain on those devices. No data is transmitted to any server operated by the Developer or any third party other than WHOOP itself.

5. Data Retention and Deletion

The Developer may delete any stored data at any time by removing the local files. Revoking authorisation in the WHOOP app will immediately end the App's ability to retrieve further data.

6. Security

Because the App is for personal use only, the Developer takes standard care to protect credentials (local filesystem permissions, .gitignore for secrets). No guarantees beyond those are made.

7. Third Parties

The App communicates only with the official WHOOP API (api.prod.whoop.com). WHOOP's own privacy policy governs its handling of the Developer's data: https://www.whoop.com/legal/privacy-policy/

8. Changes

This policy may be updated if the App's behaviour changes. The "Last updated" date above will reflect the most recent revision.

9. Contact

For questions about this policy, contact: thomas@mustier.ai

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment