Oura Ring Privacy Review

Oura asks for your location data during setup. Opting out locks you out of some features that are only available on a regional basis. You must provide your age, height, and biological sex during onboarding. Without these pieces of information, the Oura Ring would provide an incomplete view of your overall health.

All third-party data-sharing integrations are turned off by default, and you must actively opt in to enable them.

The volume of data the Oura Ring captures is substantial. On a daily basis it tracks: sleep stages and duration, heart rate and heart rate variability, blood oxygen levels, skin temperature, respiratory rate, activity levels and movement, and, for users who opt in, menstrual cycle data and hormonal contraceptive use. The Oura App can also sync the GPS location on your phone to activities detected by the Oura Ring so you can record your route and lap times while working out.

All of this data lives on Oura's cloud servers. The company does not provide a direct way for a consumer to pull live data from the ring itself without going through their app and cloud infrastructure. The Oura API is inaccessible without a subscription.

Oura, founded in Finland in 2013, has maintained a fairly strong reputation as one of the more privacy-focused consumer health wearable companies. Unfortunately, we think that Oura's online-only approach is fundamentally incompatible with their privacy approach.

Oura has gotten a lot of attention around its partnership with the the US DoD, although the reality is a little more nuanced than what you may have previously read online. Oura holds a contract to supply the United States Department of Defense with Oura products in order to track the health of military personnel. It used Palantir’s FedStart as its secure government cloud environment to meet DoD program compliance requirements.

Oura is not operational on FedStart today, and no Oura data—consumer or commercial—currently interacts with Palantir systems, said an Oura spokesperson.

If you want to see the data Oura holds on you without a subscription, Oura does allow you to export all of your data as a series of CSV files. You own your data, but not the derived insights that Oura shows you.

“You can delete or export your personal data at any time, and we don't sell your personal data to third parties,” said an Oura spokesperson.

Third-party data sharing is off by default. Location data is optional.

You must actively choose to connect Apple Health, Strava, or any research partner.

Oura allows data access requests so you can see every metric they hold, including fields never shown in the app. The company is subject to GDPR, which carries stronger consumer protections than U.S. law alone.

Without a subscription, there's no way to use the Oura ring. Your data will still be tracked and uploaded, but the only way you can access it is via a data request that can take up to several days to process.

It's disappointing that you need to link your payment details when you sign up for the Oura service. Without signing up for a subscription, you're limited to an extremely basic subset of Oura's features which renders the ring basically useless. Worse, there's no way to use the ring without uploading your biometric data to Oura's cloud servers.

While the data captured by your Oura Ring is encrypted in transit using TLS 1.2+ (the same encryption used for most web traffic) and AES-256 while stored on Oura's servers, neither of these methods constitute true end-to-end encryption. In essence, you’ll have to trust Oura’s internal access controls.

It’s also unclear from Oura’s privacy policy how long it takes for data to be deleted. The company said that the deletion process is completed within time required by privacy laws. Factory resetting the device will clear any data from it instantly, but we’ve seen customer support responses that suggest it can take anywhere between two to three weeks to remove your data from Oura’s systems.

There's a few steps you can take to make sure you're minimizing the Oura ring’s impact on your privacy.

Lock down your sharing settings

Open the Oura app, go to Settings and scroll down to Data Sharing. Make sure you're not sending your data out to any other third-party apps you're not comfortable with. While you're there, check the Oura Platform and Research options too and make sure you're not sending your data out to a third-party controller.

Minimize your profile data

Turn off your location permissions in the app, remove your country of residence, and turn off any Women’s Health features enabled. You can also delete any reproductive information immediately using the same interface, but any conversations you have with Oura’s AI assistant will need to be removed manually.

Request a copy of your data

Visit the Oura membership portal from the app and select “Export Data” to make a request. Review what Oura holds on you. Aside from deleting the data generated from Women’s Health features separately, there’s no way to delete specific information from your account short of wiping the whole thing.

Use a disposable email address and credit card

Registering your Oura account with a disposable email address and a virtual credit card means there's very little linking your Oura account to your real-life identity. This limits the ability of third parties to cross-reference your health data with other accounts in the event of a breach.

The Oura Ring is a product that we're so close to recommending, but it's hard to justify the fact that there's no easy way to use it offline.

Turning on Oura's location tracking can create a detailed record of where you travel, where you exercise, and when you're away from home. GDPR compliance is great, but it's not backed by end-to-end encryption that keeps your data entirely in your hands. Oura would doubtless argue that they need to be able to access your data to provide a full set of services, and we accept this: what we don't accept is the lack of options for privacy-conscious users.