Ultrahuman Ring Privacy Review

Yes. Ultrahuman doesn’t ask for location details on startup, and as far as we can tell you’re not locked out of any of the app’s features on a regional basis.

Whether Ultrahuman’s default settings are appropriate really boils down to whether you’ve bought the ring yourself or it’s being provided to you through a third party like a gym or your employer. If the latter is true, your data is being shared with that provider.

Ultrahuman collects the standard battery of smart ring biometrics: sleep stages, heart rate, HRV, blood oxygen, skin temperature, respiratory rate, and activity data, as well as cycle tracking and ovulation data. The company also processes data you provide about health problems to provide personalised recommendations.

We noticed in our testing that some of your data is sent to Facebook under the justification of "Ads and Social media". This doesn't necessarily mean your health data is being provided directly to Facebook. Ultrahuman is explicit that your health data isn't shared with third parties without your permission. Still, it's unclear exactly which parts of your profile are sent to Facebook which is slightly worrying.

The policy also states that data may be transferred, stored, and used in any country where Ultrahuman operates, including the United States, and that you consent to this by using the product. If you do not agree to international data transfer, you can't use the platform.

Founded in Bengaluru in 2019, Ultrahuman hasn’t been around as long as some of the other major players in the health wearables space. The company hasn’t confirmed any major data breaches and markets itself as having a strong privacy-first approach to wearables, but their marketing in the past gives us pause.

In 2024, Oura filed a patent infringement case against Ultrahuman at the US International Trade Commission. During the case, Ultrahuman submitted footage making it appear as though the company operated a manufacturing facility in Texas. This footage was doctored to include Ultrahuman’s signage and branding.

It’s not a good look for a company that is asking you to trust it with intimate details about your personal health.

Ultrahuman doesn’t require a subscription to use. You do need to log in with your Apple or Google account. On iPhone, you can provide any name you like and an anonymized forwarding email to minimize the amount of information you provide to Ultrahuman.

Your data flows with Ultrahuman through cloud servers before it's analysed and sent back to your phone. Ultrahuman's privacy policy is actually pretty explicit about which subprocessors it uses for cloud services including Snowflake, MongoDB Atlas, InfluxDB, Amazon Web Services, Mixpanel, and Clevertap. Full marks for transparency.

You can pull down your data instantly from Ultrahuman at any time through their API.

Ultrahuman still requires that you use their infrastructure to upload your data. There’s no way to use the device without registering an account through Apple or Google, even if you don’t intend to subscribe to their premium service.

While Ultrahuman claims that they “strive” to be compliant with HIPAA with respect to their US customers, they’re not actually a covered entity under the HIPAA act. That means that they aren’t beholden to the act if they violate the data-sharing aspects of it.

We’ve also found that the Ultrahuman ring can be synced freely to another instance of the mobile app without needing to be attached to the docking station. This means that if you lose your bluetooth connection to the ring at any point in time, anyone in Bluetooth range with the Ultrahuman app could sync with the ring and begin reading data from it.

Ultrahuman did not respond to a request for comment.

Review your integration settings

Open the Ultrahuman app and check whether you have any third-party integrations enabled. If you’ve signed up through a third party, you should also check whether that partner has been granted access to your data.

Understand what data third-parties can see

If you’re using Ultrahuman through a workplace wellness program or gym partnership, your data may be shared with that institution. If you’re uncomfortable with your employer being able to see data like your sleep patterns, you should discontinue your use and switch to a consumer account.

Request a copy of your data

You’ll need to contact [email protected] to see what data the company actually holds on you. Although you can pull a subsection of it down through the API, you won’t get a full view of what Ultrahuman knows about you without going through their support channel.

Ultrahuman doesn’t lock you into a subscription plan when you buy the product, which is great. If you’re signing up using Apple’s Private Relay, there’s very little tying you to your Ultrahuman account other than the IP you connect from.

However, the Ultrahuman ecosystem is still an online-only one. The offline features are really just there as a convenience feature if you’re not able to connect to the internet at the moment, and it’s not viable to use it long-term without connecting. When it comes down to it, Ultrahuman has the same fundamental problem as Oura: you’re sending your data to a cloud service where you have to trust the provider not to play fast and loose with your health metrics.