WHOOP Bands Accused of Illegally Sharing Your Most Intimate Health Secrets

So you’re trying to get a handle on your stress. You strap on the sleek, screen-free WHOOP band, a device that promises to unlock the secrets of your own body. You pay hundreds of dollars a year for a subscription membership, trusting it to be your private health coach.

Night after night, it tracks your sleep cycles. Day after day, it measures your heart rate, your strain, your recovery.

When you’re feeling overwhelmed, you open the app and watch a guided breathing exercise, a video titled “Increase Relaxation.” When you see a weird fluctuation in your heart rate, you pull up the “Understanding Average Heart Rate” explainer video.

For cis women, it can even track menstrual cycles and even offer personalized guidance through a pregnancy.

This is the most intimate data you own. It’s a minute-by-minute record of your physical and psychological state. And you’ve entrusted it to WHOOP, a company that assures you on its website, “your health data… is always protected. We never sell your information.”

But what if that wasn’t the whole story? What if, while you were watching that relaxation video, someone else was watching you?

According to a class action lawsuit filed in August 2025, that’s exactly what’s been happening.

The Ghost in the Machine

The lawsuit, brought by California resident Steven Lomeli on behalf of WHOOP users nationwide, alleges a stunning betrayal of trust. It claims that buried inside the WHOOP app is a third-party tracker called Segment.

The lawsuit describes this as a pipeline, siphoning off an incredible amount of your personal information and sending it straight to this other company.

And we’re not just talking about which buttons you click. The legal complaint alleges WHOOP shares your full name, email address, gender, birthday, and location.

But it gets so much more personal. The suit claims WHOOP also sends your vital health data—your resting heart rate, your blood oxygen levels, your skin temperature, and even your real-time stress scores.

Think about that for a second. The very data you check when you’re worried about your health is allegedly being packaged up with your name and shipped off to a third party you’ve never heard of, all without your knowledge or consent.

The final gut punch?

The lawsuit claims WHOOP even tells Segment which educational videos you watch. That private moment of concern, the one where you sought information about your heart rate or stress, allegedly becomes just another data point, linked directly to your name and email, for someone else’s ledger.

More Than Data, It’s Dignity

So what? It’s just data, right?

Wrong. This isn’t about which shoes you browsed online. This is about the sanctity of your medical and personal information. The lawsuit argues that WHOOP’s alleged actions violate two critical privacy laws: the federal Video Privacy Protection Act (VPPA) and California’s Confidentiality of Medical Information Act (CMIA).

These laws exist for a reason. They were created to draw a hard line around our most sensitive information, recognizing that our video history can reveal our politics, our beliefs, and our struggles, and that our health data is, well, nobody’s business but our own and our doctor’s.

The lawsuit claims that WHOOP, by positioning itself as a health and wellness service that offers videos and tracks medical-grade information, has stepped into the role of a healthcare provider and a “video tape service provider,” whether it intended to or not.

With that role comes immense responsibility: a responsibility the lawsuit alleges WHOOP completely ignored.

This case is a poster child for the central conflict of the modern digital age. We are sold tools for self-improvement, but the underlying business model is often one of self-exploitation. Companies wrap themselves in the language of empowerment and wellness, while their products are allegedly engineered to harvest and transmit the very vulnerabilities we trust them to help us manage. Your journey to a healthier life becomes their roadmap to a richer data profile.

What is Justice? A Fine or a Fix?

The lawsuit seeks damages—$2,500 for each violation of the VPPA and $1,000 for each violation of the CMIA.

For a company with a massive user base, that number could get very big, very fast.

But the real question isn’t about the final dollar amount. It’s about accountability. Will the penalty be seen as a genuine punishment that forces a change in behavior, or will it be chalked up as just another “cost of doing business”?

For too long, the tech industry’s playbook has been to ask for forgiveness rather than permission, knowing that the profits from misusing data often far outweigh the fines.

This lawsuit is a challenge to that status quo. It’s a fight to re-establish a simple principle: your body is not a commodity. The electrical signals from your heart, the quality of your sleep, the worries that lead you to watch a health video in the quiet of your home—that information belongs to you and you alone! Surely that isn’t a controversial statement, right?

Real solutions won’t just come from this one case. Unfortunate, I know. Real solutions require a fundamental shift. We need stronger, clearer privacy laws at the federal level that aren’t playing catch-up with technology.

We need a corporate culture where privacy isn’t a feature to be marketed but the bedrock of the entire product. And we, as users, need to start asking the hard questions and demanding more than just slick marketing slogans. We need to demand that the companies we entrust with our data treat it with the dignity and respect it deserves. Because when a company knows everything about your body, you have a right to know exactly what they’re doing with it.

All factual claims in this article are sourced from the class action complaint filed in the case of Lomeli v. WHOOP, Inc., in the United States District Court for the Northern District of California on August 13, 2025.