WHOOP Lawsuit: Health Data Secretly Shared with Third Party?

Case Overview: A class action lawsuit alleges WHOOP secretly monitored and shared consumers’ private health information and app activity with a third-party data company without their consent.

Consumers Affected: U.S. residents who watched videos in the WHOOP app within the past two years.

Court: U.S. District Court for the Northern District of California, San Francisco

Fitness tracker company WHOOP secretly monitored and shared consumers’ private health information and app activity without their consent, according to a recently filed lawsuit. 

The lawsuit alleges WHOOP embedded hidden tracking technology into its app, sending personal details and sensitive vitals, from stress levels to heart rates, to a third-party data company. The lawsuit argues that the practice directly contradicts WHOOP’s promises to keep user data private and protected.

WHOOP Accused of Secretly Monitoring User Vitals

The lawsuit was filed by California resident Steven Lomeli, a WHOOP subscriber who uses the device daily to track his vitals and access educational content. 

Lomeli says he never consented to his information being shared and only recently learned that WHOOP allegedly sent details like his full name, email, weight, and birthday, along with app usage data, to a third party. 

The lawsuit claims the company even shared records of the videos he watched in the app, such as guided meditations and health explainers, tying deeply personal health activity to his identifiable information.

Lawsuit Claims Consumers Had No Option to Opt Out

Unlike many fitness trackers, WHOOP doesn’t sell its devices outright. Instead, customers pay between $199 and $359 per year for memberships that include access to the WHOOP app and a wearable device. 

The trackers are designed to be worn 24/7, collecting a wide range of information: sleep cycles, heart rate, blood oxygen levels, stress levels, recovery rates, and even women’s hormonal and pregnancy data.

WHOOP markets itself as offering “medical-grade” insights and stresses that users’ data is secure, private, and never sold. But the lawsuit claims WHOOP embedded a tracker called Segment in its app, which funneled this data, including health vitals and app activity, to outside parties. According to the filing, consumers were never told about this sharing and were given no opportunity to opt out.

Health Data Management Faces Legal Challenges

WHOOP is not alone in facing privacy challenges. GoodRx recently agreed to pay $25 million over claims it disclosed users’ health data to tech giants without permission, while CVS is under scrutiny for similar practices. Adoption agency LifeLong Adoptions is being sued for allegedly passing sensitive user data to Facebook and Google. 

Allstate has also been accused of secretly building a massive driving behavior database, and Nutrisystem is facing claims it quietly tracked and shared customer information with a marketing firm. These cases reflect growing legal pressure on companies that mishandle or monetize personal data.

Lomeli seeks to represent all U.S. residents who watched videos in the WHOOP app within the past two years. He is asking for damages, legal fees, and injunctive relief to stop WHOOP from sharing data without consent. 

Case Details

• Lawsuit: Lomeli v. Whoop, Inc.
• Case Number: 3:25-cv-06828-KAW 
• Court: U.S. District Court for the Northern District of California, San Francisco 

Plaintiffs' Attorneys

• Heather M. Lopez (Milberg Coleman Bryson Phillips Grossman, PLLC)

If you use an app to track your fitness, sleep cycles, or other personal health data, tell us if you have concerns how that data will be used.