Skip to main content

Biometric Data Privacy Policy

Last Updated: October 1, 2025

Certain U.S. states have laws requiring companies that process data under the broad umbrella term of “biometric identifiers” or “biometrich data” (“Biometric Data””) to publish a policy notifying people about how they collect, use, and share (collectively “process” or “processing”) that data and the rights certain consumers (“Consumer”, “Consumers”, "you", or "your") may have.

This Policy applies solely to Consumers in states or jurisdictions with laws pertaining to Biometric Data and that require such policies. To the extent that any personal data may be considered Biometric Data pursuant to these laws, this policy provides our practices regarding the collection, use, disclosure, storage, retention, destruction, and security of that data. For more information about our general practices regarding the processing of your personal data, please see the Peloton Privacy Policy. Peloton is committed to complying with applicable laws and regulations when processing Biometric Data, including those laws and regulations that may require Peloton to provide notice or obtain consent prior to processing what some laws and regulations may deem Biometric Data. Members may withdraw their consent at any time by contacting us as described below.

Definitions

For the purposes of this policy, "Biometric Identifier" means a retina or iris scan, fingerprint, voiceprint, scan of hand or face geometry, or other unique biological patterns or characteristics. Biometric identifiers do not include writing samples, written signatures, human biological samples used for valid scientific testing or screening, demographic data, tattoo descriptions, or physical descriptions such as height, weight, hair color, or eye color.

For the purposes of this policy, "Biometric Data" means the measurement or technological processing of any data, regardless of how it is captured, converted, stored, or shared, based on an individual's biometric identifier that identifies a consumer, whether individually or in combination with other data to identify an individual. Biometric Data does not include data derived from items or procedures excluded under the definition of biometric identifier.

Sharing and Disclosure of Biometric Data

As required, Peloton will obtain a member’s consent and release prior to sharing Biometric Data with vendors, service providers, or partners who are contracted to perform services directly related to the purpose of the collection of the Biometric data. Vendors, service providers, and partners who have access to Biometric Data are required to keep the information secure, confidential, and are restricted in their use of the data.

Peloton will not disclose, redisclose, or otherwise disseminate Biometric Data unless:

  • authorized by the member or an authorized representative of the member to whom the Biometric Data relates;
  • needed to complete a financial transaction requested or authorized by the individual;
  • required by law or municipal ordinance;
  • required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction; or
  • as required under applicable law, necessary for the establishment, exercise or defense of legal claims of wherever courts are acting in their judicial capacity.

Personalized Experiences: Automated Decision-Making

We may process your Biometric Data to make automated decisions about you. We carry out this processing for the purposes of providing workout recommendations to you based on our inferences about your preferences and practices, including for example recommendations about certain muscle exercises based on your previous exercises.

Subject to local legal requirements and limitations, you can contact us to request further information about automated decision-making, object to our use of automated decision-making, toggle off “Personalized Experiences” in Settings(see here for more information), or request an automated decision to be reviewed by a human being.

Security

Safeguarding Biometric Data is important to us. While no systems, applications or websites are 100% secure, we strive to establish reasonable systems, policies and procedures to protect Biometric Data from loss, destruction, misuse, and unauthorized access, acquisition, disclosure or alteration.

Retention and Destruction

If Biometric Data is processed by a third-party vendor on our behalf, they are contractually required to destroy the Biometric Data after processing.

Where permitted under applicable law, Peloton will retain Biometric Data if required to do so per a valid warrant or subpoena issued by a court of competent jurisdiction or if necessary for the establishment, exercise or defense of legal claims or whenever courts are acting in their judicial capacity.

What Biometric Data is Collected and Purposes for Collection

We may collect your picture (e.g., if you choose to upload a profile picture). For features that use your Peloton device's camera, such as Rep Counting and Form Feedback, all video and image analysis occurs directly on your device. No raw video or image footage is ever sent to, viewed by, or stored by Peloton.

However, for feature functionality and to improve our services, we do collect a limited set of non-personally identifiable “telemetry data” that we receive from your device’s camera. This telemetry data includes:

  • Confirmation that a person is in the camera's view (to activate the feature).
  • An assessment of whether you are performing the correct exercise.
  • Your repetition count for a given exercise.
  • Your general orientation relative to the camera (e.g., facing forward, to the side).
  • Estimated skeletal joint positions, used solely for analyzing movement and form.

Why we process your Biometric Data?

We may process your Biometric Data to:

Analyze your performance: We may use Biometric Data to compare past and current performances and provide you with analytics about your fitness progress over time and provide you feedback on your form, often powered by AI to provide deeper insights. See also our Privacy Policy.

Provide workout recommendations: We may recommend workouts to you based on our inferences about your preferences and practices, including for example recommendations about certain muscle exercises based on your previous exercises. Recommendations may include information derived from Biometric Data we collect from you, and involve the use of automated decision making (see above for more details and Privacy Policy).

Understand you: We may use your voiceprint to understand your voice commands and, if you opt in, to improve our abilities to understand voice commands in general when you are using Peloton products equipped with voice control, including through the application of AI.

Use of Artificial Intelligence

As mentioned above, Peloton may leverage artificial intelligence (AI) to process your Biometric Data to improve our services and offer enhanced functionalities. This includes, but is not limited to, providing form feedback, analyzing performance estimates, and refining voice command recognition. You may always opt out of personalization use by toggling off “Personalized Experience” in your Settings. Please see the Peloton Privacy Policy for more details on use and your preferences.

How to contact us?

If you have any questions or would like to contact us or our Data Protection Officer, you can do so by email at privacy@onepeloton.com or at the addresses below.

U.S. and Canadian residents:

Peloton Interactive, Inc.
441 Ninth Avenue, Sixth Floor
New York, NY 10001
USA
Attn: Legal Department

UK residents:

Peloton Interactive UK Ltd.
Orion House
5 Upper St Martin’s Lane
London WC2H 9EA
United Kingdom
Attn: Legal Department

Australia residents:

Peloton Interactive Australia Pty Ltd
The Commons, 32 York Street

Sydney NSW 2000
Attn: Legal Department