U.S. STATES PRIVACY NOTICE
If you live in a state with a privacy law governing Consumer Health Data please review our Consumer Health Data Policy.
Last Updated: March 27, 2024
This U.S. States Privacy Notice (“Notice”) supplements the information in, and is part of, the Peloton Privacy Policy. This Notice discloses information related to our privacy practices required by certain U.S. State laws which include California, Colorado, Connecticut, Montana, Nevada, Oregon, Texas, Utah, Virginia, and Washington. This Notice is intended to supplement the Peloton Privacy Policy in order to meet our disclosure requirements pursuant to relevant state law. To understand our privacy practices, you should refer to the Peloton Privacy Policy in addition to this supplement applicable to residents of rights granting states. This Notice applies to Personal Information, as defined below, that is processed by Peloton in the course of our business, including via the Peloton websites, the interfaces on tablets connected to Peloton fitness equipment such as the Peloton Bike and Tread, and through our Apps, forums, social media accounts, blogs, studios, retail showrooms, and other online or offline offerings (together, with any and all future online and offline offerings operated by or on behalf of Peloton, the “Services”).
This Notice is not intended to apply to Personal Information we collect about our employees, applicants for employment, or contractors in the employment context.
The definition of “Personal Information” may be different under individual state regulations. Generally, the definition used in this Notice differs from the definition used in the Peloton Privacy Policy. As used in this Notice only, “Personal Information” refers to “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”
1. WHAT PERSONAL INFORMATION WE COLLECT
The table below identifies the categories of Personal Information we collect and provides examples of Personal Information in such categories, along with information on the third parties with whom such categories of information may be shared. For more information about the Personal Information we collect, please see Section 1 of the Peloton Privacy Policy.
| Category | Examples of Personal Information in this Category | Third Party Recipients |
|---|---|---|
| Standard Identifying Information | Name, email address, mailing address, shipping address, phone number. | Vendors and Service Providers, Business Partners, Other Peloton Users, Third Party Advertising Partners |
| Protected Characteristics/Sensitive Personal Information | Age, Gender. | Vendors and Service Providers, Other Peloton Users, Business Partners, Third Party Advertising Partners |
| User Profile Information | Username, and any additional information you choose to provide to enhance your use of the Services, including your weight, height, general location, tags. | Other Peloton Users |
| Commercial Information | Purchase history, use history (total number of classes taken, the dates you took those classes, class performance history, including leaderboard rank, achievements earned), in-studio attendance history, your followers and who you are following. | Vendors and Service Providers, Business Partners, Other Peloton Users, Third Party Advertising Partners |
| Geolocation | Internet protocol (IP) address, GPS location, longitude/latitude, city, county, zip code and region, and your location and your smart device’s proximity to “beacons,” Bluetooth networks and/or other proximity systems. | Vendors and Service Providers, Business Partners, Other Peloton Users, Third Party Advertising Partners |
| Internet or other electronic network activity information | IP address, cookies and similar tracking technologies, mobile carrier, mobile advertising identifiers, MAC address, IMEI, Advertiser ID, and other device identifiers that are automatically assigned to your computer or device when you access the Internet, browser type and language, geo-location information, hardware type, operating system, Internet service provider, pages that you visit before and after using the Services, the date and time of your visit, the amount of time you spend on each page, information about the links you click and pages you view within the Services, and other actions taken through use of the Services, such as preferences. | Vendors and Service Providers, Business Partners, Third Party Advertising Partners |
| Financial or other Sensitive Information | Payment history information, information about your creditworthiness such as from Credit Bureaus. We do not collect health or medical information, however, some State’s may classify some of our workouts, fitness routines or accessibility offerings as health-related information. Some examples: pregnancy-related workouts, some meditation workouts, workouts related to your mood. Please note that as with all workouts, these workouts will be seen if your profile is public, and seen by any follower you allow to view your private profile. | Vendors and Service Providers, Business Partners |
| Physical Characteristics (Audio, electronic, visual, thermal, similar information) | Your visual image, likeness and voice recording (e.g., via photographs and/or video); recordings of member support and sales calls. Some other physical characteristics are collected in connection with our Services when you consent to its use; for example, characteristic movements to better assist your exercise form. These are not used to identify you. | Vendors and Service Providers |
| Fitness Data | Information relating to your fitness performance and/or workouts, including calories burned, distance covered, length of workout, and heart rate if you choose to connect a heart monitor. | Service Providers |
| Professional Information | Company name and title for visitors and guests. | Vendors and Service Providers |
| Photo, picture, image, or avatar | If you choose to upload a photo or image to be shown in your profile. | Other Peloton Users, Service Providers |
| Connected Device/Third Party Account information | If you access our Services through a third party application, such as the Apple App Store or Google Play App Store (together with any similar applications, "App Stores") or Social Networking Sites ("SNS") such as Instagram, Twitter or Facebook, we may collect information about you from that Third-Party application that you have made public via your privacy settings. This may include: your name, your SNS user ID, your App Store user name, location, sex, birth date, email, profile picture and your contacts on the SNS. | Vendors and Service Providers |
| Inferences drawn from any of the above information categories | We may collect data and make inferences based on that data, but the inferences are not used to infer specific characteristics about you other than what workouts or classes you may enjoy. | Vendors and Service Providers |
We may also share each of the above listed categories of Personal Information with government entities if we believe doing so is necessary: (i) to comply with law enforcement or national security requests and legal process, such as, a court order or subpoena; (ii) to protect yours, ours or others’ rights, property or safety; or (iii) to enforce Peloton policies or contracts. Additionally, if we are involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, sale of company assets or transition of service to another provider, then each of the above listed categories of Personal Information may be shared with the involved corporate entities and their professional advisors, representatives and agents as part of the transaction as permitted by law and/or contract.
The sources of the Personal Information we collect above include: information you provide (for example, on our Site or our Apps, in our studios, showrooms, or by telephone or chat), Information that we collect automatically from the devices you use to access our Services (for example, fitness equipment, heart rate monitors you choose to connect, mobile applications or websites), Personal Information we receive from third party partners (for example, our financing partners if you finance your purchase, or certain marketing, research or survey partners), and Personal Information that we generate internally (for example, we may generate identifiers internally that we associate with you).
2. WHY WE USE PERSONAL INFORMATION
The Peloton Privacy Policy describes our uses of Personal Information (see section 2).
3. WHAT PERSONAL INFORMATION WE SHARE
In addition to the table above, the Peloton Privacy Policy provides information regarding the categories of third parties with whom we share Personal Information (see Section 3).
State laws, such as those in California, require that we also list the categories of Personal Information that we have disclosed to third parties for business purposes in the last 12 months. In the last 12 months, we have disclosed all of the categories of Personal Information we describe in the “What Personal Information We Collect” section for business purposes. For example, we may share your IP address or device ID with service providers that provide crash monitoring and reporting services to us.
Some states allow residents to have the right to opt out of disclosures of Personal Information to third parties for valuable consideration (which may be considered a “sale” or “share” for example under California law even if no money is exchanged). If you reside in one of these states, and would like to minimize “selling” of your information with third parties for marketing purposes, see the “Your Rights” below.
Please Note: Laws in some U.S. States define the term “sale” broadly, and it may include selling/sharing certain information for particular purposes through technology such as cookies and similar tracking technologies. We never sell personal information to third parties for money (as defined by state privacy laws). However, when you visit our websites, we and our partners may collect certain information about you, your devices, and your behavior through cookies, tags or similar technologies that may be considered a “sale/share” even if no money is exchanged.
4. YOUR RIGHTS
Your state’s law may allow you have certain rights, such as:
Right to data portability/access. You may be entitled to receive the specific pieces of Personal Information we have collected in the 12 months preceding your request, including, where applicable, in an electronic and readily-usable format.
Right to know. You may be entitled to receive information regarding the categories of Personal Information we collected, the sources from which we collected Personal Information, the purposes for which we collected and shared Personal Information, the categories of Personal Information that we sold and the categories of third parties to whom the Personal Information was sold, and the categories of Personal Information that we disclosed for a business purpose in the 12 months preceding your request.
Right to deletion. You may be entitled to request that we delete the Personal Information that we have collected from you. We will use commercially reasonable efforts to honor your request, in compliance with applicable laws. Please note, however, that we may need to keep such information, such as for our legitimate business purposes or as required to comply with applicable law.
Opt out/Limiting Use. You may be able to opt out of some collection or uses of your Personal Information.
- You have the right to opt out of the “sale” or “sharing” of your personal information, as those terms are defined under respective state privacy laws. If you are in a state with privacy laws in place you may find out more information and/or submit a request on our “Do Not Sell/Share My Personal Data & Limit the Use of My Sensitive Data” form.
- You have the right to limit the use of your sensitive personal information, as those terms are defined under respective state privacy laws. For more information about the definition and this right please visit our “Do Not Sell/Share My Personal Data & Limit the Use of My Sensitive Data” form.
Right to Withdraw Consent. You may have the right to withdraw consent to the collection and sharing of information.
Rectification. You have the right to correct inaccurate information.
You may freely exercise these rights without fear of being denied goods or services. We may, however, provide a different level of service or charge a different rate reasonably relating to the value of your Personal Information.
If you would like to exercise one of your rights, please fill out and submit the Privacy Request Form or contact us at 1-844-559-0051.
We are required to verify the requests we receive from you when you exercise certain rights listed above. We (or third parties we engage to assist us) may ask you to provide certain information to us in order for us to verify your request, including your name, email address, Peloton username, physical address, date of birth and phone number (the “Verification Information”). This information will be used to generate a brief quiz with personalized questions to verify your identity. If you fail the identity verification quiz twice, our third-party verification partner will ask you to verify your identity by submitting a copy of state-issued ID and a photograph of yourself.
You may also designate an authorized agent to exercise your rights on your behalf. If you have provided an authorized agent with a power of attorney pursuant to your state’s Probate Code, we will work directly with your authorized agent to complete your request. Where you have not provided an authorized agent with a power of attorney pursuant to your state’s Probate Code, we will reach out to you directly to confirm the authorized agent’s authority and collect the Verification Information.
In addition to these rights, pursuant to California’s “Shine the Light” law, California residents who share personal information with us have the right to request and obtain from us once per year, free of charge, a list of the third parties to whom we have disclosed their Personal Information (if any) for direct marketing purposes in the prior calendar year, as well as the type of Personal Information disclosed to those parties. If you would like to exercise this right, please use the contact information listed below to contact us.
You may opt out and we honor certain technologies broadcasting an Opt-Out Preference Signal, such as the Global Privacy Control (GPC) if you are a resident of certain states. This occurs on the browsers and/or browser extensions that support such a signal. This request will be linked to your browser identifier only.
You have a right to appeal a decision made by Peloton, as applicable in your state. We make every effort to fulfill your request, however, we reserve the right to deny requests as allowed by applicable state law, such as where we have a reasonable belief that the request is fraudulent, where your identity cannot be confirmed, or where Peloton must retain your information consistent with applicable law. If you would like to submit an appeal please email privacy@onepeloton.com or see the “How to Contact Us” section below, and please explain your concerns and provide the email associated with your account so we may properly review your data rights request history. Our response to your appeal will inform you of decisions and actions in response to your appeal, including an explanation of the reasons for the decisions.
You may freely exercise these rights without fear of discriminatory, retaliatory treatment, or being denied goods or services. We may, however, provide a different level of service or charge a different rate reasonably relating to the value of your Personal Information.
5. HOW TO CONTACT US
If you have any questions about our privacy practices, this Notice or would like to contact us you can do so by email at privacy@onepeloton.com or at the address below.
Peloton Interactive, Inc.
441 Ninth Avenue, Sixth Floor
New York, NY 10001
USA
Attn: Legal Department
6. UPDATES TO OUR PRIVACY NOTICE
We may update our Privacy Notice from time to time. When we do, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Notice changes if and where this is required by applicable data protection laws. You can see when this Privacy Notice was last updated by checking the "last updated" date displayed at the top of this Notice