Where Your Health Data Goes

Tap each stage to see who receives your data, whether consent was given, and what can happen at the end of the chain.

Starting point: You buy a fitness wearable. You set it up, accept the terms, and start tracking your steps, sleep, and heart rate. Below is where that data travels — and what it can be used for.
1. Your Wearable Device
Heart rate, steps, sleep, location, menstrual cycle, blood oxygen
Explicit consent — you set it up

The device collects continuous biometric data. You know this is happening. The data is synced to the companion app on your phone, often every few minutes. What most users don't check: which sensors are active and what granularity of data is being stored.

📱
2. The Companion App
Fitness history, goals, user-entered health notes, account profile
Buried in terms of service

The app combines sensor data with everything you enter manually: weight, medications, mood. It also collects device metadata, app usage patterns, and in many cases, location data even when you're not exercising. This combined profile is far richer than just step counts.

What's buriedMost fitness apps' ToS include clauses permitting data sharing with "research partners," "business affiliates," and "service improvement purposes" — broad enough to cover nearly any data transfer.
☁️
3. Cloud Servers
Long-term data storage, trend analysis, account aggregation
Consent assumed via app use

Data is stored on company servers — often for years. Cloud storage enables the company to build longitudinal health profiles: not just today's data, but trends over months or years. These profiles are commercially valuable. They are also a breach target.

Breach exposureFitbit, MyFitnessPal, and 23andMe have all experienced major data breaches. Health data has a permanent shelf life — unlike a credit card number, you cannot change your heart rate history.
🏢
4. Third-Party Analytics Partners
Behavioural profiling, wellness scoring, ad targeting
Buried in terms — "affiliates and partners"

Analytics companies receive de-identified data (with name and ID removed) for research and product improvement. De-identification is frequently reversible — research shows that health data combined with location, age, and device type can re-identify individuals with high accuracy.

Re-identification riskA 2019 study found that 75% of "anonymised" health datasets could be re-identified using just 3-4 external data points. De-identified is not the same as private.
🗂️
5. Data Brokers
Aggregation with financial, location, and social data from other sources
No direct consent — downstream purchase

Data brokers buy information from analytics companies and combine it with data from other sources: financial records, social media, location history, retail purchases. The result is a merged profile far more detailed than any single source. These profiles are sold to whoever purchases them.

Who buys itEmployers, insurance companies, financial lenders, marketers, and political campaigns all purchase data broker profiles. You have no visibility into who has bought yours.
⚠️
6. End Consequences
Insurance, employment, targeted advertising, breach exposure
No consent — downstream use

Documented end-state consequences from health data leaving the original app ecosystem:

InsuranceHealth and life insurers in markets without strong regulation use fitness and health data to adjust premiums or deny coverage. Your low step count can raise your premium.
Employment screeningEmployer wellness programmes share aggregate data. In unregulated contexts, individual health indicators have been used in hiring decisions.
Targeted advertisingHealth condition inferences (based on search + wearable data) are used by ad platforms to show pharmaceutical ads, medical device promotions, and insurance products — often without the user realising the inference was made.

What you can actually do

Read the data sharing sectionBefore installing any health app, search its privacy policy for "share," "partner," and "third party." These 3 words reveal the data flow.
Limit data granularityMost fitness apps work adequately without continuous heart rate monitoring or location tracking. Turn off what you're not actively using.
Use apps with data deletion optionsApps operating under GDPR (EU) or CCPA (California) must honour deletion requests. Request deletion of your account data periodically.
Treat health app data like financial dataThe same caution that applies to banking apps applies to health apps. If you wouldn't share it with a stranger, reconsider sharing it with a free app.