Device & Wearable Privacy Grades
6 companies analysed · Sorted by privacy score
Devices and wearables collect data that no app on your phone can match: your heart rate, sleep patterns, menstrual cycle, blood oxygen levels, GPS trail, and the physical location of your home and workplace. Health data collected by a wearable is among the most sensitive data a company can hold — it is permanent, uniquely identifying, and has implications for insurance, employment, and personal safety. How these companies store, share, and monetise that data varies enormously.
| # | Company | Grade | Score | In plain English | |
|---|---|---|---|---|---|
| 1 | B+ | 78/100 | Apple collects significantly less data than other big tech companies and explicitly commits — using …Apple collects significantly less data than other big tech companies and explicitly commits — using both Nevada and California legal definitions — to never selling or sharing your data for advertising. Their own ad platform doesn't use data brokers or cross-app tracking. Private personal data isn't used to train Apple's AI models. The main caveats are health, fitness, and financial data collection, government ID in some cases, and personalised ads that exist but are easy to turn off. | → | |
| 2 | B | 73/100 | Oura collects a lot of sensitive health data to run the service, but they don't sell it, give you re…Oura collects a lot of sensitive health data to run the service, but they don't sell it, give you real control over it, and are clearer than most about what they do with it. | → | |
| 3 | B | 71/100 | Garmin collects a lot of health and location data to run the service, doesn't sell it or share it wi…Garmin collects a lot of health and location data to run the service, doesn't sell it or share it with advertisers, and gives you good control over it — but the policy is dense, retention is vague, and aggregate data sharing with third parties isn't fully explained. | → | |
| 4 | B- | 68/100 | Fairphone doesn't sell your data and has a genuinely ethical mission, but it runs retargeting ads, s…Fairphone doesn't sell your data and has a genuinely ethical mission, but it runs retargeting ads, sends your full IP address to Bloomreach for segmentation, keeps contract data for a minimum of seven years, defaults to anonymisation rather than deletion when you ask for your data to be removed, and forum posts older than 60 days can never be fully deleted. | → | |
| 5 | C- | 44/100 | Microsoft's privacy statement covers an enormous product surface — Windows, Office, Azure, Bing, Xbo…Microsoft's privacy statement covers an enormous product surface — Windows, Office, Azure, Bing, Xbox, and Copilot — and the data practices vary dramatically across them. The umbrella policy is deliberately vague, deferring almost all specifics to product-level documentation. Cross-product data combination, AI model training on your content, and employer/school access to your files and communications are the key risks most consumers don't realise they're accepting. | → | |
| 6 | D | 39/100 | Samsung's data appetite is unusually broad for a hardware maker: voice recordings stored on servers …Samsung's data appetite is unusually broad for a hardware maker: voice recordings stored on servers with potential third-party retention, keyboard input logging via Predictive Text synced across devices, and persistent hardware identifiers that survive ad-ID resets. The company explicitly acknowledges that sharing with business partners may constitute a data sale under US law (CCPA). Full GDPR-grade rights are reserved for EEA/UK/Swiss residents; everyone else gets basic access and deletion with no response-time commitments. Retention timelines are vague and there are no named security certifications or breach notification windows. | → |
How we grade·Each company is scored 0–100 across four pillars: data collection, third-party sharing, user controls, and policy promises. The overall grade maps to the score band. → Read the full methodology