How to Protect Your Health Data on Fitness Trackers and Smartwatches
A step-by-step guide to understanding what your wearable collects, auditing which apps can read your health data, adjusting privacy settings on major platforms, and deleting stored health records from Fitbit, Apple Health, Garmin, and more.
What your wearable collects and who has access to it
Most people know their fitness tracker counts steps. Few realize it is also building a continuous record of their heart function, sleep architecture, stress responses, and physical location. Understanding the full data picture is the starting point for deciding what to limit.
- Modern wearables record heart rate continuously throughout the day and night, sleep duration and stages (light, deep, REM), blood oxygen levels, heart rate variability (used to infer stress and recovery), skin temperature, and on newer devices, ECG readings
- Devices with GPS record the exact routes of your runs, walks, and commutes, including timestamps. This data is stored on the manufacturer's servers alongside your health metrics
- Apps like Fitbit, Apple Health, and Garmin Connect also collect menstrual cycle data, weight, nutrition logs, and any health metrics you manually enter
- This combination of data builds a detailed biological and behavioral profile. A year of wearable records reveals your sleep quality, stress patterns, physical health trends, and daily routine in more granular detail than most clinical records
- The data is processed on the manufacturer's servers, not solely on your device. Replacing or losing your device does not remove any of it
- The manufacturer: Apple, Google (which acquired Fitbit in 2021), Garmin, Whoop, and Samsung each store and process your data under their own privacy policies. Fitbit's privacy policy permits sharing aggregated or de-identified data with third parties
- Third-party apps: Any app you connected to Apple Health, Google Health Connect, or your device's companion app can read the health data categories you authorized, often during initial setup and then forgotten
- Employer wellness programs: Programs such as Virgin Pulse or Vitality that offer incentives for wearable use require you to share health metrics with the program provider. If the program is not tied to your employer's group health plan, standard HIPAA protections do not apply to that data
- Important: Consumer wearables are not covered by HIPAA. The legal protections that govern data held by hospitals and doctors do not apply to data held by Apple, Google, or Garmin. Your health data on these platforms is protected only by their privacy policies and applicable consumer protection law
Audit and revoke third-party app access to your health data
The most common and overlooked privacy risk with wearables is apps that were granted access during setup and never reviewed again. An app you used once may still have continuous read access to your heart rate, sleep, and menstrual data.
- Go to Settings, then Privacy & Security, then Health
- You will see every app that has requested Health access, listed with the data types each can read or write
- Tap each app to see the exact categories it can access: heart rate, sleep analysis, menstrual cycles, workouts, blood oxygen, and more. Revoke any category the app has no clear need for
- Remove any app you no longer actively use. Apps you deleted from your phone may still retain Health access unless revoked here
- Pay particular attention to apps in categories like insurance, fitness coaching, or corporate wellness. These are the most likely to use health data for purposes beyond the core app function
- On Android, go to Settings, then Privacy, then Health Connect to see which apps have been granted access to your health data
- Tap each app and review the data types it can read. Revoke access for any app you no longer use or that has access to more data categories than it reasonably needs
- In the Fitbit app: tap your profile icon, then Manage Data, then App Management to see connected third-party apps. Remove any you do not recognize or actively use
- Also review Google Account connected apps: go to myaccount.google.com/permissions and remove any third-party services with access to your Google Fit or Fitbit data
Adjust data collection and sharing in your device settings
Each platform has settings that control whether your health data is used for research, shared with partners, or fed into product improvement programs. These are separate from app permissions and are usually opted in by default.
- Fitbit: Tap your profile icon, then Privacy Settings. Turn off Personal Health Analyses to stop Fitbit from using your data to develop health features. Also turn off Research Participation to opt out of contributing your data to Fitbit's research programs
- Fitbit location: In the Fitbit app, go to your profile, then App Settings, and ensure that location access is set to While Using rather than Always. GPS route data from workouts is stored permanently unless you delete individual activities
- Garmin Connect: In the app, go to More, then Settings, then Privacy. Turn off Data Permissions to stop Garmin from using your activity data for product improvement. You can also set your activity data visibility to Private to prevent it appearing on leaderboards or challenges
- Whoop: Go to your profile, then Privacy Settings, and turn off data sharing options beyond what is required for the core service. Whoop's research data contribution is opt-in, but review the current toggles as settings can change across app updates
- Open the Health app, tap your profile picture, then Privacy to review what Apple uses your health data for, including research studies you may have joined
- Go to Settings, then Privacy & Security, then Motion & Fitness. Turn off Fitness Tracking if you do not want background step counting shared with third-party apps via HealthKit
- In the Apple Watch app on your iPhone, go to General, then Privacy, and turn off Diagnostics to stop the watch from sending usage and health sensor data to Apple for analysis
- Apple Health data stays on your device and in your iCloud account by default and is not used for advertising. The main risk with Apple Health is the third-party apps you connect to it, which is why auditing permissions in Section 2 is particularly important on iPhone
Export your health data and remove what you no longer want stored
Turning off future data sharing does not remove what has already been collected. If you want to clear the historical record, each platform provides an export option and a deletion path.
- Fitbit: Go to fitbit.com/settings/data/export on desktop and request a full export. Google will prepare a download of your complete health history in JSON format, usually within a few hours
- Apple Health: Open the Health app, tap your profile picture, then Export All Health Data. A ZIP file is generated and can be saved via the share sheet to Files or another location
- Garmin: Log in at connect.garmin.com, go to your account settings, then Account Management, and request a data export
- Exporting gives you a personal copy of your health history before removing it from the manufacturer's servers. Individual activity files (GPS routes, heart rate logs) are included in most exports
- Fitbit/Google: Go to myaccount.google.com/data-and-privacy, then Delete a Google service to remove Fitbit entirely. Individual activities can also be deleted one by one in the Fitbit app
- Apple Health: Individual data categories can be cleared by tapping a category in the Health app, selecting Show All Data, then Edit to delete entries. To remove all data from a connected source, go to Settings, then Health, then Data Access & Devices
- Garmin: In Garmin Connect, go to Settings, then Account Management, then Delete Account to permanently remove all stored activity and health data
- Deleting your account with the manufacturer removes data from their servers but does not remove data that was already synced to third-party apps. Revoke app access in Section 2 before deleting your account to close this gap
The biggest privacy risk with wearables is not the device itself but the ecosystem around it: the manufacturer's servers, the apps connected to your health platform, and any employer or wellness program that has been granted access to your metrics. Most wearable privacy settings are not difficult to change, but they are buried in companion apps and rarely explained during device setup. Completing Sections 2 and 3 (auditing connected apps and adjusting platform settings) removes the most significant ongoing data sharing for most people. If you want to go further, Section 4 provides a clean path to remove the historical data that has already been collected, regardless of whether you continue using the device.