Oura admits to government data requests but won't say how many

Health wearable maker Oura confirms it receives government demands for user data but refuses to publish a transparency report disclosing the volume, scope, or frequency of those requests. The company, now valued at over $11 billion with more than 5.5 million rings sold, told reporter Zack Whittaker that it evaluates each request for legality and pushes back on overbroad ones — but has gone silent on follow-up questions about aggregate numbers after initially saying it was ‘actively evaluating’ how to share them eight months ago.

The deeper issue is architectural. Oura does not end-to-end encrypt user data, meaning heart rate, sleep, menstrual cycle, and location records can be decrypted at multiple points between the ring and Oura’s servers. The company confirmed staff can access stored user data, which by extension means prosecutors with warrants, attackers with stolen keys, or rogue insiders can too. Oura’s prior deal with the Department of Defense and Palantir amplified customer anxiety about where the data ultimately flows.

The pattern echoes the post-Snowden era when tech companies began publishing semi-annual transparency reports to rebuild trust after the NSA surveillance disclosures. Oura, now the dominant player in health wearables, has the resources to both re-architect for stronger encryption and follow that disclosure norm. Until it does, customers have no way to gauge how often their intimate biometric data is being handed to governments.