Extension Privacy

Main privacy policy/WHOOP

WHOOP Privacy Policy

Last updated March 10, 2026. The WHOOP extension stores encrypted OAuth tokens and syncs fitness and recovery metrics so TrustPortfolio can render wellness widgets chosen by the user.

Provider

WHOOP

Auth Type

OAuth 2.0

Sections

5 policy areas

1

Data collected

  • Encrypted WHOOP access tokens, refresh tokens, token expiry time, and redirect URI needed to refresh the connection.
  • WHOOP recovery, sleep, cycle, and workout records returned by the WHOOP API, including scores, heart-rate metrics, sleep stage totals, workout strain, duration, and related timestamps.
  • Derived widget snapshot data and activity feed entries based on recent sleep, recovery, and workout records.
2

How the data is used

  • Authenticate the WHOOP connection and refresh tokens when needed.
  • Render WHOOP widgets such as overview, recovery, sleep, workouts, and ring views on the user's portfolio.
  • Keep the user's chosen wellness data current through background syncs and manual syncs.
3

Storage and retention

  • WHOOP tokens are stored in encrypted extension settings inside Convex.
  • Synced WHOOP metrics are stored in widget snapshots and activity records until replaced by a later sync or removed with the extension.
  • Because WHOOP data can describe health and fitness activity, users should only connect the extension if they want that information processed for portfolio display.
4

Sharing

  • TrustPortfolio contacts the WHOOP API only after the user completes the WHOOP OAuth flow.
  • WHOOP-derived portfolio content may become public if the user adds WHOOP widgets to public pages.
  • WHOOP data is also processed by TrustPortfolio infrastructure providers that host the app, database, and analytics stack.
5

User controls

  • Users can connect, reconnect, sync, disable, or remove the WHOOP extension from the dashboard.
  • Users choose whether WHOOP widgets appear on public portfolio pages.
  • Users can revoke the TrustPortfolio connection from WHOOP and remove the extension in TrustPortfolio to stop future syncs.

Related policies

The main TrustPortfolio privacy policy explains the core app, hosting, analytics, and extension framework.

Open main privacy policy
WHOOP Privacy Policy | TrustPortfolio