Health‑wearable maker Oura confirmed it receives occasional government data requests but refused to disclose volume. The Finnish startup, valued at over $11 billion and poised for an IPO, tracks heart rate, sleep, menstrual cycles and location via its finger‑worn ring. Data travel from device to phone to Oura’s cloud without end‑to‑end encryption, allowing staff and, potentially, external parties to read it. This architecture raises serious privacy concerns.

A security reporter’s investigation revealed Oura stores user records in a format accessible to employees, meaning a warrant, stolen credentials, or insider could retrieve personal health metrics. Oura has sold more than 5.5 million rings, giving the company a sizable data trove. Such access undermines user trust. The firm said it reviews each request for legality, scope and necessity, and pushes back on overbroad demands.

Despite earlier promises to consider a transparency report, Oura ignored repeated follow‑ups and has not released any aggregate figures. Without public numbers, analysts cannot gauge how often the company complies with or rejects government subpoenas. Stakeholders demand clearer accountability. The lack of disclosure puts pressure on the market leader to prove it can safeguard user privacy amid growing regulatory scrutiny.