Skip to content
Pulsyn
A glucose test strip and blood sample, representing the new frontier of continuous glucose monitoring data that Oura is now integrating into its platform

Oura Is Tracking Your Blood Sugar Now. Your Insurance Company Will Want That Data.

James Hoffmann James Hoffmann
June 23, 2026 · 1 min read
HipaaPrivacyOuraInsuranceGlucose MonitoringCgmMedical DataDexcom

TL;DR

Oura just integrated with Dexcom Stelo for continuous glucose monitoring. Your sleep ring now reads your blood sugar. That turns a wellness gadget into a medical data collection device. Glucose data is insurance-relevant, employer-relevant, and legally protected under HIPAA. But Oura stores it on a server, the same server that has already received government data demands. When the data is medical-grade and the storage is cloud-based, the breach surface is not theoretical anymore. Pulsyn does not have a server. That is the only architecture that guarantees your glucose data stays yours.

Oura can read your blood sugar now. The partnership with Dexcom Stelo launched in June 2026, and if you wear an Oura Ring 5 and use a continuous glucose monitor, your sleep data, HRV, temperature, and glucose patterns all live in Oura's cloud. You can see your post-meal glucose response next to your sleep score. You can see how your blood sugar correlates with your readiness score. This is genuinely useful information. It is also a privacy threshold the wearables industry just crossed without warning its customers.

Let me be specific about why this matters more than any previous feature Oura has shipped.

A continuous glucose monitor sensor being applied to a person's arm, showing the type of medical-grade device that now integrates with smart rings

What the Dexcom partnership actually does

The integration works like this. Dexcom's Stelo is a continuous glucose monitor designed for people with Type 2 diabetes and anyone else who wants to track how food, exercise, and sleep affect their blood sugar. It is a non-prescription CGM, which is a relatively new category. The FDA cleared Stelo for over-the-counter sale in 2024. You stick a small sensor on your upper arm, it reads glucose levels in your interstitial fluid every 15 minutes, and it sends that data to the Dexcom app on your phone.

What changed in June 2026 is that Oura now pulls that glucose data from Dexcom into its own app and rings. Your Oura Ring 5 can show glucose patterns alongside your sleep stages, stress score, and activity levels. Oura calls this "metabolic health." The integration is optional, and you need both a Stelo sensor and an Oura subscription ($69 per year or $5.99 per month) to use it.

But here is the part nobody is talking about. Glucose data operates on a different level from step count, sleep stage, or HRV data. Glucose data is medically relevant in a way that makes it valuable to people who do not have your best interests in mind.

Why glucose data changes the privacy equation

There is a difference between tracking how many steps you took yesterday and tracking your blood glucose response to breakfast. The first tells an insurance company something about your activity level. The second tells them something about your metabolic health, your diabetes risk, and potentially whether you are managing a chronic condition.

Actuaries have been trying to get this data for a decade. Life insurance companies already ask about family history of diabetes, your BMI, and whether you have been diagnosed with pre-diabetes. The difference is that those are self-reported at the time of application. A CGM data stream is continuous, objective, and reveals far more. It shows whether you have a condition and, more importantly, how well you manage it day to day. It shows whether you ate a high-carb meal at 9 PM and spiked your glucose. It shows whether your fasting glucose is trending up over weeks.

The blood glucose monitor market is expected to reach $25.4 billion by 2030. That is not driven by people who want to optimize their breakfast. It is driven by insurance companies, employers, and healthcare systems that want to predict and manage chronic disease costs.

Oura knows this. They are not stupid. They are building a metabolic health platform because metabolic health is where the money is. The $11 billion IPO filing is not built on sleep scores. It is built on the idea that Oura becomes the gateway for all your health data, including the kind that pays out.

A close-up of health insurance paperwork and documents, representing the entities that will seek access to continuous glucose monitoring data

What happens when the data lives on a server

Oura stores your data on a server. This is not a secret. It is how their product works. Your ring collects data, sends it to your phone via Bluetooth, and your phone sends it to Oura's cloud. You can access it from any device. You can share it with your doctor. That is convenient.

It also means Oura has a copy of your glucose data. Oura, the company. And if you live in the United States, your health data has fewer legal protections than you think.

HIPAA does not apply to Oura. The Health Insurance Portability and Accountability Act covers healthcare providers, insurers, and their business associates. It does not cover wearable companies. When Oura stores your glucose data, it is stored on a server that is not subject to HIPAA. This is not a loophole. It is the standard business model for consumer health devices.

The FTC has been trying to close this gap. Congress introduced the SMARTWATCH Data Act (S.500) in 2025. Twenty states have passed their own health data privacy laws. But none of these laws solve the fundamental problem: if the data exists on a server, someone can take it.

Oura has already received government demands for user data. They have not published a transparency report showing how many requests they have received or how many they have rejected. That is their choice, and it is a choice that matters more now that the data includes glucose readings.

The Oura-Pentagon partnership from 2025 set a precedent: Oura is willing to work with governments and share health data for research. The new partnership with the Abu Dhabi Department of Health for a "joint research programme" on preventive health extends that pattern. Your glucose data is now part of the dataset that Oura can offer to research partners.

The BIPA precedent

There is also the legal angle. Oura is currently facing class action lawsuits under the Illinois Biometric Information Privacy Act (BIPA). The lawsuits allege that Oura collects and stores biometric data without proper consent and indefinite retention policies. Glucose data is not explicitly covered by BIPA, but the legal theory is broad enough that it could be.

Two separate BIPA cases against Oura are compounding. One involves sharing biometric data with Meta, Google, and Segment for advertising purposes. The other involves indefinite retention of biometric data after account deletion. If the court rules against Oura, the financial liability could be significant. More importantly, it establishes that the data Oura collects is valuable enough to sue over.

That value comes from the server. If Oura did not have the data on a server, there would be nothing to share, nothing to retain, and nothing to subpoena.

An abstract visualization of medical data privacy concepts, showing the intersection of health information and digital security

What the no-subscription competitors get wrong about this

Circular Ring 2 and RingConn both market themselves as no-subscription alternatives to Oura. They are not wrong about the subscription part. But they are also cloud-based. They also store your data on servers. Their privacy models are identical to Oura's except for the monthly fee.

The no-subscription pitch misses the point if your data still leaves your phone. A subscription fee and a data leak are different problems. One costs you money. The other costs you control over your medical information. I would rather pay nothing and keep my data than pay nothing and lose my data.

Pulsyn's architecture handles this differently. The health data never leaves your phone. The ring collects PPG signals, temperature, and accelerometer data. That data goes to the phone via Bluetooth. The phone encrypts it locally with SQLCipher using 600,000 PBKDF2 iterations derived from a PIN that we do not know. The on-device AI processes the data for sleep scoring, HRV analysis, and readiness without sending anything to a cloud server.

The distinction is architectural, not moral. We designed the system so that there is no server with your data on it. There is nothing to breach. There is nothing to subpoena. There is nothing to sell to an insurance company.

We are building an optional premium tier, Pulsyn Pro, that enables end-to-end encrypted cloud sync for users who want backup and cross-device access. But the cloud data is encrypted with a key derived from your PIN, and we do not have that key. The zero-knowledge architecture means we can store encrypted blobs without being able to read them. The user can revoke access at any time.

The optional tier exists because some people want backup. But the default, the thing that works out of the box with no configuration, is local-only. The data stays on your phone. If we ever add glucose monitoring, and it is a big if because the sensor hardware is not trivial, it would work the same way. Your glucose data would stay on your phone, encrypted, processed locally, and never sent to a server we control.

The FDA lobbying problem

Oura is simultaneously pushing into clinical diagnostics and lobbying for weaker regulation. They are asking the FDA to create a new device classification called "digital health screeners" that would bypass the full medical device approval process. They want to flag users about health abnormalities without being regulated as a diagnostic device.

If you read that twice, it gets worse. Oura wants to tell you about potential health issues based on your glucose data, but they do not want the FDA to treat their product as a medical device. They want the credibility of clinical diagnostics without the regulatory accountability.

This is the contradiction at the heart of wearables. Companies want the trust that comes from medical-grade data and the freedom that comes from consumer-grade regulation. They want to sell your glucose patterns to insurance companies without calling themselves a healthcare provider. They want to partner with governments for research without a transparency report.

I do not know what the right regulatory framework looks like. I am 22 and I build hardware. But I know that if your data never leaves your phone, the question of who regulates it becomes much less important. Pulsyn's answer to the FDA lobbying problem is not to lobby for better rules. It is to build a product that does not need rules to protect you, because the data is not accessible in the first place.

The honest limitations

I want to be clear about something. Pulsyn does not do glucose monitoring. We have not announced anything in this direction. Our rings have PPG sensors, temperature sensors, and accelerometers. None of them can measure blood glucose directly. The optical techniques for non-invasive glucose monitoring have been an unsolved engineering problem for twenty years. Apple has spent billions trying to do it with the Apple Watch and has not cracked it yet.

If your priority is glucose monitoring today, the Oura Ring 5 with Dexcom Stelo is one of the few options that works. You stick a sensor in your arm and get continuous data. That is useful for managing diabetes, pre-diabetes, or just understanding your metabolic health.

What I am saying is that if you do use a CGM, you should be aware that your glucose data is now on a server that can be subpoenaed, shared with research partners, and potentially used to adjust your insurance premiums. That is not a reason to avoid CGM technology. It is a reason to demand better privacy architecture from the companies that handle that data.

We are building Pulsyn so that when we do add features like glucose integration, the data stays on your phone. That is the only guarantee that matters.

A close-up of a smart ring near medical sensors, representing the convergence of wearable technology and medical diagnostics

What you can do right now

If you use an Oura Ring and a CGM, and the data sharing bothers you, there are practical steps you can take.

First, check what data Oura is sharing with Dexcom and vice versa. The integration requires both apps to communicate. Read the privacy policies for both. Oura's data-sharing settings are under Profile > Settings > Privacy in the app. You can disable data sharing with third parties, though that may break the integration.

Second, consider whether you need continuous cloud sync. Oura's architecture does not work without it. That is by design. If cloud sync is a dealbreaker for medical data, the only alternative today is a device with local-first architecture. There are not many of those.

Third, watch the BIPA lawsuits. If the courts rule that Oura cannot retain biometric data indefinitely after account deletion, that sets a precedent that affects the entire industry. It also validates the idea that your health data has independent value that the company should not control after you leave.

I am building Pulsyn because I think the default should be local. Not for people who are paranoid. For people who have not thought about it yet. For people who assume their health data is protected because the company seems trustworthy. It is not. And it will not be until the architecture makes it impossible for anyone but you to access it.

About the author

James Hoffmann is the founder of Pulsyn. He has been building privacy-first health hardware for two years and thinks your glucose data belongs to you, not to a server in Virginia.

References

  1. TechRepublic. "Oura Ring Glucose Monitoring: What Works Now for Blood Sugar Awareness." June 10, 2026.
  2. Athletech News. "Dexcom Stelo and Oura Integration Explained." June 9, 2026.
  3. STAT News. "Oura expands into metabolic health with Dexcom partnership." June 9, 2026.
  4. MarketsandMarkets. "Blood Glucose Monitor Market , Global Forecast to 2030." June 2026.
  5. ThisWeekInSecurity. "Oura Says It Gets Government Demands For User Data. Will It Share How Many?" 2026.
  6. gblock.app. "Oura BIPA Class Action , Indefinite Biometric Retention." 2026.
  7. POLITICO. "Oura lobbying for 'digital health screener' classification." February 2026.
  8. Department of Health , Abu Dhabi. "Joint research programme with Oura on preventive health." May 28, 2026.

Related Articles