Data Privacy: Period Tracking Apps

Written By Aileen Norton

In today’s digital world, period tracking apps have become a staple for many individuals seeking to monitor their reproductive health. These apps help track ovulation, fertility windows, and menstrual cycles with unparalleled precision. However, as technology evolves, so do concerns about data privacy. These concerns have been magnified in the wake of the U.S. Supreme Court’s decision in Dobbs v. Jackson Women’s Health Organization, which overturned the constitutional right to abortion. With reproductive rights now subject to state laws, period-tracking apps could potentially be weaponized against their users.

Why Does Period Data Privacy Matter?

Many users mistakenly assume that health data shared with period-tracking apps is protected under the Health Insurance Portability and Accountability Act (HIPAA). Unfortunately, most of these apps fall outside HIPAA’s jurisdiction. Instead, they are governed by less stringent consumer data protection laws, leaving users vulnerable to data misuse.

In a post-Roe era, data privacy concerns are real. State laws criminalizing certain reproductive healthcare services have created a landscape where menstrual cycle data could potentially be subpoenaed as evidence. For example, deviations in cycle patterns, such as missed periods, could be misinterpreted and used to infer information about pregnancy or abortion, whether accurate or not. Some apps automatically seek permissions that allow them to share data with third parties, including advertisers or data brokers, making it difficult for users to track where their data ends up.

The Risks of Using Period-Tracking Apps

Period-tracking apps often collect vast amounts of personal data, ranging from basic cycle information to sexual activity, contraceptive use, and pregnancy test results. Depending on the app, this data might be stored locally on your device or in the cloud, where it becomes more vulnerable to breaches or unauthorized access.

Here are the key concerns:

  1. Third-Party Data Sharing: Many apps generate revenue through partnerships with advertisers and data brokers. This creates a financial incentive to share user data.

  2. Unencrypted Data Storage: If data is stored without encryption, it becomes an easy target for hackers or other unauthorized entities.

  3. Lack of Transparency: Privacy policies are often vague or buried in legal jargon, making it challenging for users to understand how their data is managed.

  4. Potential Subpoena Risks: In states with strict abortion laws, apps could be compelled to turn over data as evidence in investigations.

Given these risks, it is essential to choose apps with robust privacy measures.


Apps with Strong Privacy Policies

Not all period-tracking apps are created equal. Some prioritize user privacy, ensuring that sensitive data remains secure. Here are a few standout options:

Euki

Euki is widely regarded as one of the most privacy-focused menstrual tracking apps available. Unlike many of its competitors, Euki stores all data locally on the user’s device, avoiding cloud storage altogether. This means your data remains in your control and is inaccessible to external parties. Additionally, Euki does not employ third-party trackers, further enhancing privacy. 

Embody

Embody prioritizes privacy with its offline-first design, storing all data locally on your device without uploading it to the cloud or centralized servers, ensuring your information remains inaccessible to third parties. The app requires no sign-in or personal identification, enhancing user anonymity and reducing data exposure risks. Data is collected only with explicit user consent, and any shared information is handled transparently and cannot be personally linked. Additionally, Embody\u2019s open-source code allows for public scrutiny, ensuring its security measures align with its privacy promises.

Other Apps to Consider 

Cycles

Cycles takes a user-friendly and privacy-conscious approach by avoiding third-party trackers and relying on a subscription-based model rather than advertising. Data is encrypted and stored in the cloud.

Aavia

Aavia provides users with options to manage their data actively. The app supports anonymous sign-ins and offers tools to import, export, or delete data as needed. Aavia does not share or sell personal data.

Flo

Flo is one of the most popular period-tracking apps globally, but its privacy record is mixed. In 2021, the Federal Trade Commission (FTC) alleged that Flo shared sensitive health data with third parties, including Facebook and Google, despite promising users that their data would remain private. Although the app has since introduced an “Anonymous Mode” to improve privacy, users should carefully evaluate whether these measures meet their standards.

Natural Cycles

Natural Cycles is FDA-approved for use as a contraceptive, but its privacy practices include sharing anonymized user data with researchers. While the app complies with GDPR standards and allows users to opt out, its reliance on cloud storage and data sharing may not align with everyone’s comfort level.

Stardust

Stardust claims to prioritize privacy but stores data in the cloud and employs third-party trackers. Users should review the app’s privacy policy thoroughly to understand the extent of its data-sharing practices.

Tips for Choosing a Privacy-Conscious App

Selecting a menstrual tracking app requires a careful evaluation of its privacy practices. Here are some tips to help you make an informed decision:

  1. Read the Privacy Policy: While it may be tedious, reviewing an app’s privacy policy is the best way to understand how your data will be handled.

  2. Look for Local Data Storage: Apps that store data locally on your device, such as Euki and Drip, minimize the risk of breaches or unauthorized access.

  3. Avoid Apps with Third-Party Trackers: Third-party tracking can expose your data to advertisers and data brokers. Apps like Euki, Drip, and Periodical do not use these trackers.

  4. Check for Encryption: Ensure the app encrypts your data both in transit and at rest to protect it from unauthorized access.

The Role of Policy and Advocacy

While individuals can take steps to protect their data, systemic changes are necessary to ensure widespread privacy protections. Advocacy groups and policymakers must work to close the gaps in data privacy laws. For example, extending HIPAA-like protections to health apps could significantly reduce the risks associated with data sharing. In the meantime, initiatives like data privacy week provide valuable resources to help users navigate these issues. 

Aileen Norton
Previous

The Science of Pleasure
Next

It’s Cervical Cancer Awareness Month: Let’s Talk About Speculums