How private is your personal data on period-tracking apps?
We ask a cybersecurity expert
Update: Google Maps and Search get clearer labels for abortion providers.
Following the Supreme Court's decision to overturn Roe vs Wade, women all over the United States have been deleting their period tracking apps, in fear that the apps could be used against them should they live in one of the states which have banned abortion.
The very real concern is that in states which choose to ban abortion outright — six have already automatically come into force, with 16 more expected before the end of 2022 — women’s private mobile phone data will be used against them.
With 55 million users combined, two of the biggest players — Flo and Clue, have already released statements to reassure their users that their data is safe, or will be. But at the time of writing, the U.S. has no federal privacy law, meaning that there are few ways to prevent your data from being bought, sold or accessed by law enforcement.
So should you delete your period app, and if you do, does the app still have your data? To find out more, we spoke to Daniel Markuson, cybersecurity expert at NordVPN.
(Here's how you can track your periods without using an app).
Can you view the data an app has on you?
If you’ve been using a period tracking app for the past few months or years, is there a way to view whether the app has data on your location? “The answer depends on how much you know about the information you provided to the app” Markuson explains. “Some people have a bad habit of accepting all the requests for data before using an app. These users have no idea that their period trackers not only collect information on their menstrual circle or sexual activity, but also have permission to access their contacts and addresses, for example.”
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
But what if you accepted the requests years ago? “In that case, it is impossible to see all the information that the app has on you. If a user is careful with their data from the start - then they know what their period tracker app store”.
So what are your options? If you’re concerned, you can stop using an app, and either track your periods manually or look for an alternative app. Here are a few key terms to look out for:
Encrypted: Put simply, your data should always be encrypted. This means it’ll be scrambled into an incoherent sequence to prevent hackers from stealing your data.
Share or sell: Again, if an app is asking you to agree to having your data shared or sold, you should probably think twice before downloading it. The makers of Flo and Fitbit say they don’t sell personal data but may share some anonymized data with marketing firms.
Requests: This part of a privacy policy means that if a court or government agency requests for your data, you’ll be notified, ideally before the information is shared.
As a general rule, experts recommend being wary of free apps, as they often make money from selling your data. It’s worth noting that it’s unlikely to be just the period app alone that has been tracking your data. Most of the best fitness trackers collect sensitive data, such as your sleep and movement patterns, both of which can change when you’re pregnant. Again, it’s not the case that you should stop wearing your fitness tracker completely, but it is worth taking a look at the privacy controls if you are concerned.
If you delete the app, how can you be sure your data has been removed?
“Simply put - you can’t," Markuson says. “Even if you delete an app, the data assigned to your email will still remain in the hands of the company, which develops the app. You can, of course, request the company to delete all the information, and they should comply with such requests. Moreover, period trackers are known for sharing information with third parties and have been caught doing that in the past. So even if they have removed your data, it may be stored somewhere else.”
If apps are based in Europe (such as Flo and Clue) are there different data laws?
“No. If the request comes from US authorities, even European companies usually comply”, Markuson adds. “And of course using an EU-based app doesn’t protect people from going to courts requesting data directly. But it can be a slightly better option than using a US-based app because US companies are more easily compelled to comply with American authorities and courts’ requests. Enforcement is more difficult against European ones.”
What is the best way to keep your personal data secure when downloading and using apps?
Markuson shared three steps to take when it comes to keeping your personal data safe on an app:
Be careful when setting up privacy controls. It is advisable to prohibit the app from accessing contacts, photos, and location. Women should carefully check with whom the app is sharing their data and modify the list whenever possible.
Protect your app with a password. Password managers, such as NordPass, can help you generate passwords and store them securely
Do not use the same email address for correspondence and app logins. Use an unassociated email address that can’t trace back to you.
Jane McGuire is Tom's Guide's Fitness editor, which means she looks after everything fitness related - from running gear to yoga mats. An avid runner, Jane has tested and reviewed fitness products for the past five years, so knows what to look for when finding a good running watch or a pair of shorts with pockets big enough for your smartphone. When she's not pounding the pavements, you'll find Jane striding round the Surrey Hills, taking far too many photos of her puppy.