After the fall of Roe on Friday—the 1973 decision that legalized abortion in the United States—people online started urging others to delete their period tracking apps.
Generally, apps that track menstruation and fertility extract a lot of data from users that previously only a gynecologist got in this much detail. Depending on the app, this can mean scads of information each month about when a period starts, stops, or is interrupted or unusual in some way, the heaviness, lightness, and all kind of other physical qualities of one’s blood. Some apps allow users to track what they were eating, drinking, smoking, and feeling during their period or in the weeks before and after. Some apps also allowed users to track sleep habits, whether they traveled and where, and the list goes on. It’s a treasure trove of personal data.
There are a lot of good reasons to track your cycle as part of staying informed about your own health, but avoiding pregnancy and trying to become pregnant are the most common. Theoretically, the same data be used against someone targeted by law enforcement for seeking an abortion: if the courts can see when you stopped menstruating, or changes to your flow in general, they could infer things about when and how you became pregnant or accessed abortion care.
Motherboard asked 10 popular period and fertility tracking apps how they plan to protect users’ privacy in a post-Roe world, and how they plan to handle requests from law enforcement. My Calendar, FitrWoman and MagicGirl didn’t reply. Seven other apps replied (none of the big tech companies we reached out to with similar questions about data storage post-Roe responded initially) and their comments ranged from making no solid commitments about how they will protect users to stating that they would rather shut down than violate user privacy.
Glow is the parent company of multiple fertility, period tracking, and health apps: Glow, which includes calendars and logs for tracking menstruation, Nurture which logs data about your pregnancy, Baby for early child development tracking, and Eve, which tracks your sex life.
Glow didn’t respond to my questions. Instead, it sent a short statement about “core values”:
“Thank you for reaching out about the Supreme Court’s decision on Roe vs Wade. We will continue to uncompromisingly protect our users’ privacy and personal health information. Period. Our number one goal is to build the best products for our users and doing anything that violates their trust would go against our core values. We will always do our very best to get things right and serve our users well. Thank you for reaching out to us on this important matter.”
Period Tracker is a no-frills app that does period and symptom logging and prediction, and has options for sharing data with a sexual partner. Users don’t need an account—a crucial feature for apps that want to protect people’s privacy by not storing it in the first place. In a company blog post published last month, parent company GP Apps said that it would rather shut down the company than aid law enforcement in government overreach:
“We want to assure our users that we are adamantly opposed to government overreach and we believe that a hypothetical situation where the government subpoenas private user data from health apps to convict people for having an abortion is a gross human rights violation. In such a scenario, we will do all we can to protect our users from such an act. We would rather close down the company than be accomplice to this type of government overreach and privacy violation.”
Ovia incorporates period tracking and fertility with early child development tracking. There are Fertility, Pregnancy and Parenting apps. Like many other apps, it does comply with legal requests from law enforcement and private parties involved in civil litigation to hand over users’ data. It’s outlined that process on its website. Ovia stores all your data in cloud servers, where it can be accessed if the government, for example, asks for it.
Ovia told me in a statement: “Post-Roe, Ovia will continue to provide strong privacy and security protections for the data that users track in our apps. We protect our user data with rigorous security controls, and we don’t sell data to data brokers. We provide self-serve privacy controls in our apps that allow users to export or delete their data at any time.”
Flatcracker Software’s Period Plus app is a straightforward symptom and period tracking app. It works with Apple HealthKit “by synchronizing your menstruation, spotting, cervical mucus quality, basal body temperature, weight, and intercourse information,” according to its website.
“We don’t store any information that our users enter in the Period Plus app,” a spokesperson for Period Plus said. “That’s extremely private. It’s all on their device. If they delete the app, it deletes their data with it.”
Flo is an incredibly popular period tracker that regularly makes it onto top-ranking lists for tracking apps. It was founded in 2015, and claims on its site to have 230 million users. It’s also come under fire in the last few days as one of the apps people are suggesting everyone delete, claiming that it sells data to third parties. (Many of the same people suggest Stardust as a backup, which explicitly states it will hand over data to law enforcement without being legally forced to do so.) Flo denies this on its website. “At no time has Flo ever sold user information, nor have we ever shared it with third parties for advertising purposes,” according to its site.
“Flo will always stand up for the health of women, and will do everything in its power to protect the data and privacy of our users,” a spokesperson told me. “To add to our security measures already in place (read more about that here), we will soon be launching a new feature called ‘Anonymous Mode’ – an option that allows users to remove their personal identity from their Flo account. Lastly, Flo will never require a user to log an abortion or offer details that they feel should be kept private, and users can delete their data at any time.”
The period tracking app Cycles’ main feature is being able to share your tracking information with a loved one: for example, a sexual partner can be aware of when you’re on your period and plan accordingly, or adjust plans for fertility.
“We are 100% committed to the privacy of our users, but understand that now it’s even more pressing,” a spokesperson said in a statement. “Our current privacy and data protection protocols will continue to work post-Roe. First, our users can always use Cycles without creating an account, meaning we don’t have to have your data, it can stay locally on your device where only you can access it. Secondly, if you decide to create an account you can hide your email from us, meaning we can’t actually link anything to your actual email address. This is linked to the anonymized data that we have.” Users have the option to delete their data within the app, without having to contact the company and request that it delete it, they said. The company is based in Sweden, and as such, operates under GDPR guidelines, which means it has to abide by strict data handling and privacy standards.
With more than 10 million downloads on the Google Play store and currently number four in Apple’s Health and Fitness category, Clue is another wildly popular tracking app. (Its founder claims to have coined the word “femtech”—do with that information what you will.) It published a long, somewhat vague post on its company blog about privacy and data practices, and sent it as its response to my questions.
Like Cycles, Clue is beholden to GDPR, being based in Berlin. “Like every other consumer app, in order to be able to make Clue work and to function as a business, we do employ some carefully selected service providers to process data on our behalf. For these purposes, we share as little data as possible in the safest way possible,” the blog post says. It will “leverage” its dataset “for new insights into female health,” but claims that the data is “completely de-identified before the scientific researchers we work with analyze it – meaning that no data point can be traced back to any individual person.”
The Notes app on your phone or a spreadsheet can do the same job (or, even better, a paper calendar and a pen) as any of these apps, if all you want is cycle tracking and a log for your healthcare provider. But people turn to apps to track their menstrual cycles for the same reasons people use apps for almost anything else: they’re convenient, aesthetically more fun than a blank document, and can send push notifications to remind you when to either stock up on tampons or condoms or try to make a baby, depending on your goals.
The tradeoff—again, as it is with countless other types of apps—is often your own privacy.
Deleting period and fertility tracking apps from your phone isn’t enough. Especially for people in trigger states, where getting an abortion is now fully illegal at any stage of pregnancy, using airtight security practices is more important than ever. This means getting used to being survielled in the same way marginalized, criminalized people working in the sex trade or otherwise under carceral threat are, and adapting as such: being cautious about where your images are collected and might appear online (like at a protest or outside a clinic), being careful about what you put into text messages and using secure apps like Signal to communicate, and not accepting or sending funds through apps that historically have shut down accounts for illegal activity. Sending a friend money for an abortion through Venmo, for example, may put them at greater risk.
“People should carefully review privacy settings on the services they use, turn off location services on apps that don’t need them, and use encrypted messaging services,” the Electronic Frontier Foundation said in a statement on Friday. “Companies should protect users by allowing anonymous access, stopping behavioral tracking, strengthening data deletion policies, encrypting data in transit, enabling end-to-end message encryption by default, preventing location tracking, and ensuring that users get notice when their data is being sought. And state and federal policymakers must pass meaningful privacy legislation. All of these steps are needed to protect privacy, and all are long overdue.”
Personal protection of your data goes far beyond “delete your period app” and deleting those apps should not give you a false sense of security. Just deleting one specific app won’t stop the sieve that your personal data runs through, via every other app, messaging platform, and device.
This post has been read 25 times!