Reproductive rights

We asked 12 period-tracking apps about their post-Roe privacy policies

Should you heed those warnings to delete your apps?

Shutterstock

After Friday’s Supreme Court ruling overturning the landmark abortion rights decision Roe v. Wade, social media lit up with suggestions that users delete their period-tracking apps for the sake of their privacy.

The court’s decision is causing many people who have periods to think about how to stay safe in a world that seems determined to prevent them from having easy access to life-saving health treatment. But is deleting such apps necessary — and would the apps in question hand over their data?

“The calls that are being shared on Twitter about all these app or service providers risking women’s life by simply collecting data seem — to me — sensible,” says Leonie Tanczer, lecturer in international security and emerging technologies at University College London.

There are a number of different issues at hand in a post-Roe world. One of the foremost concerns is that law enforcement might ask apps to hand over data that could help indicate that someone got an abortion in a state where that is no longer legal. (The authorities in theory could see that a person was once pregnant and now is not.)

“Period-tracking app companies, and any digital service provider, always have a clause in their privacy policies that state that they have to abide by the laws that exist within the jurisdictions in which they provide the service,” says Laura Shipp, a doctoral researcher at Royal Holloway University of London who specializes in femtech and period tracking apps.

“[Data] could end up being shared with governments even if it’s something that the companies themselves never intended.”

“That does mean that if data is being collected about your cycle on a service beyond period-tracking apps alone, then in a world where laws on people’s bodies are becoming increasingly stringent, this could end up being shared with governments even if it’s something that the companies themselves never intended,” she adds.

In an effort to understand how apps planned to head off the risk their users may be under, Input on Friday asked a dozen of the most popular apps where their user data is currently stored, whether it’s anonymized (and if so, how), and whether the company would comply with a request to hand over user data — and crucially, whether that’s changed after recent events.

“Our users’ health data, particularly any data they track in Clue about pregnancies, pregnancy loss or abortion, is kept private and safe,” says a spokesperson for the Clue app. The rep says that when researchers need to analyze user data, it is anonymized.

In an Instagram post, Clue said that its position as a European company meant special protections were applied to the health data it handles. Another app, Stardust, also said in a statement that it wouldn’t sell user data, and encryption meant “no governments or companies will ever access data that belongs to you and you alone.”

Period Plus, which has nearly two million users worldwide, said its app was secure. “We don't store any information that our users enter in the Period Plus app,” says Shane McLean, the developer. “That’s extremely private. It’s all on their device. If they delete the app, it deletes their data with it.”

As for whether Period Plus would give over data to authorities if asked, McLean says, “We would have nothing to hand over, other than some analytics like a number of downloads of the app each day or how many people used the app in a given time period.”

Some apps that track a person’s period have already come out and said that they are putting in place measures to try and stymie access to that data through a variety of means. Natural Cycles, which is the first birth control app approved by the FDA, has tweeted that it has always taken data privacy seriously: “We have been preparing for a world where Roe v. Wade was overturned and will continue to keep your data secure.”

In a statement, Natural Cycles CEO Raoul Scherwitzl says, “Natural Cycles has already been operating as if we are in a post Roe v. Wade world. We will do everything we can to not only protect our user’s data from potential legal situations that could emerge, but to alleviate any concerns users may have around their data. Women have enough to be concerned about, and it’s on us to make sure they feel comfortable sharing their sensitive data with us as their trusted method of birth control.”

Natural Cycles says it is trying to rewrite the app so that no one, not even the developers themselves, can identify a user. A company spokesperson declined to say how total anonymization would work, but says “it is quite a technical lift.”

“Our main priority is the safety and privacy of our users first and foremost, and we’ll always be committed to that.”

A spokesperson for Glow, which lays claim to a 16 million strong “community” across its eponymous app and another app, Eve, says: “We will continue to uncompromisingly protect our users’ privacy and personal health information. Period. Our number one goal is to build the best products for our users and doing anything that violates their trust would go against our core values. We will always do our very best to get things right and serve our users well.”

Raneal Engineer, spokesperson for Perigee, the Swedish developer of the Cycles app, tells Input that its data is stored using cloud services because of the company’s small size. “We make sure that our backups are encrypted, and we don’t link tracking IDs or other forms of identifiable tags to your data,” she says. “We also follow EU’s GDPR regulations for all of our users with all data being stored within Europe for additional security. When a user deletes their account and information, this is removed from our storage right away.”

Cycles anonymizes user data, and it only asks for necessary information. “Users can hide their email from us, and they can use any name that they choose for their profile,” Engineer says. “We provide options as well if someone doesn’t want to store any of their data — they can always keep their account information completely secure on their own device.”

Engineer says that Cycles’ strategy hasn’t changed post-Roe. “We’d first look at our legal options if we were to get a [law enforcement] request,” she explains. “It’s hard to speculate on how this would work, but our main priority is the safety and privacy of our users first and foremost, and we’ll always be committed to that.”

Ovia Health responded to Input’s email, but did not answer the questions. As of the time of publication, Flo, Lady Timer, FitrWoman, My Calendar, and MagicGirl all had not responded to requests for comment. Nor did Planned Parenthood, which developed the Spot On app — though the organization’s opposition to the removal of the constitutional right to abortion is well-documented.

Beware big apps

Given all this, what should someone who still wants to use a period tracker app choose?

“My advice would be to stay away from some of the biggest app providers, especially apps like Flo, who currently have a class-action lawsuit against them for sharing user data without users’ knowledge,” says Shipp. The researcher advises people use apps like Read Your Body, drip, or Pow!, all of which are what she calls “privacy-first trackers.”

Another concern is that even if a company would decline law enforcement requests to hand over information, those working with them may deliberately or accidentally exfiltrate data. “For example, what about all those anti-choice people that may work somewhere and now feel empowered to ‘play heroes’?” asks Tanczer. Such people may not be employed directly by period tracking apps or their developers, but could be providing services like security or penetration testing that gives them access to the data.

Even if people were to forswear every period-tracking service, the digital breadcrumbs we leave behind mean that it’s near-impossible to hide information about one’s menstrual cycle from those who might want to access it. Amazon purchases of sanitary products or abortion pills could give you away, just as your search history could.

Even text messages aren’t safe, fears Tanczer. “I am not saying that they are ‘read,’ but if you text your friend and then their anti-choice dad reads it, they may go after you,” she says.

“All these very Black Mirror-y ideas come to my mind at the moment, and I think it’s important that we address and publicize those,” she adds. “Because let’s be honest: Who really thought that Roe v. Wade would ever be overturned? Everything that used to sound crazy a few years ago seems to slowly become reality.”