Warnung: *Datenschutz ist in diesem Produkt nicht inbegriffen
Glow Inc makes four different sex, period, fertility, ovulation, pregnancy, and baby tracking apps they say cover everything from "period to parenting." There is Glow (fertility), Nurture (pregnancy), Baby (babies), and Eve by Glow (period & sex life). All four apps use the same privacy policy.
Glow's two period/fertility/sex tracking apps say they give you things like a period tracker, sex & health log, fertility calendar, health log, sex quizzes, PMS symptom and mood tracking, ovulation calendar, community forums, and more. That's a whole lot of personal, sensitive health data they collect to help users get pregnant, not get pregnant, or just know more about their reproductive health. So, does Glow glow when it comes to protecting their users' privacy? Not exactly. Heck, not even close.
Was könnte passieren, wenn etwas schiefgeht?
Uhg, Glow. This will not be a glowing review because Glow raises a whole lot of privacy concerns for us. Where to start?
There's the big old bunch of trouble they got into back in 2020 after Consumer Reports found lots of problems with Glow's privacy and security. And then California settled with them in a case where they were allegedly failing to "adequately safeguard health information," "allowed access to user's information without the user's consent," and had security problems that "could have allowed third parties to reset user account passwords and access information in those accounts without user consent." Very very bad.
And then there's the dishonesty this privacy researcher was really irked by when she reviewed the data privacy information the company shared on its Google Play store data safety page. There they make the claim: "No data shared with third parties. The developer says this app doesn't share user data with other companies or organizations." This claim is easily shown to be false with a read of their privacy policy where they outline sharing data with lots of third party advertisers, business partners, and professional advisors (which seems way beyond the scope of what Google says constitutes what needs to be declared for data sharing.) Misleading and dishonest data safety claims are a HUGE pet peeve of us here at *Privacy Not Included. Unfortunately, with what we've seen so far on Google's new Play store data safety information pages, this self-reported data from companies is too often inaccurate. Glow isn't the only one making misleading claims there.
Glow does state clearly in their privacy policy that they can collect a whole bunch of personal, usage, and health information on their users. Things like name, email, precise location, spouse's name, sexual orientation, health care providers' names, child information, mood, medications, and, of course, sexual activity, fertility, and menstrual cycle information. That's a whole lot of information they can collect, which is not surprising. They are an app designed to do that. What is surprising is when an app that knows they are collecting this much super sensitive, personal, and health related data then goes on to say they can use some of the data for targeted, interest-based advertising purposes or share with "professional advisors" which they say can include "lawyers, auditors, bankers and insurers," or their vague list of affiliates which can include "corporate parent, subsidiaries, and affiliates." That's a lot of potential data sharing with a lot of potential third parties.
Glow also states in their privacy policy that they can collect even more information about you from third-parties sources such as social media and combine that with what they collect on you. They say, "We may combine personal information we receive from you with personal information we obtain from other sources, such as social media accounts ..." This is where we remind you to never, ever log into an account with a social media login like Facebook. It's bad privacy news where even more of your data can be shared with both the social media site and the company. Glow is also a little too vague for our liking in that statement about collecting data from third parties sources. They say they "may" combine data from third party sources "such as" social media accounts. Which seems to indicate to us they could also being collecting data from other third parties sources, for example, data brokers or public sources. Gross.
All of these are some serious privacy red flags we aren't happy about at all. And then there is the question of how Glow says they might share your information with law enforcement. Their privacy policy mentions that in a couple of places where they say, "We may use your personal information to ... comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities." And they say they may share your personal information with "Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes..." This leaves us feeling wary as it seems to indicate Glow might give up a users' data through voluntary disclosure, which is a policy we really don't like here at Mozilla. We much prefer when companies state they won't give up user data to law enforcement unless required to under subpoena, and even then, we like to see them commit to only giving up the bare minimum necessary.
What's the worst that could happen with Glow? Way too much, we're afraid. We'd say this product comes with *Privacy Not Included and recommend you look elsewhere for a privacy protecting period and fertility tracking app. We just don't believe users can or should trust Glow to respect and protect their privacy, no matter what the company states on Twitter or in a press response.
Tipps zu Ihrem Schutz
- Enable multi-factor authentication to protect your account
- In the app settings under "Personal privacy security and data" make sure to uncheck the box for "Internet-based ads."
- Do not connect Samsung Health, GoogleFit or Apple Health or other wearables to the app.
- Chose a strong password! You may use a password control tool like 1Password, KeePass, etc.
- Use your device privacy controls to limit access to your personal information via app (do not give access to your precise location, camera, microphone, images and videos, other files).
- Keep your app regularly updated.
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization).
- Request your data be deleted once you stop using the app. Simply deleting an app from your device does not erase your personal data.
Kann es mich ausspionieren?
Kamera
Gerät: Nicht verfügbar
App: Ja
Mikrofon
Gerät: Nicht zu bestimmen
App: Ja
Verfolgt den Standort
Gerät: Nicht zu bestimmen
App: Ja
Was kann zur Registrierung verwendet werden?
E-Mail-Adresse
Ja
Telefonnummer
Nein
Drittanbieter-Konto
Ja
Welche Daten sammelt das Unternehmen?
Persönliche
Name, email address, date of birth and mobile phone number, location (e.g., city, state, country), precise geolocation (if you allow), ethnicity, gender, relationship status, interests, preferred language, occupation and insurance type.
Körperbezogen
"Information about your physical attributes, sexual orientation, fertility, pregnancy, sexual activity, menstrual activity, sleep activity, mood, health conditions, medications, and number of children. If you connect, body-related data collected through your mobile health apps, such as Apple HealthKit, Samsung Health, Google Fit, MyFitnessApp, which may include any information you chose to store in those apps, subject to your preferences for those apps. "
Soziale
Wie nutzt das Unternehmen die Daten?
Wie können Sie Ihre Daten kontrollieren?
Wie ist das Unternehmen in der Vergangenheit mit den Daten über seine Verbraucher umgegangen?
In 2020, California settled with Glow app over alleged violations of California’s Confidentiality of Medical Information Act (“CMIA”), the Unfair Competition Law (“UCL”), and the False Advertising Law (“FAL”). In addition to a $250,000 civil penalty, the settlement included injunctive terms that require Glow to comply with state consumer protection and privacy laws, and a first-ever injunctive term that requires Glow to consider how privacy or security lapses may uniquely impact women.
The Attorney General's complaint alleged the Glow app:
- Failed to adequately safeguard health information;
- Allowed access to user’s information without the user’s consent; and
- Additional security problems with the app's password change function could have allowed third parties to reset user account passwords and access information in those accounts without user consent.
Already in 2016, a Consumer Reports investigation singled out Glow Inc. for privacy and security flaws.
Informationen zum Datenschutz bei Kindern
Kann dieses Produkt offline genutzt werden?
Benutzerfreundliche Informationen zum Datenschutz?
Links zu Datenschutzinformationen
Erfüllt dieses Produkt unsere Mindestsicherheitsstandards?
Verschlüsselung
Sicheres Passwort
Sicherheits-Updates
Umgang mit Schwachstellen
You can submit vulnerabilities here: https://glowing.com/security. Glow shares more information for security researcher on a security page on their website.
Datenschutzrichtlinie
Glow predicts women's chance/risk of pregnancy with machine-learning technology.
Ist diese KI nicht vertrauenswürdig?
Welche Entscheidungen trifft die KI über Sie oder für Sie?
Gibt das Unternehmen transparent an, wie die KI funktioniert?
Hat der Benutzer die Kontrolle über die KI-Funktionen?
Tauchen Sie tiefer ein
-
Serious Privacy Flaws Discovered In Glow Fertility Tracker AppTechCrunch
-
Glow Pregnancy App Exposed Women to Privacy Threats, Consumer Reports FindsConsumer Reports
-
Attorney General Becerra Announces Landmark Settlement Against Glow, Inc. – Fertility App Risked Exposing Millions of Women’s Personal and Medical InformationState of California Department of Justice Office of the Attorney General
-
California Settles with Glow App Over Alleged Privacy and Security ViolationsWilmerHale
-
Supreme Court overturns Roe v. Wade: Should you delete your period-tracking app?TechCrunch
-
‘Delete every digital trace of any menstrual tracking’: Are period-tracking apps safe to use in a post-Roe world?MarketWatch
-
Forget Tracking Your Period—Your Period (App) Is Tracking YouMarie Claire
-
Fertility and Period Apps Can Be Weaponized in a Post-Roe WorldWired
-
The data flows: How private are popular period tracker apps?Surfshark
-
Supreme Court overturns Roe v. Wade: Should you delete your period-tracking app?TechCrunch
Kommentare
Möchten Sie einen Kommentar loswerden? Schreiben Sie uns.