Warning: *Privacy Not Included with this product
Glow & Eve by Glow
Glow Inc makes four different sex, period, fertility, ovulation, pregnancy, and baby tracking apps they say cover everything from "period to parenting." There is Glow (fertility), Nurture (pregnancy), Baby (babies), and Eve by Glow (period & sex life). All four apps use the same privacy policy.
Glow's two period/fertility/sex tracking apps say they give you things like a period tracker, sex & health log, fertility calendar, health log, sex quizzes, PMS symptom and mood tracking, ovulation calendar, community forums, and more. That's a whole lot of personal, sensitive health data they collect to help users get pregnant, not get pregnant, or just know more about their reproductive health. So, does Glow glow when it comes to protecting their users' privacy? Not exactly. Heck, not even close.
What could happen if something goes wrong?
Uhg, Glow. This will not be a glowing review because Glow raises a whole lot of privacy concerns for us. Where to start?
There's the big old bunch of trouble they got into back in 2020 after Consumer Reports found lots of problems with Glow's privacy and security. And then California settled with them in a case where they were allegedly failing to "adequately safeguard health information," "allowed access to user's information without the user's consent," and had security problems that "could have allowed third parties to reset user account passwords and access information in those accounts without user consent." Very very bad.
And then there's the dishonesty this privacy researcher was really irked by when she reviewed the data privacy information the company shared on its Google Play store data safety page. There they make the claim: "No data shared with third parties. The developer says this app doesn't share user data with other companies or organizations." This claim is easily shown to be false with a read of their privacy policy where they outline sharing data with lots of third party advertisers, business partners, and professional advisors (which seems way beyond the scope of what Google says constitutes what needs to be declared for data sharing.) Misleading and dishonest data safety claims are a HUGE pet peeve of us here at *Privacy Not Included. Unfortunately, with what we've seen so far on Google's new Play store data safety information pages, this self-reported data from companies is too often inaccurate. Glow isn't the only one making misleading claims there.
Glow does state clearly in their privacy policy that they can collect a whole bunch of personal, usage, and health information on their users. Things like name, email, precise location, spouse's name, sexual orientation, health care providers' names, child information, mood, medications, and, of course, sexual activity, fertility, and menstrual cycle information. That's a whole lot of information they can collect, which is not surprising. They are an app designed to do that. What is surprising is when an app that knows they are collecting this much super sensitive, personal, and health related data then goes on to say they can use some of the data for targeted, interest-based advertising purposes or share with "professional advisors" which they say can include "lawyers, auditors, bankers and insurers," or their vague list of affiliates which can include "corporate parent, subsidiaries, and affiliates." That's a lot of potential data sharing with a lot of potential third parties.
Glow also states in their privacy policy that they can collect even more information about you from third-parties sources such as social media and combine that with what they collect on you. They say, "We may combine personal information we receive from you with personal information we obtain from other sources, such as social media accounts ..." This is where we remind you to never, ever log into an account with a social media login like Facebook. It's bad privacy news where even more of your data can be shared with both the social media site and the company. Glow is also a little too vague for our liking in that statement about collecting data from third parties sources. They say they "may" combine data from third party sources "such as" social media accounts. Which seems to indicate to us they could also being collecting data from other third parties sources, for example, data brokers or public sources. Gross.
All of these are some serious privacy red flags we aren't happy about at all. And then there is the question of how Glow says they might share your information with law enforcement. Their privacy policy mentions that in a couple of places where they say, "We may use your personal information to ... comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities." And they say they may share your personal information with "Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes..." This leaves us feeling wary as it seems to indicate Glow might give up a users' data through voluntary disclosure, which is a policy we really don't like here at Mozilla. We much prefer when companies state they won't give up user data to law enforcement unless required to under subpoena, and even then, we like to see them commit to only giving up the bare minimum necessary.
What's the worst that could happen with Glow? Way too much, we're afraid. We'd say this product comes with *Privacy Not Included and recommend you look elsewhere for a privacy protecting period and fertility tracking app. We just don't believe users can or should trust Glow to respect and protect their privacy, no matter what the company states on Twitter or in a press response.
Tips to protect yourself
- Enable multi-factor authentication to protect your account
- In the app settings under "Personal privacy security and data" make sure to uncheck the box for "Internet-based ads."
- Do not connect Samsung Health, GoogleFit or Apple Health or other wearables to the app.
- Chose a strong password! You may use a password control tool like 1Password, KeePass, etc.
- Use your device privacy controls to limit access to your personal information via app (do not give access to your precise location, camera, microphone, images and videos, other files).
- Keep your app regularly updated.
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization).
- Request your data be deleted once you stop using the app. Simply deleting an app from your device does not erase your personal data.
Can it snoop on me?
Camera
Device: N/A
App: Yes
Microphone
Device: Can’t Determine
App: Yes
Tracks location
Device: Can’t Determine
App: Yes
What can be used to sign up?
Yes
Phone
No
Third-party account
Yes
What data does the company collect?
Personal
Name, email address, date of birth and mobile phone number, location (e.g., city, state, country), precise geolocation (if you allow), ethnicity, gender, relationship status, interests, preferred language, occupation and insurance type.
Body related
"Information about your physical attributes, sexual orientation, fertility, pregnancy, sexual activity, menstrual activity, sleep activity, mood, health conditions, medications, and number of children. If you connect, body-related data collected through your mobile health apps, such as Apple HealthKit, Samsung Health, Google Fit, MyFitnessApp, which may include any information you chose to store in those apps, subject to your preferences for those apps. "
Social
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
In 2020, California settled with Glow app over alleged violations of California’s Confidentiality of Medical Information Act (“CMIA”), the Unfair Competition Law (“UCL”), and the False Advertising Law (“FAL”). In addition to a $250,000 civil penalty, the settlement included injunctive terms that require Glow to comply with state consumer protection and privacy laws, and a first-ever injunctive term that requires Glow to consider how privacy or security lapses may uniquely impact women.
The Attorney General's complaint alleged the Glow app:
- Failed to adequately safeguard health information;
- Allowed access to user’s information without the user’s consent; and
- Additional security problems with the app's password change function could have allowed third parties to reset user account passwords and access information in those accounts without user consent.
Already in 2016, a Consumer Reports investigation singled out Glow Inc. for privacy and security flaws.
Child Privacy Information
Can this product be used offline?
User-friendly privacy information?
Links to privacy information
Does this product meet our Minimum Security Standards?
Encryption
Strong password
Security updates
Manages vulnerabilities
You can submit vulnerabilities here: https://glowing.com/security. Glow shares more information for security researcher on a security page on their website.
Privacy policy
Glow predicts women's chance/risk of pregnancy with machine-learning technology.
Is this AI untrustworthy?
What kind of decisions does the AI make about you or for you?
Is the company transparent about how the AI works?
Does the user have control over the AI features?
Dive Deeper
-
Serious Privacy Flaws Discovered In Glow Fertility Tracker AppTechCrunch
-
Glow Pregnancy App Exposed Women to Privacy Threats, Consumer Reports FindsConsumer Reports
-
Attorney General Becerra Announces Landmark Settlement Against Glow, Inc. – Fertility App Risked Exposing Millions of Women’s Personal and Medical InformationState of California Department of Justice Office of the Attorney General
-
California Settles with Glow App Over Alleged Privacy and Security ViolationsWilmerHale
-
Supreme Court overturns Roe v. Wade: Should you delete your period-tracking app?TechCrunch
-
‘Delete every digital trace of any menstrual tracking’: Are period-tracking apps safe to use in a post-Roe world?MarketWatch
-
Forget Tracking Your Period—Your Period (App) Is Tracking YouMarie Claire
-
Fertility and Period Apps Can Be Weaponized in a Post-Roe WorldWired
-
The data flows: How private are popular period tracker apps?Surfshark
-
Supreme Court overturns Roe v. Wade: Should you delete your period-tracking app?TechCrunch
Comments
Got a comment? Let us hear it.