Maya Period, Fertility, Ovulation, & Pregnancy

Warning: *privacy not included with this product

Maya Period, Fertility, Ovulation, & Pregnancy

Plackal Tech
Wi-Fi

Review date: Aug. 9, 2022

|
|

Mozilla says

|
People voted: Super creepy

Nope. That's the first word that comes to mind after researching this period and fertility tracking app made by India-based Plackal Tech. There is not a privacy or security ding we didn't assign to this period and fertilizing tracking app that says it makes tracking periods fun and easy. Free to download, Maya has some premium features users have to pay that cost around $4 a year. Maya tracks all sorts of things like sexual activity, period frequency, weight, body temperature, period symptoms, mood, and more. Unfortunately, Maya has a spotty track record of protecting all this very personal data it collects on their users. 2019 research by Privacy International found they shared lots of this personal, health information with Facebook. Yuck. That's the second word that comes to mind now when we think of this app.

What could happen if something goes wrong?

Things your privacy researchers really don't like about Maya's period and fertility tracking app. One, they bury their privacy policy in their Terms of Service doc, making it really hard for an average person to find. Boo! Two, consent to use your personal information for the all the purposes they want seems to comes when you visit the platform and/or provide your information. Users might not realize they've given consent simply by doing those things. And there there is this gem mentioned in their privacy policy that raises eyebrows when it comes to consent, "You acknowledge and agree that even if You are not a registered User with Us, We may collect information about You, if a registered User has provided Us with Your information to facilitate services." Yuck!

Three, while they do say they won't share personal information about identifiable individuals to advertisers, they do say they do say they can share aggregate and/or anonymised information "to help advertisers reach the kind of audience they want to target" And they make use information the collect on you "to comply with our advertisers’ wishes by displaying their advertisement to that target audience." Maya goes on to say they can share users' information with sponsors, and/or business partners to send "newsletters, offers, information about new services, and other information." So, your information is potentially being shared with a fair amount of third parties and advertisers to reach you with more offers and even targeted ads. That's not so great.

Four, we also ding Maya because they don't mention any data retention details in their privacy policy. They do say users can delete their information from the app though, so if you use this app, maybe sure you reach out them and ask them to delete all your personal information. We're not sure they would do so otherwise.

All this is bad, but it's not the worst. The worst is yet to come!

Maya doesn't meet our Minimum Security Standards for a couple of reasons. First, they allow the super duper weak password of "1" to login to their app. Very bad form. And two, because we just couldn't tell if they do things like use strong encryption and have a way to manage security vulnerabilities.

But really, the worst thing Maya has done when it comes to protecting and respecting their user's privacy is when Privacy International discovered in 2019 that they were sharing some VERY personal information of their users with Facebook. BuzzFeed News reported Privacy International found Maya shared user data such as when a user last had sex, their use of contraception, the timing of their periods, their moods, and what symptoms they had such as cramping and swelling. Ick! Uhg! Bad! The report also found some data was being shared with Facebook even before a user had the change to agree to the app's privacy policy. When called out about sharing all this data, Maya responded by pointing out they it doesn't share any personally identifiable data with Facebook. Yeah, no. This is data that should never be shared with Facebook, ever. It also seems like data that wouldn't be super hard to re-identify.

Given all these knocks against Maya — they collect a metric ton of very personal information, they share that information with lots of places, they don't tell users how long they can retain that information, they only require a very weak password of "1" and don't meet our Minimum Security Standards, and they have a pretty bad track record of protecting their user's personal information, we'd say there is a whole lot that could go wrong if you use this app to track your periods and fertilizing. We have to say, Maya almost certainly comes with *Privacy Not Included.

Tips to protect yourself

  • Add an App lock for your calendar if someone else might be using your phone/other device
  • When you no longer use the app, go to "Delete account" in the app menu
  • Chose a strong password! You may use a password control tool like 1Password, KeePass etc. The app will not prompt you to use a strong password.
  • Do not give access to your location in the app! When asked to provide location in the sign-up, first click 'Enable' and then chose 'Do not give location' in the drop down. Yes, very misleading!
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images and videos)
  • Keep your app regularly updated
  • Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
mobile Privacy warning Security warning A.I.

Can it snoop on me? information

Camera

Device: N/A

App: Yes

Microphone

Device: N/A

App: No

Tracks location

Device: N/A

App: Yes

What can be used to sign up?

What data does the company collect?

How does the company use this data?

We ding this product for sharing some data for targeted advertising (although not personally identifiable), for sharing your personal information "with their sponsors, and/or business partners" and for unclear purposes ("may be analysed in different manners")

"We may share Your information with our sponsors, and/or business partners. Your Information could be shared so that you may receive newsletters, offers, information about new services, and other information, if applicable. The information collected from You and other users may be analysed in different manners."

"We do not disclose personal information about identifiable individuals to advertisers, but We may provide them with aggregate and/or anonymised information about our Users to help advertisers reach the kind of audience they want to target. We may make use of the information We have collected from You to enable Us to comply with our advertisers’ wishes by displaying their advertisement to that target audience."

"By visiting our Platforms and/or by providing Your information, You consent to the collection and use of the information You disclose on our Platforms in accordance with this Privacy Policy, including but not limited to, your consent for sharing your information as per this Privacy Policy. You acknowledge and agree that even if You are not a registered User with Us, We may collect information about You, if a registered User has provided Us with Your information to facilitate services."

How the company says they may share data with law enforcement:

"We share Your information with payment service providers and regulatory authorities in the event of any request from such authorities."

"We may disclose Your personal information if required to do so by law or in the good faith belief that such disclosure is reasonably necessary to respond to subpoenas, court orders, or other legal process. We may disclose personal information to law enforcement offices, third party rights owners, or others in the good faith belief that such disclosure is reasonably necessary to enforce our Terms or Privacy Policy; respond to claims that an advertisement, posting or other content violates the rights of a third party; or protect the rights, property or personal safety of our Users or the general public."

How can you control your data?

We ding this product as it is unclear what the retention details are for data if a user never asks the company to delete their data, but simply stopped using the app.

"If You choose to unsubscribe from the Application or delete any or all of your information, you may send an email to [email protected] Please note, We may still retain some information and record of transactions as required by any law, contract or policy applicable to Us."

A user can delete their account in the app.

What is the company’s known track record of protecting users’ data?

Needs Improvement

In 2019, UK-based advocacy group Privacy International discovered period-tracking apps including Maya sent women’s use of contraception, the timings of their monthly periods, symptoms like swelling and cramps, and more, directly to Facebook.

Before users could even agree to the apps’ privacy policies, Maya started sharing some data as soon they were opened, according to Privacy International.

Child Privacy Information

No children privacy information found in the Privacy Policy

Can this product be used offline?

Yes

User-friendly privacy information?

No

Privacy policy is buried in their terms of use document and hard to find on their website.

Links to privacy information

Does this product meet our Minimum Security Standards? information

No

Encryption

Can’t Determine

Strong password

No

Managed to sign up with "1" as a password

Security updates

Yes

Manages vulnerabilities

Can’t Determine

Privacy policy

Yes

Does the product use AI? information

Can’t Determine

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

Is the company transparent about how the AI works?

Can’t Determine

Does the user have control over the AI features?

Can’t Determine

*privacy not included

Dive Deeper

Comments

Got a comment? Let us hear it.