Period Tracker

Warning: *Privacy Not Included with this product

Period Tracker

Review date: Aug. 9, 2022

|
|

Mozilla says

|
People voted: Very creepy

The apt, if rather boring, named period tracking app Period Tracker claims to be "the easiest way to track your periods!" We don't know about that. We do know they app lets you track your period, know your fertility window, let's you track things like mood, symptoms, and intimacy. And the app comes with a disclaimer in the app store that says, "Disclaimer: Period Tracker period and fertility forecasts may not be accurate and should not be used to prevent unwanted pregnancy." So there's that.

Period Tracker developer GP Apps seems to be a small app developer that makes one other app, a weight loss app called Resist. What does all this mean for Period Tracker privacy? Well, the short, rather vague privacy policy we found for Period Tracker actually left us with more questions than answers, which is never a good thing for anything that collects personal and health related data.

What could happen if something goes wrong?

Being a privacy researcher means reading lots and lots of privacy policies, security documents, and FAQ pages. So when I stumbled across Period Tracker FAQ page, I was rather excited to see a question smack in the middle of the page with the question, "Does Period Tracker sell or share my data with any third parties?" I love it when I find privacy information on FAQ pages! Imagine my disappointment when I clicked on that link and up popped the dreaded "This page doesn't seem to exist." page. Bother! So, back to the privacy policy I head to try and find out if Period Tracker does, indeed, share data with third parties. I wasn't feeling too great about things given the broken link on their FAQ page.

So, does Period Tracker share your data with third parties? The answer seems to be yes, but maybe not too much. Here's what we found. Period Tracker's privacy policy says they share data you directly input into the app under certain circumstances like with "trusted service providers" and "as required by law, such as to comply with a subpoena, or similar legal process," and "when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, or to investigate fraud." So, they may share the personal info you input into the app with third parties, but probably (hopefully) not with advertisers.

On that front they say, "We work with advertisers and third party advertising networks, who need to know how you interact with advertising provided in the Application which helps us keep the cost of the Application low. Advertisers and advertising networks use some of the information collected by the Application, including, but not limited to, the unique advertising ID of your mobile device. Data directly inputted by users (ie., periods, notes, email, account info, etc) is not shared with advertisers." So, it seems Period Tracker does share some data with advertisers, but many not things like when your period starts or what your mood is. Still, they do share data with advertisers to target you with ads, which we don't love.

And Period Tracker does say they will share data with law enforcement, but their statement of when and why they do that is a little too vague for our comfort. We would love to see them state clearly that they only share data when required by law enforcement through subpoena and not leave any open questions that they might share data with law enforcement through voluntary disclosure, which we here at Mozilla don't like as a policy.

The biggest concern with have with Period Tracker, alongside their rather short, vague, boilerplate privacy policy, is that their security measures don't meet our Minimum Security Standards. We were able to set the app up using the weak password "1111," which isn't good at all if you're trying to protect sensitive health information on your phone. We also couldn't confirm if they use encryption, which isn't great either, you want the data you share with them to be encrypted in transit and at rest where they store it. We emailed the company three times at the email address listed in their privacy policy for privacy related questions and never received a response. Again, not great. So, we'd say this line in their privacy policy is a good reminder to beware of sharing personal information with this app, "Please be aware that, although we endeavor provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches."

Is Period Tracker the worst period tracking app we reviewed? No, it doesn't seem so. Does it raise red flags for us from a privacy perspective. Yes, absolutely. Their privacy policy is short and vague and leaves us with questions. The privacy question on the FAQ page leads to a broken link, which tells us they aren't super into keeping their privacy information updated for their users. Their security measures are questionable and don't meet our Minimum Security Standards. And they aren't responsive to privacy-related questions. What's the worst that could happen? Well, here's hoping you don't share your period frequency and moods and symptoms with this app and then have that data leaked on the dark web through a security breach where it could be bought up by "anti-abortion activists" looking for data they could us to out someone who may have had an abortion. That would suck really really bad. Here's hoping that never happens.

Tips to protect yourself

  • Do not register for the app if you do not want your email collected
  • Follow these instructions to delete all past information from the app.
  • Add an app passcode if your device might end up in the wrong hands
  • Chose a strong password! You may use a password control tool like 1Password, KeePass etc
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your precise location, camera, microphone, images and videos, other files)
  • Keep your app regularly updated
  • Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
  • Request your data be deleted once you stop using the app. Simply deleting an app from your device does not erase your personal data.
  • mobile

Can it snoop on me? information

Camera

Device: N/A

App: No

Microphone

Device: N/A

App: No

Tracks location

Device: N/A

App: No

What can be used to sign up?

What data does the company collect?

How does the company use this data?

This app doesn't share personally identifiable data such as name or email. However, "Information that is collected automatically may be shared with advertisers and third party advertising networks and analytics companies." Such data may include type of mobile device you use, your mobile devices unique device ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browsers you use, and information about the way you use the Application.

"Data directly inputted by users (ie., periods, notes, email, account info, etc) is not shared with advertisers."

How the company says they may share data with law enforcement:
"Information that users directly input into The Application is not shared with any third parties unless […] as required by law, such as to comply with a subpoena, or similar legal process"

How can you control your data?

We ding this app because Privacy Policy does not mention GDPR or CCPA rights. There is no contact provided in the Privacy Policy for data deletion that could be used by all users.

"If you’d like us to delete User Provided Data that you have provided via the Application, you may delete your account and associated data by going to the app settings, account page, and select delete account. This will delete your account and associated data from our servers. Deleting the native app on your phone will also delete any app data your phone holds."

"We will retain User Provided data for as long as you use the Application and for a reasonable time thereafter. We will retain Automatically Collected information for up to 24 months and thereafter may store it in aggregate. Please note that some or all of the User Provided Data may be required in order for the Application to function properly."

What is the company’s known track record of protecting users’ data?

Average

No known privacy or security incidents discovered in the last 3 years.

Child Privacy Information

The app do not use the Application to knowingly solicit data from or market to children under the age of 13 (or under the age of 16 for individuals residing in the European Union). If a parent or guardian becomes aware that his or her child has provided them with information without their consent, he or she should contact the app at https://gpapps.com/feedback-contact-us/.

Can this product be used offline?

Yes

User-friendly privacy information?

No

Links to privacy information

Does this product meet our Minimum Security Standards? information

No

Encryption

Can’t Determine

Strong password

No

Managed to sign up with "1111" as a password

Security updates

Yes

Manages vulnerabilities

Yes

Privacy policy

Can’t Determine

Does the product use AI? information

Can’t Determine

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

Is the company transparent about how the AI works?

Can’t Determine

Does the user have control over the AI features?

Can’t Determine

*Privacy Not Included

Dive Deeper

  • Congress to Investigate Data Brokers and Period Tracking Apps
    Vice Link opens in a new tab
  • Consumers swap period tracking apps in search of increased privacy following Roe v. Wade ruling
    TechCrunch Link opens in a new tab
  • The data flows: How private are popular period tracker apps?
    Surfshark Link opens in a new tab
  • FemTech: My Body, My Data, Their Rules
    Eticas Foundation Link opens in a new tab
  • Should You Really Delete Your Period Tracking App?
    Electronic Frontier Foundation Link opens in a new tab
  • Fertility and Period Apps Can Be Weaponized in a Post-Roe World
    Wired Link opens in a new tab
  • Should I delete my period app? And other post-Roe privacy questions.
    Vox Link opens in a new tab

Comments

Got a comment? Let us hear it.