Warning: *Privacy Not Included with this product
Period Tracker
The apt, if rather boring, named period tracking app Period Tracker claims to be "the easiest way to track your periods!" We don't know about that. We do know they app lets you track your period, know your fertility window, let's you track things like mood, symptoms, and intimacy. And the app comes with a disclaimer in the app store that says, "Disclaimer: Period Tracker period and fertility forecasts may not be accurate and should not be used to prevent unwanted pregnancy." So there's that.
Period Tracker developer GP Apps seems to be a small app developer that makes one other app, a weight loss app called Resist. What does all this mean for Period Tracker privacy? Well, the short, rather vague privacy policy we found for Period Tracker actually left us with more questions than answers, which is never a good thing for anything that collects personal and health related data.
What could happen if something goes wrong?
Being a privacy researcher means reading lots and lots of privacy policies, security documents, and FAQ pages. So when I stumbled across Period Tracker FAQ page, I was rather excited to see a question smack in the middle of the page with the question, "Does Period Tracker sell or share my data with any third parties?" I love it when I find privacy information on FAQ pages! Imagine my disappointment when I clicked on that link and up popped the dreaded "This page doesn't seem to exist." page. Bother! So, back to the privacy policy I head to try and find out if Period Tracker does, indeed, share data with third parties. I wasn't feeling too great about things given the broken link on their FAQ page.
So, does Period Tracker share your data with third parties? The answer seems to be yes, but maybe not too much. Here's what we found. Period Tracker's privacy policy says they share data you directly input into the app under certain circumstances like with "trusted service providers" and "as required by law, such as to comply with a subpoena, or similar legal process," and "when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, or to investigate fraud." So, they may share the personal info you input into the app with third parties, but probably (hopefully) not with advertisers.
On that front they say, "We work with advertisers and third party advertising networks, who need to know how you interact with advertising provided in the Application which helps us keep the cost of the Application low. Advertisers and advertising networks use some of the information collected by the Application, including, but not limited to, the unique advertising ID of your mobile device. Data directly inputted by users (ie., periods, notes, email, account info, etc) is not shared with advertisers." So, it seems Period Tracker does share some data with advertisers, but many not things like when your period starts or what your mood is. Still, they do share data with advertisers to target you with ads, which we don't love.
And Period Tracker does say they will share data with law enforcement, but their statement of when and why they do that is a little too vague for our comfort. We would love to see them state clearly that they only share data when required by law enforcement through subpoena and not leave any open questions that they might share data with law enforcement through voluntary disclosure, which we here at Mozilla don't like as a policy.
The biggest concern with have with Period Tracker, alongside their rather short, vague, boilerplate privacy policy, is that their security measures don't meet our Minimum Security Standards. We were able to set the app up using the weak password "1111," which isn't good at all if you're trying to protect sensitive health information on your phone. We also couldn't confirm if they use encryption, which isn't great either, you want the data you share with them to be encrypted in transit and at rest where they store it. We emailed the company three times at the email address listed in their privacy policy for privacy related questions and never received a response. Again, not great. So, we'd say this line in their privacy policy is a good reminder to beware of sharing personal information with this app, "Please be aware that, although we endeavor provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches."
Is Period Tracker the worst period tracking app we reviewed? No, it doesn't seem so. Does it raise red flags for us from a privacy perspective. Yes, absolutely. Their privacy policy is short and vague and leaves us with questions. The privacy question on the FAQ page leads to a broken link, which tells us they aren't super into keeping their privacy information updated for their users. Their security measures are questionable and don't meet our Minimum Security Standards. And they aren't responsive to privacy-related questions. What's the worst that could happen? Well, here's hoping you don't share your period frequency and moods and symptoms with this app and then have that data leaked on the dark web through a security breach where it could be bought up by "anti-abortion activists" looking for data they could us to out someone who may have had an abortion. That would suck really really bad. Here's hoping that never happens.
Tips to protect yourself
- Do not register for the app if you do not want your email collected
- Follow these instructions to delete all past information from the app.
- Add an app passcode if your device might end up in the wrong hands
- Chose a strong password! You may use a password control tool like 1Password, KeePass etc
- Use your device privacy controls to limit access to your personal information via app (do not give access to your precise location, camera, microphone, images and videos, other files)
- Keep your app regularly updated
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
- Request your data be deleted once you stop using the app. Simply deleting an app from your device does not erase your personal data.
Can it snoop on me?
Camera
Device: N/A
App: No
Microphone
Device: N/A
App: No
Tracks location
Device: N/A
App: No
What can be used to sign up?
Yes
Phone
No
Third-party account
No
What data does the company collect?
Personal
Email address, if you chose to register
Body related
Periods
Social
Contacts, if you allow access to them
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
No known privacy or security incidents discovered in the last 3 years.
Child Privacy Information
Can this product be used offline?
User-friendly privacy information?
Links to privacy information
Does this product meet our Minimum Security Standards?
Encryption
Strong password
Managed to sign up with "1111" as a password
Security updates
Manages vulnerabilities
Privacy policy
Dive Deeper
-
Congress to Investigate Data Brokers and Period Tracking AppsVice
-
Consumers swap period tracking apps in search of increased privacy following Roe v. Wade rulingTechCrunch
-
The data flows: How private are popular period tracker apps?Surfshark
-
FemTech: My Body, My Data, Their RulesEticas Foundation
-
Should You Really Delete Your Period Tracking App?Electronic Frontier Foundation
-
Fertility and Period Apps Can Be Weaponized in a Post-Roe WorldWired
-
Should I delete my period app? And other post-Roe privacy questions.Vox
Comments
Got a comment? Let us hear it.