Advertencia: *Privacidad no incluida con este producto
The good news with the Preglife Pregnancy tracking app — which has things like a contraction counter, pregnancy journal, week to week baby development, tips for pregnant women and their partners, photos of the growing baby, and much more — is that it is created by a Sweden-based company. That means stricter privacy laws are the default thanks to Europe's stricter privacy law known as GDPR. According to Preglife, this app is "used by 90% of mothers-to-be in Sweden" and Sweden has "an almost zero maternal death rate." All that sounds great! And this app does seem to do well from what we can tell from a privacy perspective. However, we had to give it our *Privacy Not Included warning label because it doesn't meet our Minimum Security Standards because it has a fairly weak password requirement. That's a bummer because it has one of the better privacy policies we've read for pregnancy apps.
¿Qué podría pasar si algo falla?
As a privacy researcher, it sure is nice (and rare) to read a privacy policy where you can tell the company is trying to actually protect their users' privacy. Preglife's privacy policy is solid. This Sweden-based company does seem to care about, and think through how to protect, their users' privacy. They say they will never share or sell any of your data to third parties unless required to by law or as stipulated in a short list of instances in their privacy policy. We'd love to see that "as required by law" statement clarified a bit more to make it clear they won't do any voluntary disclosure of information to law enforcement. We also understand that at company based in Sweden is potentially going to be less likely to share data with US law enforcement under most circumstances (we hope!).
All in all, Preglife's privacy policy doesn't worry us too much. The best part is they say that users can chose to not register for an account and still use the app. This means that all the personal information you enter into the app will be stored locally on your device and not be processed by Preglife. That's great! It does mean that you won't be able to access that data from another device or retrieve it if it gets accidentally deleted. These feel like small trade-offs to make to protect your personal information though. If you do chose to register for a Preglife account, Preglife says to their Google Play store data safety page they can collect things like email address, user ID, address, and phone number and share that data with third-parties for account management, but hopefully not for advertising purposes.
Preglife's privacy policy also has an entire section on consent, which is amazing and another rare thing to find in privacy policies these days, from our experience. They make it clear when and for what consent is required, which is super nice. Because users can enter a good amount of personal information into Preglife if they chose. Things like email address, estimated due date, data about your child like birth date and age, pictures, pregnancy diary notes, and more. Fortunately, users can choose to not register with the app and keep all this personal information stored locally on their phone where Preglife won't process it.
They do say they "may share aggregate demographic information about Preglife members with third-party organizations and companies as well as with the authorities, Such information cannot be used to identify individual Users" and "We may also share information at aggregate levels with third parties that carry out analyses on our behalf." This is fairly common and aggregate demographic data is, hopefully, better than de-identified user data. Still, it's a good time to slip in this reminder that it has been found to be pretty easy to de-anonymize data, especially if location data is included.
Unfortunately, Preglife does slip up when it comes to their security practices. When we downloaded the device, we found we were able to create and login with the weak password "111111". That's not great. We would love to see them require a stronger password and if you do use this app, please use a stronger password. This weak password requirement, as well as the fact that we were unable to confirm they use encryption at transit and at rest and they have a way to manage security vulnerabilities, means they don't meet our Minimum Security Standards. We did email them four times asking for answers to our privacy-related questions at the address listed in their privacy policy. Unfortunately we never heard back from them, which is a bummer, we love to see companies be more responsive to privacy-related questions from both us and from their users.
What's the worst that could happen with Preglife? Well, we'd hate to see a user download this app because the company does seem to do pretty good with respecting their users' privacy, set the app up and use "111111" as a crappy, weak password, the phone falls into the wrong hands after a miscarried pregnancy, and someone is able to guess the password, access all that personal information, and use against it against someone to raise questions about why their pregnancy ended. No one needs that after the tragedy of a miscarriage. We really hope that never happens! Please always use strong password people!
Consejos para protegerte
- Choose not to register yourself as a User. You can still access and use the app, however, all data will be stored locally and personal information will not be processed by Preglife. The only downside is you will not be able to access the data saved to an account on another device.
- When you no longer use the app, go to "Delete account" in the app menu
- Never enter data for another user in the app without their consent
- Chose a strong password! You may use a password control tool like 1Password or KeePass
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images and videos)
- Keep your app regularly updated
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
¿Me puede espiar?
Cámara
Dispositivo: No aplica
Aplicación: No
Micrófono
Dispositivo: No aplica
Aplicación: No
Rastrea la ubicación
Dispositivo: No aplica
Aplicación: No
¿Qué se puede usar para registrarse?
Correo electrónico
Sí
Teléfono
No
Cuenta de terceros
No
¿Qué datos recopila la empresa?
Información personal
Información biométrica
Estimated due date, data about the child, medical conditions, vaccines and other health-related data. All usage of the application is done voluntarily and it is always you as User who decides which information you want to enter.
Información social
¿Cómo utiliza la empresa estos datos?
¿Cómo puedes controlar el uso de tus datos?
¿Qué historial tiene la compañía en cuanto a la protección de los datos de los usuarios?
No known privacy or security incidents discovered in the last 3 years.
Información sobre privacidad infantil
¿El producto se puede usar sin conexión?
¿La información de privacidad es fácil de entender?
Enlaces a información de privacidad
¿El producto cumple nuestros estándares mínimos de seguridad?
Cifrado
According to self-reported information from the company in the Google Play store, this app encrypts data in transit. We were unable to confirm they encrypt any data they store on you at rest on their servers.
Contraseña fuerte
Managed to log in with '111111'. There is at least a requirement for 6 digits minimum.
Comentarios
¿Tienes algún comentario? Queremos escucharte.