Attention : *confidentialité non incluse avec ce produit
Ovia Health, which describes itself in a rather wonky way as "the digital platform transforming episodic care into continuous support while improving family wellbeing and fostering positive outcomes," offers up three apps to help you on your reproductive health journey. There's Ovia Fertility, Ovia Pregnancy, and Ovia Parenting.
Ovia's Pregnancy tracking app says its "personalized approach to tracking your baby's development gives you an app as unique as your pregnancy." Fun! It offers users things like realistic illustrations of your baby in the womb each week, baby size comparisons, health coaches, as well as the ability to track everything from weight, nutrition, and vitamins, to sleep, moods, and exercise. They even added a new baby names features that lets you swipe through baby names a "like" or "love" your favorites. Whee! The app is free to download and use but you'll need a sponsored employer/health plan to unlock the premium benefits. How does Ovia look from privacy perspective? Well, we didn't find too much to "like" there, but we do "love" that they clarify how they share data with law enforcement.
Que pourrait-il se passer en cas de problème ?
How do they say they plan to use this information? Well, in the free consumer version of the app, to show you ads and sponsored content using an advertising profile they create on you (nothing is ever free, remember). Ovia does clarify that they will only share personal information that directly identifies with advertisers and sponsors if you opt-in. We're unsure how clear this opt-in process is, though, so be careful when using the app and don't opt-in to any data sharing that directly identifies you. Ovia also says they can use your information for personalization of content, to send advertising and marketing content, market their products and services, and to conduct clinical and scientific research.
And in 2020, Consumer Reports reported on some concerns about privacy shortcomings period tracking apps, including Ovia, had when it came to the handling of the sensitive user data it can collect.
FInally, Ovia says they use personal information to create de-identified data that they can then use for research purposes. They also say they can use personal data to create aggregated analytic data and statistics which they may share or sell with third parties. Finally, the say they "may disclose or sell de-identified data derived from patient information (as defined by the California Consumer Privacy Act); if so, such patient information is de identified in accordance with HIPAA safe harbor or expert determination de identification requirements." We hope all this de-identified and aggregate data is handled properly so no one can ever be re-identified by their patient or personal data. However, we should mention that it has been found to be relatively easy to re-identify some anonymized data, especially if location data is included.
We do want to give credit where credit is due. Ovia does do a good job explaining how they will handle law enforcement and government requests for their users' data. The have a page on their site that outlines how they handle such data requests and it does all the things we like to see here at Mozilla. They indicate they won't voluntarily disclose users data, that they require valid and legally binding court orders such as subpoenas with clear requests for what data law enforcement is requesting, and that they won't provide data beyond the scope of the valid request and, when possible, will try to limit the scope of data provided. This is all great stuff in our post-Roe v Wade world. Good on you Ovia for providing this clarification.
What's the worst that could happen with Ovia. Well, Ovia does offer coaching services that happen online or over the telephone. And they say that "we collect the information you give to our coaches, which may occur online or through recording of telephone coaching sessions for quality control and monitoring purposes." They also say "your health coach and managers will access your personal data to help you. If you receive Ovia as a benefit from your health insurer or employer health plan, nurse care managers from your health plan (and your employer, if you opt-in to such data sharing) may also have access to your personal data." That's a lot of people who could potentially have access to some sensitive, personal information. Could that data be leaked or shared or accessed by an employee who shouldn't have access or, even worse, handed over to your employer if you weren't clear you were giving consent? It seems possible, if hopefully unlikely. Still, something to consider. And don't forget, Ovia is sharing data about you with Facebook. whether you like it or not. BOO!
Conseils pour vous protéger
- If you receive Ovia as a benefit from your employer, do not opt in to sharing of your health data with your employer
- When signing up from outside of US, do not give consent for Ovia and its advertising partners to use your location and personal data, including data about your health, fertility and pregnancy, to display personalized advertising! If you are from the US, better do not use this app.
- Opt out of third party personalized advertising by going to the Settings menu of your Ovia app and selecting “Do Not Sell My Info” (for California users) or “Manage My Privacy Settings” (for non-US users). US-based non-California users better use another app.
- Do not connect GoogleFit or Apple Health to the app
- If you participate in coaching services, do not provide sensitive personal information, as the app collect the information you give to their coaches, which may occur online or through recording of telephone coaching sessions for quality control and monitoring purposes.
- Do not sign in via Facebook - better sign in via email and password
- Chose a strong password! You may use a password control tool like 1Password, KeePass etc
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images and videos, other files)
- Keep your app regularly updated
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
- Request your data be deleted once you stop using the app. Simply deleting an app from your device does not erase your personal data.
Appareil : Ne s’applique pas
Application : Non
Appareil : Impossible à déterminer
Application : Non
Piste la géolocalisation
Appareil : Ne s’applique pas
Application : Oui
Que peut-on utiliser pour s’inscrire ?
Facebook log-in possible
Quelles données l’entreprise collecte-t-elle ?
First name, email address, date of birth, baby’s name or nickname
"Cycle type and length, date of last menstrual period, expected due date. Data you provide about your lifestyle, health, fertility, pregnancy and parenting. If you sync a fitness tracker to the Ovia app or share data with Ovia through Google Fit or Apple Health, they collect the data you synch to Ovia."
The app requests access to contacts
Comment l’entreprise utilise-t-elle les données ?
Comment pouvez-vous contrôler vos données ?
Quel est l’historique de l’entreprise en matière de protection des données des utilisateurs et utilisatrices ?
In 2019, the Washington Post reported criticism of Ovia Health for sharing data — though de-identified and aggregated — with employers, who could purchase the period- and pregnancy-tracking app as a health benefit for their workers. People using the employer-sponsored version must currently opt in for this kind of data-sharing.
Informations liées à la vie privée des enfants
Ce produit peut-il être utilisé hors connexion ?
Informations relatives à la vie privée accessibles et compréhensibles ?
Liens vers les informations concernant la vie privée
Ce produit respecte-t-il nos critères élémentaires de sécurité ?
Mot de passe robuste
Mises à jour de sécurité
Gestion des vulnérabilités
Ovia Health does not offer a bug bounty program. Vulnerabilities can be reported to [email protected].
Politique de confidentialité
Cette IA est-elle non digne de confiance ?
Quel genre de décisions l’IA prend-elle à votre sujet ou pour vous ?
L’entreprise est-elle transparente sur le fonctionnement de l’IA ?
Les fonctionnalités de l’IA peuvent-elles être contrôlées par l’utilisateur ou l’utilisatrice ?
Pour aller plus loin
What Your Period Tracker App Knows About YouConsumer Reports
Supreme Court overturns Roe v. Wade: Should you delete your period-tracking app?TechCrunch
The data flows: How private are popular period tracker apps?Surfshark
Here’s What Period Tracking Apps Say They Do With Your DataVice
‘Delete every digital trace of any menstrual tracking’: Are period-tracking apps safe to use in a post-Roe world?MarketWatch
Vous avez un commentaire ? Dites-nous tout.