Ostrzeżenie: *Prywatność dla tego produktu do nabycia osobno
Clue is a German-based period to pregnancy tracking app. Being based in Germany is an important selling point for Clue because it means they are governed by Europe's stricter GDPR privacy laws, meant to do a better job at protecting consumers privacy than laws just about anywhere else in the world. Clue says it uses 30+ different tracking options to help you understand how your menstrual cycle affects things such as mood, skin, cravings, energy levels, ovulation, fetal development, pregnancy symptoms, and more. Free to download, Clue offers a yearly subscription for about $40. How does Clue look from a privacy perspective? Well, we think they're OK. We also see a couple places where we think they could do a bit better.
Co się może stać, jeśli coś pójdzie nie tak?
The makers of the Clue Period & Cycle Tracker app really, really want you to know they take privacy and security seriously. They've written many a blog post about how they do this. There's this one from Clue's Co-CEOs on patient data privacy, and this one about Clue's response to the overturning of Roe vs Wade in the US, and this one about the journey of one of your data points, and this one about how Clue says they make money, and this one about scientific research at Clue. And, of course, there is their privacy policy, which, we will give them, is one of the easier to read privacy policies we saw during our research.
It's always nice to see a company that makes an app that collects such sensitive health data tell us they take privacy and security seriously in ways that are accessible to all their users. We appreciate that. That said, we do have some concerns about Clue's privacy and security. Clue is so close to being good at privacy, from our perspective. Unfortunately, it seems they just miss the mark in a couple of places that leave us a little concerned.
First, for the good. Clue states they never sell your data. Yay! And, because Clue is based in Germany and governed by GDPR, Europe's stricter privacy laws, and most user data is stored there, it does provide users with better and stronger privacy when it comes to how their data can be used and what rights they have to access it and delete it. And Clue, as seen in their many blog posts above, does understand that people in the US are concerned about the privacy of their reproductive health data following the end of Roe vs Wade.
But there are concerns. First, Clue does collect a whole lot of information. Things like name, age, email address (if you create an account), device and app usage data such as device ID, IP address, location (but not precise location), and sensitive health data you chose to track in the app such as weight, body temperature, period length, sexual activity, birth control methods, cravings, mood, energy levels, and more. Clue does say they store your personal profile data separately from your cycle tracking data, which is good. Still, that's a whole lot of information the app can collect on you and store. Clue says they store things securely, but we always have to remind people, nothing stored on the internet is ever 100% safe.
It is great that Clue says they don't sell your information. They do however share some data with third parties for advertising, marketing, and research purposes. Clue says, "we do share a minimal amount of data about our users with advertising networks (but we never share the menstrual or other health data you track in the app)… If you are not comfortable with any data being shared for ad optimization, then you can go to Settings and change your preferences." So, you must opt out of your data being shared for advertising. Too bad it's not opt-in, we'd much prefer that. And Clue is very clear that they "do not share any of the data you track with advertisers or other third parties for their use." This is good.
When it comes to sharing data for research purposes, Clue says, "we share data with carefully vetted researchers to advance female health studies. For that purpose we de-identify your personal data by removing or hashing personal identifiers so that neither the researchers nor any third parties can link it to you." This is generally OK. However, we do like to remind folks that it has been found to be pretty easy to re-identify such data, especially if location data is included.
What we found that isn't OK is this statement in Clue's privacy policy: "By using the app you consent that Clue may use cookies and third-party services, and collect your usage data under a unique identifier, as well as your date of birth for the purposes of tracking, analysis, and improvement of our website and app, as well as advertising purposes such as showing you relevant Clue content." Clue says they use a unique identifier and your birth date to track you for things such as advertising and personalization purposes. This is data that could potentially be easily used to identify you, which worries us. And we're not alone. Back in 2020 privacy watchdog Privacy International also raised concerns about using date of birth as a tracker and potentially sharing that data with third parties.
And recently, Motherboard reported they were able to purchase data from the data broker, Narrative, that could be used to identify users of the Clue app. According to the article, "The data does not include information harvested from the Clue app itself, but rather is a list of devices that have the app installed that in turn could be used to identify users." This reporting raised enough concerns that the US Congress launched an investigation into data brokers and period tracking apps, including Clue, to try and better understand what data was available to buy and how better to protect consumers' privacy on this front. We're not sure Clue did anything wrong here. The data economy and data tracking is a vast and complicated world. Still, we think it's important for potential users of Clue to know this happened. We did reach out to Narrative with some questions about purchasing this data and they told us, "prior to May 2022, some data providers had data products regarding period tracking app installs available for purchase in the Narrative Data Streams Marketplace," and " in anticipation of the increased attention to women's health and privacy in light of the Supreme Court's decision to strike down Roe v. Wade, we updated our policy to remove any pregnancy/menstruation/other reproductive health app install data from the Marketplace to prevent any potential misuse of the data." So, here's hoping for the best in regards to buying this sort of data from data brokers (but still, we recommend you plan for the worst).
How does Clue look when it comes to sharing data with law enforcement? Well, here they look pretty darn good, as far as we can tell. They are based in Germany. They are governed by stricter GDPR privacy laws and they make it a point to clearly outline how they protect the data they store from any potential subpoenas or US government requests. We appreciate this very much. They told us in an email, "Disclosing sensitive reproductive health data in order to use it against the data subject would fly in the face of European data privacy principles, which seek to protect people against government surveillance. In the theoretical scenario that a German court did seek to enforce a foreign request, we would resist any such attempt with all means necessary to protect our users’ privacy." This is all good. However, we should mention that their privacy policy does include a bit of a caveat there when they state, "With regard specifically to the United States, the information we and our processors maintain is unlikely to be the subject of inquiry by a public authority in the US that would invoke such laws that may compel a processor to hand over personal information. The risk of such disclosure, however, cannot be eliminated."
Probably the biggest concern we found with Clue is on the security front. Unfortunately, Clue doesn't meet our Minimum Security Standards because they don't require a strong password. We were able to log in to the app with the very weak password of "1". That's bad. When we reached out to Clue to ask about this, they told us: "Clue requires authentication that can be done … by using an email / password combination. Encouraging even stronger password complexity will be addressed in the next major release planned for this summer." So, at least they know they need to do better and seem to have plans to upgrade their password requirement. We will update this review once we have confirmed a stronger password requirement has been implemented.
What's the worst that could happen with Clue? As always, hopefully nothing. But, as they themselves state in their privacy policy, "Usually, the biggest threat to the security and privacy of your data is that someone—probably someone you know—gains access to any of your devices without your consent." We sure hope no one uses this app, doesn't set a strong password because it isn't required, has an angry ex-partner access their phone and learn they had a potential miscarriage, reports this to law enforcement, and causes them to be investigated and harassed by the police for potentially having an abortion in a state where that is illegal. We sure hope that never happens, but these are the worries we all must consider right now.
Wskazówki, jak się chronić
- Use the app without creating a profile: this way, your data will be processed at your device only, and will less likely end up in hands of data brokers.
- Go to settings and opt out of data sharing for advertising purposes!
- Activate a unique PIN code or activate TouchID (iPhone 5S-8) for the Clue app.
- Do not sign up with third-party accounts such as Facebook or Google! It's better to login with email and password.
- Chose a strong password! You may use a password control tool like 1Password, KeePass, etc.
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images and videos).
- Keep your app regularly updated.
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization).
- Request your data be deleted once you stop using the app. Simply deleting an app from your device does not erase your personal data.
Czy może mnie podsłuchiwać?
Aparat
Urządzenie: Nie dotyczy
Aplikacja: Nie
Mikrofon
Urządzenie: Nie dotyczy
Aplikacja: Nie
Śledzi położenie
Urządzenie: Nie dotyczy
Aplikacja: Nie
Czego można użyć do rejestracji?
Tak
Telefon
Nie
Konto firmy trzeciej
Tak
Facebook and Google account sign-ups available
Jakie dane zbiera ta firma?
Osobiste
If you create an account: Email, name, age
Związane z ciałem
If you create an account: Your cycle information (e.g., period length, pain, or spotting) and depending on the data you provide, it may also contain information about your general health (e.g., weight, body temperature, hair quality, and if/how you engage in sexual intercourse)
Społecznościowe
Jak ta firma wykorzystuje te dane?
Jak możesz kontrolować swoje dane?
Jaka jest znana historia tej firmy w zakresie ochrony danych użytkowników?
In 2020 privacy researchers raised a concern that a birthday is used as a advertisement identifier. The practice still continues.
In May 2022, reporters from Vice managed to purchase a list of devices using Clue from data broker Narrative for $100. According to the report, "The data does not include information harvested from the Clue app itself, but rather is a list of devices that have the app installed that in turn could be used to identify users." The fault doesn't likely lie with Clue for data brokers obtaining this information. Still, this data was available for purchase from at least one data broker as recently as May 2022, which is a concern.
Informacje o prywatności dziecka
Czy ten produkt może być używany bez połączenia z siecią?
Przyjazne dla użytkownika informacje o prywatności?
Odnośniki do informacji o prywatności
Czy ten produkt spełnia nasze minimalne standardy bezpieczeństwa?
Szyfrowanie
Silne hasło
Managed to sign up with "1" as a password. Clue wrote to us that "Clue requires authentication that can be done … by using an email / password combination. Encouraging even stronger password complexity will be addressed in the next major release planned for this summer." We will update this review once we have confirmed a stronger password requirement has been implemented.
Aktualizacje zabezpieczeń
Zajmuje się problemami z bezpieczeństwem
Clue has information security staff that manage reported vulnerabilities. They can be reported via security.text file (which outlines further scope and details), or by contacting the Clue Support Team via their app or website.
Zasady ochrony prywatności
An app tracks a woman’s menstrual cycle through machine learning. The app says they work closely with universities and scientists to improve female health and to find insights that benefit our users. The app also says it is not an AI: "The product uses data analysis and machine learning to calculate the user’s personalised cycle predictions, however this is not an AI."
Dowiedz się więcej
-
Congress to Investigate Data Brokers and Period Tracking AppsVice
-
Data Marketplace Selling Info About Who Uses Period Tracking AppsVice
-
Supreme Court overturns Roe v. Wade: Should you delete your period-tracking app?TechCrunch
-
Here’s What Period Tracking Apps Say They Do With Your DataVice
-
We asked 12 period-tracking apps about their post-Roe privacy policiesInput
-
Consumers swap period tracking apps in search of increased privacy following Roe v. Wade rulingTechCrunch
-
Forget Tracking Your Period—Your Period (App) Is Tracking YouMarie Claire
Komentarze
Masz uwagi? Podziel się nimi z nami.