Flo Ovulation & Period Tracker

Ostrzeżenie: *Prywatność dla tego produktu do nabycia osobno

Flo Ovulation & Period Tracker

Data recenzji: 9 sierpnia 2022

|
|

Według Mozilli:

|
Według użytkowników: Bardzo przerażające

Old Aunt Flo, she's got her own app these days. Flo Ovulation & Period Tracker is quite popular, with over 230 million downloads of the app, according to Flo Health. This app tracks, logs, calculates, reminds, calendars, chats, and more to help you know when you're most likely to get pregnant so you can plan accordingly. Log all those moods, symptoms, sex drives, weight, water intake, energy levels, and activities to get "the most precise AI-based overview of your body’s patterns." Free to download, Flo offers premium features in their subscription services for around $40 - 50 a year.

So, how does Flo look from a privacy perspective? Well, unfortunately, they proved themselves rather untrustworthy when they got called out by the Federal Trade Commision in 2021 for the sharing sensitive health information of their users with advertising and marketing companies, including the likes of Facebook and Google, after promising not to. Yikes! Bad form Flo, bad form.

Co się może stać, jeśli coś pójdzie nie tak?

There's good news and bad news when it comes to Flo. Let's start with the bad news, because that's probably why you're here. Flo has a spotty track record of protecting their user's very sensitive personal information. Which is very bad for a app that collects and tracks so much sensitive personal information.

Here's what happened. Back in 2019 the Wall Street Journal reported that Flo was sharing data with Facebook that included health data like when a person started their period. This prompted a review by the FTC who found that "despite express privacy claims, the company (Flo) took control of users’ sensitive fertility data and shared it with third parties." This resulted in the FTC and Flo agreeing to a settlement in 2021 that required Flo Health " to obtain the affirmative consent of users of the company’s fertility-tracking app before sharing their personal health information with others and to obtain an independent review of their privacy practices". So, the bad news is, Flo got caught misleading their users and sharing data they had promised they wouldn't (although the never admitted wrongdoing in the settlement). That's really bad. The good news is, after they got busted and settled with the FTC, they were forced to (hopefully) clean up their act and do better. So are they doing better? Well, again, hopefully.

They do say in their privacy policy they can collect a whole heap of personal and usage data. Things like, name, email address, birth data, location, weight, body temperature, dates of your menstrual cycle, pregnancy details, sexual activity, symptoms, moods, and how often you use the app, your mobile service provider, unique device identifiers, and more. That's a LOT of information to trust Flo with. Which, you know, they've not been so trustworthy in the past, although now they've got the FTC keeping a bit more of an eye on them.

What does Flo say they can do with all that data, according to their privacy policy? They do say they won't sell your data, so that's good. And they do ask for your consent to use your data as laid out in the privacy policy when you set up the app, so pay close attention to what you are consenting to! Because they say with your consent they can use your personal information for things like customizing the app, making recommendations to you for other product offers, including third-party products, and for Flo promotional purposes. Flo also says that consent means they can share some of your non-health personal information with third-party marketing platform AppsFlyer for marketing and promotional purposes on third-party platforms like Facebook, Google, Pinterest, Snapchat, Twitter, and more.

Good news though. Flo recently announced the launch of an "Anonymous Mode," which is a free features that allows people to "use the service without any personally identifiable information, such as a name, email address, and technical identifier being associated with the account." We like that for sure! See, we told you there was both good and bad news when it comes to Flo.

Flo collects a whole lot of personal information, shares some of that with third-parties for marketing and promotional purposes, and has a track record of not being completely honest about how they share their data. So far, not great. They also say they can gather more information about your from third-party sources, "We may receive Personal Data about you from third parties. For example, we may obtain information from third parties, to enhance or supplement existing user information…" Does this mean they could buy data from data brokers to learn more about your and build a bigger profile on you? Perhaps. Flo has told us that they currently do not buy or sell data to data brokers (yay!). However, the way their privacy policy is written seems like they could in the future if something were to change inside the company. Flo also says they "aggregate, anonymize or de-identify your Personal Data so that it cannot reasonably be used to identify you. Such data is no longer Personal Data. We may share such data with our partners or research institutions or use for statistical purposes…" This is fairly common, but now is a good time to remind you that it has been found to be pretty easy to re-identify this sort of data, especially when location data is included.

And back to that whole Flo honesty problem. When we were reading the data safety information they shared on their Google Play store app page, we noticed they self-declared they say they don't share data with other companies or organizations. Which, as we've just outlined above, just isn't true. Unfortunately, Google's data safety sharing information rules are pretty terrible because they say developers don't actually need to say they are sharing data with third parties even if they are if consent is obtained. This is terribly misleading on all parts and we wish both Flo and Google would do better for consumers. Bottom line, please don't trust the self-reported data safety information you find on the Google Play store. It's better (and also awful) to read the app's privacy policy instead. If you need some tips to do that, well, here's a good article to help (even better, read our *Privacy Not Included reviews!).

How does Flo say they will handle requests from law enforcement to obtain their users' information? Their privacy policy says, "We may also share some of your Personal Data … in response to subpoenas, court orders or legal processes, to the extent permitted and as restricted by law (including to meet national security or law enforcement requirements)." Which is a bit vague. However, Flo shared with us this public statement they made to clarify what this means. And it's actually pretty good -- they say they require a legally valid request, will work to limit the scope of any data they are required to share, and will do their best to notify the user if their data is requested by law enforcement. Good work Flo.

So, what's the worst that could happen with Flo? Well, you could trust a company with a spotty track record to keep all that personal information you share with them private, safe, and secure. It's possible, although hopefully it doesn't happen, that they could leak or share data about your period or pregnancy that gets scooped up by people you don't want to have it and used against you. Which is really scary in the post-Roe vs Wade world we live in these days. Hopefully this never, ever happens. And hopefully all that data they collect and store on you to train up their AI algorithms is stored securely and never leaked. And hopefully Flo doesn't give your user data to law enforcement unless absolutely necessary, and then, hopefully they only give the bare minimum (which is what they say they will do, thank goodness). These are a lot of hopefullys. Maybe it's better to just not share so much personal info to begin with.

Wskazówki, jak się chronić

  • Set up Anonymous Mode when using the app to protect your data
  • Enable a 4-digit secure access code if you want additional security of your data from someone who might access your device
  • When starting a sign-up, do not agree to tracking of your data.
  • Do not sign up with your Google account. Better just log in with email and password.
  • Chose a strong password! You may use a password control tool like 1Password, KeePass etc
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images and videos)
  • Keep your app regularly updated
  • Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
  • Request your data be deleted once you stop using the app. Simply deleting an app from your device does not erase your personal data.
  • mobile

Czy może mnie podsłuchiwać? informacje

Aparat

Urządzenie: Nie dotyczy

Aplikacja: Nie

Mikrofon

Urządzenie: Nie dotyczy

Aplikacja: Nie

Śledzi położenie

Urządzenie: Nie dotyczy

Aplikacja: Nie

Czego można użyć do rejestracji?

Google account is possible

Jakie dane zbiera ta firma?

Jak ta firma wykorzystuje te dane?

We ding this product for potentially combining collected data with data from third parties, as well as for sharing personal data for advertisement

"We may receive Personal Data about you from third parties. For example, we may obtain information from third parties, to enhance or supplement existing user information, including to customize and personalize your experience and for statistical purposes and analytics, as described below."

"We will not sell or rent your Personal Data. We will not disclose your Personal Data except as otherwise described in this Privacy Policy. We may share your Personal Data with our service providers solely as described in this Privacy Policy. We will also not use information received through your use of the HealthKit and Google Fit framework for advertising or similar services, or sell it to advertising platforms, data brokers, or information resellers."

"We may process your Personal Data in relation to our interests in providing the Services to you, our commercial interests, including our interest in protecting the security and integrity of the Services, and wider societal benefits;"

"With your consent we may share some of your non-health Personal Data with AppsFlyer for marketing and promotional purposes. AppsFlyer is a mobile marketing platform that handles your Personal Data in accordance with our instructions. By using AppsFlyer and its integrated partners for marketing and promotional purposes we are able to reach you and people like you on various platforms and spread the word about Flo. If we need to share your Personal Data with other platforms for this purpose, except as we have explained in this Privacy Policy, we will ask for your consent."

How the company says they may share data with law enforcement:
Flo may share your data in response to subpoenas, court orders or legal processes, to the extent permitted and as restricted by law (including to meet national security or law enforcement requirements);

Flo clarifies how they respond to data requests in this post on their website.

Jak możesz kontrolować swoje dane?

"It does not matter what country or region you come from, we are committed to providing you vast privacy rights in relation to your Personal Data."

"Сontact us at [email protected] to exercise your privacy rights. We will address your request within 30 days after receipt. It may take us up to 90 days in some cases, for example for full erasure of your Personal Data stored in our backup systems. We will let you know if we need more time and explain the reasons for the delay. "

If you choose to delete the App from your device or your account becomes inactive, the app will retain your Personal Data for a period of 3 years in case you decide to re-activate the Services or re-install the App.

Jaka jest znana historia tej firmy w zakresie ochrony danych użytkowników?

Wymaga poprawy

The period app Flo got in trouble with the Federal Trade Commission (FTC) for “deceptive” practices around its data sharing. In June, 2021, the FTC announced that Flo Health settled with them over allegations that the company, after promises of privacy, shared health data of users using its fertility-tracking app with outside data analytics companies, including Facebook and Google.

Informacje o prywatności dziecka

You must be at least 13 to use the App (16 for European Economic Area (“EEA” and United Kingdom (“UK”) residents). They do not knowingly collect information from children under 13 (16 for EEA and UK residents), and do not allow people to use the App if they are younger than 13 (16 for EEA and UK residents). Moreover, some of the App functions are limited for users that are younger than 18.

Czy ten produkt może być używany bez połączenia z siecią?

Tak

Przyjazne dla użytkownika informacje o prywatności?

Tak

They provide a privacy portal on their website with easy to understand privacy principles and their privacy policy is generally easy to read.

Odnośniki do informacji o prywatności

Czy ten produkt spełnia nasze minimalne standardy bezpieczeństwa? informacje

Tak

Szyfrowanie

Tak

Silne hasło

Tak

Aktualizacje zabezpieczeń

Tak

Zajmuje się problemami z bezpieczeństwem

Tak

If you want to report a security incident related to the Services please contact us at [email protected].

Zasady ochrony prywatności

Tak

Czy produkt wykorzystuje sztuczną inteligencję? informacje

Tak

Flo uses AI technology to make it easier for women with irregular periods to track their cycle and fertility if desired.

Czy tej sztucznej inteligencji nie można ufać?

Nie można ustalić

Jakie decyzje sztuczna inteligencja podejmuje o Tobie lub za Ciebie?

Your period cycles

Czy firma jest przejrzysta w kwestii działania sztucznej inteligencji?

Nie można ustalić

Flo has this FAQ post about the accuracy of the Flo app that touches on their use of an AI prediction algorithm https://flo.health/faq/accuracy

Czy użytkownik ma kontrolę nad funkcjami sztucznej inteligencji?

Nie można ustalić

We found no control over AI in the app
*Prywatność do nabycia osobno

Dowiedz się więcej

  • Congress to Investigate Data Brokers and Period Tracking Apps
    Vice Odnośnik otwiera się w nowej karcie
  • With Roe overturned, period-tracking apps raise new worries
    The Washington Post Odnośnik otwiera się w nowej karcie
  • Fertility and Period Apps Can Be Weaponized in a Post-Roe World
    Wired Odnośnik otwiera się w nowej karcie
  • Supreme Court overturns Roe v. Wade: Should you delete your period-tracking app?
    TechCrunch Odnośnik otwiera się w nowej karcie
  • The data flows: How private are popular period tracker apps?
    Surfshark Odnośnik otwiera się w nowej karcie
  • FemTech: My Body, My Data, Their Rules
    Eticas Foundation Odnośnik otwiera się w nowej karcie
  • Cycle-tracking apps stand behind their privacy policies as Roe teeters
    The Verge Odnośnik otwiera się w nowej karcie
  • Fertility and Period Apps Can Be Weaponized in a Post-Roe World
    Wired Odnośnik otwiera się w nowej karcie
  • Here’s What Period Tracking Apps Say They Do With Your Data
    Vice Odnośnik otwiera się w nowej karcie
  • We asked 12 period-tracking apps about their post-Roe privacy policies
    Input Odnośnik otwiera się w nowej karcie
  • Consumers swap period tracking apps in search of increased privacy following Roe v. Wade ruling
    TechCrunch Odnośnik otwiera się w nowej karcie

Komentarze

Masz uwagi? Podziel się nimi z nami.