Ostrzeżenie: *Prywatność dla tego produktu do nabycia osobno
Old Aunt Flo, she's got her own app these days. Flo Ovulation & Period Tracker is quite popular, with over 230 million downloads of the app, according to Flo Health. This app tracks, logs, calculates, reminds, calendars, chats, and more to help you know when you're most likely to get pregnant so you can plan accordingly. Log all those moods, symptoms, sex drives, weight, water intake, energy levels, and activities to get "the most precise AI-based overview of your body’s patterns." Free to download, Flo offers premium features in their subscription services for around $40 - 50 a year.
So, how does Flo look from a privacy perspective? Well, unfortunately, they proved themselves rather untrustworthy when they got called out by the Federal Trade Commision in 2021 for the sharing sensitive health information of their users with advertising and marketing companies, including the likes of Facebook and Google, after promising not to. Yikes! Bad form Flo, bad form.
Co się może stać, jeśli coś pójdzie nie tak?
There's good news and bad news when it comes to Flo. Let's start with the bad news, because that's probably why you're here. Flo has a spotty track record of protecting their user's very sensitive personal information. Which is very bad for a app that collects and tracks so much sensitive personal information.
Here's what happened. Back in 2019 the Wall Street Journal reported that Flo was sharing data with Facebook that included health data like when a person started their period. This prompted a review by the FTC who found that "despite express privacy claims, the company (Flo) took control of users’ sensitive fertility data and shared it with third parties." This resulted in the FTC and Flo agreeing to a settlement in 2021 that required Flo Health " to obtain the affirmative consent of users of the company’s fertility-tracking app before sharing their personal health information with others and to obtain an independent review of their privacy practices". So, the bad news is, Flo got caught misleading their users and sharing data they had promised they wouldn't (although the never admitted wrongdoing in the settlement). That's really bad. The good news is, after they got busted and settled with the FTC, they were forced to (hopefully) clean up their act and do better. So are they doing better? Well, again, hopefully.
They do say in their privacy policy they can collect a whole heap of personal and usage data. Things like, name, email address, birth data, location, weight, body temperature, dates of your menstrual cycle, pregnancy details, sexual activity, symptoms, moods, and how often you use the app, your mobile service provider, unique device identifiers, and more. That's a LOT of information to trust Flo with. Which, you know, they've not been so trustworthy in the past, although now they've got the FTC keeping a bit more of an eye on them.
What does Flo say they can do with all that data, according to their privacy policy? They do say they won't sell your data, so that's good. And they do ask for your consent to use your data as laid out in the privacy policy when you set up the app, so pay close attention to what you are consenting to! Because they say with your consent they can use your personal information for things like customizing the app, making recommendations to you for other product offers, including third-party products, and for Flo promotional purposes. Flo also says that consent means they can share some of your non-health personal information with third-party marketing platform AppsFlyer for marketing and promotional purposes on third-party platforms like Facebook, Google, Pinterest, Snapchat, Twitter, and more.
Good news though. Flo recently announced the launch of an "Anonymous Mode," which is a free features that allows people to "use the service without any personally identifiable information, such as a name, email address, and technical identifier being associated with the account." We like that for sure! See, we told you there was both good and bad news when it comes to Flo.
Flo collects a whole lot of personal information, shares some of that with third-parties for marketing and promotional purposes, and has a track record of not being completely honest about how they share their data. So far, not great. They also say they can gather more information about your from third-party sources, "We may receive Personal Data about you from third parties. For example, we may obtain information from third parties, to enhance or supplement existing user information…" Does this mean they could buy data from data brokers to learn more about your and build a bigger profile on you? Perhaps. Flo has told us that they currently do not buy or sell data to data brokers (yay!). However, the way their privacy policy is written seems like they could in the future if something were to change inside the company. Flo also says they "aggregate, anonymize or de-identify your Personal Data so that it cannot reasonably be used to identify you. Such data is no longer Personal Data. We may share such data with our partners or research institutions or use for statistical purposes…" This is fairly common, but now is a good time to remind you that it has been found to be pretty easy to re-identify this sort of data, especially when location data is included.
And back to that whole Flo honesty problem. When we were reading the data safety information they shared on their Google Play store app page, we noticed they self-declared they say they don't share data with other companies or organizations. Which, as we've just outlined above, just isn't true. Unfortunately, Google's data safety sharing information rules are pretty terrible because they say developers don't actually need to say they are sharing data with third parties even if they are if consent is obtained. This is terribly misleading on all parts and we wish both Flo and Google would do better for consumers. Bottom line, please don't trust the self-reported data safety information you find on the Google Play store. It's better (and also awful) to read the app's privacy policy instead. If you need some tips to do that, well, here's a good article to help (even better, read our *Privacy Not Included reviews!).
How does Flo say they will handle requests from law enforcement to obtain their users' information? Their privacy policy says, "We may also share some of your Personal Data … in response to subpoenas, court orders or legal processes, to the extent permitted and as restricted by law (including to meet national security or law enforcement requirements)." Which is a bit vague. However, Flo shared with us this public statement they made to clarify what this means. And it's actually pretty good -- they say they require a legally valid request, will work to limit the scope of any data they are required to share, and will do their best to notify the user if their data is requested by law enforcement. Good work Flo.
So, what's the worst that could happen with Flo? Well, you could trust a company with a spotty track record to keep all that personal information you share with them private, safe, and secure. It's possible, although hopefully it doesn't happen, that they could leak or share data about your period or pregnancy that gets scooped up by people you don't want to have it and used against you. Which is really scary in the post-Roe vs Wade world we live in these days. Hopefully this never, ever happens. And hopefully all that data they collect and store on you to train up their AI algorithms is stored securely and never leaked. And hopefully Flo doesn't give your user data to law enforcement unless absolutely necessary, and then, hopefully they only give the bare minimum (which is what they say they will do, thank goodness). These are a lot of hopefullys. Maybe it's better to just not share so much personal info to begin with.
Wskazówki, jak się chronić
- Set up Anonymous Mode when using the app to protect your data
- Enable a 4-digit secure access code if you want additional security of your data from someone who might access your device
- When starting a sign-up, do not agree to tracking of your data.
- Do not sign up with your Google account. Better just log in with email and password.
- Chose a strong password! You may use a password control tool like 1Password, KeePass etc
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images and videos)
- Keep your app regularly updated
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
- Request your data be deleted once you stop using the app. Simply deleting an app from your device does not erase your personal data.
Czy może mnie podsłuchiwać?
Aparat
Urządzenie: Nie dotyczy
Aplikacja: Nie
Mikrofon
Urządzenie: Nie dotyczy
Aplikacja: Nie
Śledzi położenie
Urządzenie: Nie dotyczy
Aplikacja: Nie
Czego można użyć do rejestracji?
Tak
Telefon
Nie
Konto firmy trzeciej
Tak
Google account is possible
Jakie dane zbiera ta firma?
Osobiste
Name; Email address; Year of birth; Place of residence and associated location information including time zone and language
Związane z ciałem
Weight; Body temperature; Menstrual cycle dates; Details of your pregnancy (if you select the pregnancy mode); Various symptoms related to your menstrual cycle, pregnancy and health; Other information about your health (including sexual activities), physical and mental well-being, and related activities, including personal life.
Społecznościowe
Jak ta firma wykorzystuje te dane?
Jak możesz kontrolować swoje dane?
Jaka jest znana historia tej firmy w zakresie ochrony danych użytkowników?
The period app Flo got in trouble with the Federal Trade Commission (FTC) for “deceptive” practices around its data sharing. In June, 2021, the FTC announced that Flo Health settled with them over allegations that the company, after promises of privacy, shared health data of users using its fertility-tracking app with outside data analytics companies, including Facebook and Google.
Informacje o prywatności dziecka
Czy ten produkt może być używany bez połączenia z siecią?
Przyjazne dla użytkownika informacje o prywatności?
They provide a privacy portal on their website with easy to understand privacy principles and their privacy policy is generally easy to read.
Odnośniki do informacji o prywatności
Czy ten produkt spełnia nasze minimalne standardy bezpieczeństwa?
Szyfrowanie
Silne hasło
Aktualizacje zabezpieczeń
Zajmuje się problemami z bezpieczeństwem
If you want to report a security incident related to the Services please contact us at [email protected].
Zasady ochrony prywatności
Flo uses AI technology to make it easier for women with irregular periods to track their cycle and fertility if desired.
Czy tej sztucznej inteligencji nie można ufać?
Jakie decyzje sztuczna inteligencja podejmuje o Tobie lub za Ciebie?
Czy firma jest przejrzysta w kwestii działania sztucznej inteligencji?
Czy użytkownik ma kontrolę nad funkcjami sztucznej inteligencji?
Dowiedz się więcej
-
Congress to Investigate Data Brokers and Period Tracking AppsVice
-
With Roe overturned, period-tracking apps raise new worriesThe Washington Post
-
Fertility and Period Apps Can Be Weaponized in a Post-Roe WorldWired
-
Supreme Court overturns Roe v. Wade: Should you delete your period-tracking app?TechCrunch
-
The data flows: How private are popular period tracker apps?Surfshark
-
FemTech: My Body, My Data, Their RulesEticas Foundation
-
Cycle-tracking apps stand behind their privacy policies as Roe teetersThe Verge
-
Fertility and Period Apps Can Be Weaponized in a Post-Roe WorldWired
-
Here’s What Period Tracking Apps Say They Do With Your DataVice
-
We asked 12 period-tracking apps about their post-Roe privacy policiesInput
-
Consumers swap period tracking apps in search of increased privacy following Roe v. Wade rulingTechCrunch
Komentarze
Masz uwagi? Podziel się nimi z nami.