Period Tracker

Ostrzeżenie: *Prywatność dla tego produktu do nabycia osobno

Period Tracker

Data recenzji: 9 sierpnia 2022

|
|

Według Mozilli:

|
Według użytkowników: Bardzo przerażające

The apt, if rather boring, named period tracking app Period Tracker claims to be "the easiest way to track your periods!" We don't know about that. We do know they app lets you track your period, know your fertility window, let's you track things like mood, symptoms, and intimacy. And the app comes with a disclaimer in the app store that says, "Disclaimer: Period Tracker period and fertility forecasts may not be accurate and should not be used to prevent unwanted pregnancy." So there's that.

Period Tracker developer GP Apps seems to be a small app developer that makes one other app, a weight loss app called Resist. What does all this mean for Period Tracker privacy? Well, the short, rather vague privacy policy we found for Period Tracker actually left us with more questions than answers, which is never a good thing for anything that collects personal and health related data.

Co się może stać, jeśli coś pójdzie nie tak?

Being a privacy researcher means reading lots and lots of privacy policies, security documents, and FAQ pages. So when I stumbled across Period Tracker FAQ page, I was rather excited to see a question smack in the middle of the page with the question, "Does Period Tracker sell or share my data with any third parties?" I love it when I find privacy information on FAQ pages! Imagine my disappointment when I clicked on that link and up popped the dreaded "This page doesn't seem to exist." page. Bother! So, back to the privacy policy I head to try and find out if Period Tracker does, indeed, share data with third parties. I wasn't feeling too great about things given the broken link on their FAQ page.

So, does Period Tracker share your data with third parties? The answer seems to be yes, but maybe not too much. Here's what we found. Period Tracker's privacy policy says they share data you directly input into the app under certain circumstances like with "trusted service providers" and "as required by law, such as to comply with a subpoena, or similar legal process," and "when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, or to investigate fraud." So, they may share the personal info you input into the app with third parties, but probably (hopefully) not with advertisers.

On that front they say, "We work with advertisers and third party advertising networks, who need to know how you interact with advertising provided in the Application which helps us keep the cost of the Application low. Advertisers and advertising networks use some of the information collected by the Application, including, but not limited to, the unique advertising ID of your mobile device. Data directly inputted by users (ie., periods, notes, email, account info, etc) is not shared with advertisers." So, it seems Period Tracker does share some data with advertisers, but many not things like when your period starts or what your mood is. Still, they do share data with advertisers to target you with ads, which we don't love.

And Period Tracker does say they will share data with law enforcement, but their statement of when and why they do that is a little too vague for our comfort. We would love to see them state clearly that they only share data when required by law enforcement through subpoena and not leave any open questions that they might share data with law enforcement through voluntary disclosure, which we here at Mozilla don't like as a policy.

The biggest concern with have with Period Tracker, alongside their rather short, vague, boilerplate privacy policy, is that their security measures don't meet our Minimum Security Standards. We were able to set the app up using the weak password "1111," which isn't good at all if you're trying to protect sensitive health information on your phone. We also couldn't confirm if they use encryption, which isn't great either, you want the data you share with them to be encrypted in transit and at rest where they store it. We emailed the company three times at the email address listed in their privacy policy for privacy related questions and never received a response. Again, not great. So, we'd say this line in their privacy policy is a good reminder to beware of sharing personal information with this app, "Please be aware that, although we endeavor provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches."

Is Period Tracker the worst period tracking app we reviewed? No, it doesn't seem so. Does it raise red flags for us from a privacy perspective. Yes, absolutely. Their privacy policy is short and vague and leaves us with questions. The privacy question on the FAQ page leads to a broken link, which tells us they aren't super into keeping their privacy information updated for their users. Their security measures are questionable and don't meet our Minimum Security Standards. And they aren't responsive to privacy-related questions. What's the worst that could happen? Well, here's hoping you don't share your period frequency and moods and symptoms with this app and then have that data leaked on the dark web through a security breach where it could be bought up by "anti-abortion activists" looking for data they could us to out someone who may have had an abortion. That would suck really really bad. Here's hoping that never happens.

Wskazówki, jak się chronić

  • Do not register for the app if you do not want your email collected
  • Follow these instructions to delete all past information from the app.
  • Add an app passcode if your device might end up in the wrong hands
  • Chose a strong password! You may use a password control tool like 1Password, KeePass etc
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your precise location, camera, microphone, images and videos, other files)
  • Keep your app regularly updated
  • Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
  • Request your data be deleted once you stop using the app. Simply deleting an app from your device does not erase your personal data.
  • mobile

Czy może mnie podsłuchiwać? informacje

Aparat

Urządzenie: Nie dotyczy

Aplikacja: Nie

Mikrofon

Urządzenie: Nie dotyczy

Aplikacja: Nie

Śledzi położenie

Urządzenie: Nie dotyczy

Aplikacja: Nie

Czego można użyć do rejestracji?

Jakie dane zbiera ta firma?

Jak ta firma wykorzystuje te dane?

This app doesn't share personally identifiable data such as name or email. However, "Information that is collected automatically may be shared with advertisers and third party advertising networks and analytics companies." Such data may include type of mobile device you use, your mobile devices unique device ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browsers you use, and information about the way you use the Application.

"Data directly inputted by users (ie., periods, notes, email, account info, etc) is not shared with advertisers."

How the company says they may share data with law enforcement:
"Information that users directly input into The Application is not shared with any third parties unless […] as required by law, such as to comply with a subpoena, or similar legal process"

Jak możesz kontrolować swoje dane?

We ding this app because Privacy Policy does not mention GDPR or CCPA rights. There is no contact provided in the Privacy Policy for data deletion that could be used by all users.

"If you’d like us to delete User Provided Data that you have provided via the Application, you may delete your account and associated data by going to the app settings, account page, and select delete account. This will delete your account and associated data from our servers. Deleting the native app on your phone will also delete any app data your phone holds."

"We will retain User Provided data for as long as you use the Application and for a reasonable time thereafter. We will retain Automatically Collected information for up to 24 months and thereafter may store it in aggregate. Please note that some or all of the User Provided Data may be required in order for the Application to function properly."

Jaka jest znana historia tej firmy w zakresie ochrony danych użytkowników?

Średnia

No known privacy or security incidents discovered in the last 3 years.

Informacje o prywatności dziecka

The app do not use the Application to knowingly solicit data from or market to children under the age of 13 (or under the age of 16 for individuals residing in the European Union). If a parent or guardian becomes aware that his or her child has provided them with information without their consent, he or she should contact the app at https://gpapps.com/feedback-contact-us/.

Czy ten produkt może być używany bez połączenia z siecią?

Tak

Przyjazne dla użytkownika informacje o prywatności?

Nie

Odnośniki do informacji o prywatności

Czy ten produkt spełnia nasze minimalne standardy bezpieczeństwa? informacje

Nie

Szyfrowanie

Nie można ustalić

Silne hasło

Nie

Managed to sign up with "1111" as a password

Aktualizacje zabezpieczeń

Tak

Zajmuje się problemami z bezpieczeństwem

Tak

Zasady ochrony prywatności

Nie można ustalić

Czy produkt wykorzystuje sztuczną inteligencję? informacje

Nie można ustalić

Czy tej sztucznej inteligencji nie można ufać?

Nie można ustalić

Jakie decyzje sztuczna inteligencja podejmuje o Tobie lub za Ciebie?

Czy firma jest przejrzysta w kwestii działania sztucznej inteligencji?

Nie można ustalić

Czy użytkownik ma kontrolę nad funkcjami sztucznej inteligencji?

Nie można ustalić

*Prywatność do nabycia osobno

Dowiedz się więcej

  • Congress to Investigate Data Brokers and Period Tracking Apps
    Vice Odnośnik otwiera się w nowej karcie
  • Consumers swap period tracking apps in search of increased privacy following Roe v. Wade ruling
    TechCrunch Odnośnik otwiera się w nowej karcie
  • The data flows: How private are popular period tracker apps?
    Surfshark Odnośnik otwiera się w nowej karcie
  • FemTech: My Body, My Data, Their Rules
    Eticas Foundation Odnośnik otwiera się w nowej karcie
  • Should You Really Delete Your Period Tracking App?
    Electronic Frontier Foundation Odnośnik otwiera się w nowej karcie
  • Fertility and Period Apps Can Be Weaponized in a Post-Roe World
    Wired Odnośnik otwiera się w nowej karcie
  • Should I delete my period app? And other post-Roe privacy questions.
    Vox Odnośnik otwiera się w nowej karcie

Komentarze

Masz uwagi? Podziel się nimi z nami.