Preglife Pregnancy App

Ostrzeżenie: *Prywatność dla tego produktu do nabycia osobno

Preglife Pregnancy App

Preglife AB
Wi-Fi

Data recenzji: 9 sierpnia 2022

|
|

Według Mozilli:

|
Według użytkowników: Trochę przerażające

The good news with the Preglife Pregnancy tracking app — which has things like a contraction counter, pregnancy journal, week to week baby development, tips for pregnant women and their partners, photos of the growing baby, and much more — is that it is created by a Sweden-based company. That means stricter privacy laws are the default thanks to Europe's stricter privacy law known as GDPR. According to Preglife, this app is "used by 90% of mothers-to-be in Sweden" and Sweden has "an almost zero maternal death rate." All that sounds great! And this app does seem to do well from what we can tell from a privacy perspective. However, we had to give it our *Privacy Not Included warning label because it doesn't meet our Minimum Security Standards because it has a fairly weak password requirement. That's a bummer because it has one of the better privacy policies we've read for pregnancy apps.

Co się może stać, jeśli coś pójdzie nie tak?

As a privacy researcher, it sure is nice (and rare) to read a privacy policy where you can tell the company is trying to actually protect their users' privacy. Preglife's privacy policy is solid. This Sweden-based company does seem to care about, and think through how to protect, their users' privacy. They say they will never share or sell any of your data to third parties unless required to by law or as stipulated in a short list of instances in their privacy policy. We'd love to see that "as required by law" statement clarified a bit more to make it clear they won't do any voluntary disclosure of information to law enforcement. We also understand that at company based in Sweden is potentially going to be less likely to share data with US law enforcement under most circumstances (we hope!).

All in all, Preglife's privacy policy doesn't worry us too much. The best part is they say that users can chose to not register for an account and still use the app. This means that all the personal information you enter into the app will be stored locally on your device and not be processed by Preglife. That's great! It does mean that you won't be able to access that data from another device or retrieve it if it gets accidentally deleted. These feel like small trade-offs to make to protect your personal information though. If you do chose to register for a Preglife account, Preglife says to their Google Play store data safety page they can collect things like email address, user ID, address, and phone number and share that data with third-parties for account management, but hopefully not for advertising purposes.

Preglife's privacy policy also has an entire section on consent, which is amazing and another rare thing to find in privacy policies these days, from our experience. They make it clear when and for what consent is required, which is super nice. Because users can enter a good amount of personal information into Preglife if they chose. Things like email address, estimated due date, data about your child like birth date and age, pictures, pregnancy diary notes, and more. Fortunately, users can choose to not register with the app and keep all this personal information stored locally on their phone where Preglife won't process it.

They do say they "may share aggregate demographic information about Preglife members with third-party organizations and companies as well as with the authorities, Such information cannot be used to identify individual Users" and "We may also share information at aggregate levels with third parties that carry out analyses on our behalf." This is fairly common and aggregate demographic data is, hopefully, better than de-identified user data. Still, it's a good time to slip in this reminder that it has been found to be pretty easy to de-anonymize data, especially if location data is included.

Unfortunately, Preglife does slip up when it comes to their security practices. When we downloaded the device, we found we were able to create and login with the weak password "111111". That's not great. We would love to see them require a stronger password and if you do use this app, please use a stronger password. This weak password requirement, as well as the fact that we were unable to confirm they use encryption at transit and at rest and they have a way to manage security vulnerabilities, means they don't meet our Minimum Security Standards. We did email them four times asking for answers to our privacy-related questions at the address listed in their privacy policy. Unfortunately we never heard back from them, which is a bummer, we love to see companies be more responsive to privacy-related questions from both us and from their users.

What's the worst that could happen with Preglife? Well, we'd hate to see a user download this app because the company does seem to do pretty good with respecting their users' privacy, set the app up and use "111111" as a crappy, weak password, the phone falls into the wrong hands after a miscarried pregnancy, and someone is able to guess the password, access all that personal information, and use against it against someone to raise questions about why their pregnancy ended. No one needs that after the tragedy of a miscarriage. We really hope that never happens! Please always use strong password people!

Wskazówki, jak się chronić

  • Choose not to register yourself as a User. You can still access and use the app, however, all data will be stored locally and personal information will not be processed by Preglife. The only downside is you will not be able to access the data saved to an account on another device.
  • When you no longer use the app, go to "Delete account" in the app menu
  • Never enter data for another user in the app without their consent
  • Chose a strong password! You may use a password control tool like 1Password or KeePass
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images and videos)
  • Keep your app regularly updated
  • Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
  • mobile

Czy może mnie podsłuchiwać? informacje

Aparat

Urządzenie: Nie dotyczy

Aplikacja: Nie

Mikrofon

Urządzenie: Nie dotyczy

Aplikacja: Nie

Śledzi położenie

Urządzenie: Nie dotyczy

Aplikacja: Nie

Czego można użyć do rejestracji?

Jakie dane zbiera ta firma?

Jak ta firma wykorzystuje te dane?

Preglife says they "will never, under any circumstances, sell or share any data from Preglife to third parties unless required of us by law or otherwise stipulated in this Clause 10." Clause 10 outlines some small instances where they could share data.

They may share aggregate demographic information about Preglife members with third-party organizations and companies as well as with the authorities. Such information cannot be used to identify individual Users. The information contains statistics related to data traffic, for instance.

They may also share information at aggregate levels with third parties that carry out analyses on Preglife's behalf in order to improve the services that they provide.

"When you register yourself, an Account is created for you and you become User. As User, you can access your Account from other devices and the information is stored with us (as well as on local devices that you login on). If you have not registered yourself, information is stored only on your device. This means that we do not process your personal data, but it also means that you cannot access your account from elsewhere or get help to recreate data that you have mistakenly deleted."

Jak możesz kontrolować swoje dane?

Personal data will be stored until such time as there is no longer any legal basis. The same data can be processed on different bases and will therefore be deleted when all bases are irrelevant.

You can exercise the right to delete your data.

Jaka jest znana historia tej firmy w zakresie ochrony danych użytkowników?

Średnia

No known privacy or security incidents discovered in the last 3 years.

Informacje o prywatności dziecka

Unknown

Czy ten produkt może być używany bez połączenia z siecią?

Tak

Przyjazne dla użytkownika informacje o prywatności?

Tak

Odnośniki do informacji o prywatności

Czy ten produkt spełnia nasze minimalne standardy bezpieczeństwa? informacje

Nie

Szyfrowanie

Nie można ustalić

According to self-reported information from the company in the Google Play store, this app encrypts data in transit. We were unable to confirm they encrypt any data they store on you at rest on their servers.

Silne hasło

Nie

Managed to log in with '111111'. There is at least a requirement for 6 digits minimum.

Aktualizacje zabezpieczeń

Tak

Zajmuje się problemami z bezpieczeństwem

Nie można ustalić

Zasady ochrony prywatności

Tak

Czy produkt wykorzystuje sztuczną inteligencję? informacje

Nie można ustalić

Czy tej sztucznej inteligencji nie można ufać?

Nie można ustalić

Jakie decyzje sztuczna inteligencja podejmuje o Tobie lub za Ciebie?

Czy firma jest przejrzysta w kwestii działania sztucznej inteligencji?

Nie można ustalić

Czy użytkownik ma kontrolę nad funkcjami sztucznej inteligencji?

Nie można ustalić

*Prywatność do nabycia osobno

Komentarze

Masz uwagi? Podziel się nimi z nami.