Glow & Eve by Glow

Aviso: *Privacidade não incluída neste produto

Saúde reprodutiva Monitores de ciclo de menstruação e ovulação

Glow & Eve by Glow

Glow Inc
WiFi

Data da avaliação: 9 de Agosto de 2022

|
A Mozilla investigou por 8 horas
|

Opinião da Mozilla

|
Votos das pessoas: Assustador demais

Glow Inc makes four different sex, period, fertility, ovulation, pregnancy, and baby tracking apps they say cover everything from "period to parenting." There is Glow (fertility), Nurture (pregnancy), Baby (babies), and Eve by Glow (period & sex life). All four apps use the same privacy policy.

Glow's two period/fertility/sex tracking apps say they give you things like a period tracker, sex & health log, fertility calendar, health log, sex quizzes, PMS symptom and mood tracking, ovulation calendar, community forums, and more. That's a whole lot of personal, sensitive health data they collect to help users get pregnant, not get pregnant, or just know more about their reproductive health. So, does Glow glow when it comes to protecting their users' privacy? Not exactly. Heck, not even close.

O que pode acontecer se algo der errado?

Uhg, Glow. This will not be a glowing review because Glow raises a whole lot of privacy concerns for us. Where to start?

There's the big old bunch of trouble they got into back in 2020 after Consumer Reports found lots of problems with Glow's privacy and security. And then California settled with them in a case where they were allegedly failing to "adequately safeguard health information," "allowed access to user's information without the user's consent," and had security problems that "could have allowed third parties to reset user account passwords and access information in those accounts without user consent." Very very bad.

And then there's the dishonesty this privacy researcher was really irked by when she reviewed the data privacy information the company shared on its Google Play store data safety page. There they make the claim: "No data shared with third parties. The developer says this app doesn't share user data with other companies or organizations." This claim is easily shown to be false with a read of their privacy policy where they outline sharing data with lots of third party advertisers, business partners, and professional advisors (which seems way beyond the scope of what Google says constitutes what needs to be declared for data sharing.) Misleading and dishonest data safety claims are a HUGE pet peeve of us here at *Privacy Not Included. Unfortunately, with what we've seen so far on Google's new Play store data safety information pages, this self-reported data from companies is too often inaccurate. Glow isn't the only one making misleading claims there.

Glow does state clearly in their privacy policy that they can collect a whole bunch of personal, usage, and health information on their users. Things like name, email, precise location, spouse's name, sexual orientation, health care providers' names, child information, mood, medications, and, of course, sexual activity, fertility, and menstrual cycle information. That's a whole lot of information they can collect, which is not surprising. They are an app designed to do that. What is surprising is when an app that knows they are collecting this much super sensitive, personal, and health related data then goes on to say they can use some of the data for targeted, interest-based advertising purposes or share with "professional advisors" which they say can include "lawyers, auditors, bankers and insurers," or their vague list of affiliates which can include "corporate parent, subsidiaries, and affiliates." That's a lot of potential data sharing with a lot of potential third parties.

Glow also states in their privacy policy that they can collect even more information about you from third-parties sources such as social media and combine that with what they collect on you. They say, "We may combine personal information we receive from you with personal information we obtain from other sources, such as social media accounts ..." This is where we remind you to never, ever log into an account with a social media login like Facebook. It's bad privacy news where even more of your data can be shared with both the social media site and the company. Glow is also a little too vague for our liking in that statement about collecting data from third parties sources. They say they "may" combine data from third party sources "such as" social media accounts. Which seems to indicate to us they could also being collecting data from other third parties sources, for example, data brokers or public sources. Gross.

All of these are some serious privacy red flags we aren't happy about at all. And then there is the question of how Glow says they might share your information with law enforcement. Their privacy policy mentions that in a couple of places where they say, "We may use your personal information to ... comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities." And they say they may share your personal information with "Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes..." This leaves us feeling wary as it seems to indicate Glow might give up a users' data through voluntary disclosure, which is a policy we really don't like here at Mozilla. We much prefer when companies state they won't give up user data to law enforcement unless required to under subpoena, and even then, we like to see them commit to only giving up the bare minimum necessary.

What's the worst that could happen with Glow? Way too much, we're afraid. We'd say this product comes with *Privacy Not Included and recommend you look elsewhere for a privacy protecting period and fertility tracking app. We just don't believe users can or should trust Glow to respect and protect their privacy, no matter what the company states on Twitter or in a press response.

Dicas para se proteger

  • Enable multi-factor authentication to protect your account
  • In the app settings under "Personal privacy security and data" make sure to uncheck the box for "Internet-based ads."
  • Do not connect Samsung Health, GoogleFit or Apple Health or other wearables to the app.
  • Chose a strong password! You may use a password control tool like 1Password, KeePass, etc.
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your precise location, camera, microphone, images and videos, other files).
  • Keep your app regularly updated.
  • Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization).
  • Request your data be deleted once you stop using the app. Simply deleting an app from your device does not erase your personal data.
  • mobile

Pode me bisbilhotar? informações

Câmera

Dispositivo: Não aplicável

Aplicativo: Sim

Microfone

Dispositivo: Não foi possível determinar

Aplicativo: Sim

Rastreia localização

Dispositivo: Não foi possível determinar

Aplicativo: Sim

O que pode ser usado para se inscrever?

Que dados a empresa coleta?

Como a empresa usa esses dados?

We ding this product for sharing personal data for advertisement. Their use of some of services may be classified under California law as a “sale” of your Personal Information. We also ding this product for saying they may combine personal data they receive about your with personal data from third party sources, such as social media.

"We, our service providers and our third party advertising partners may collect and use your personal information for the following marketing and advertising purposes: Direct marketing. [...] Interest-based advertising. [...]

"We may engage third-party advertisers or advertising companies to display ads on our Service and other online services. We may also share names, email addresses and device identifiers our users with these companies to facilitate interest-based advertising to those or similar users on other online platforms."

"We may share your personal information with the parties below, with other third parties with your consent, and as otherwise described in this Privacy Policy or at the time of collection: Affiliates. Our corporate parent, subsidiaries, and affiliates, for purposes consistent with this Privacy Policy. Advertising partners. Third party advertisers and advertising companies for the interest-based advertising purposes described above. Advertisers whose ads are posted on our Service may be able to infer information about you when you click on those ads (e.g., that you have a newborn if you click on an ad about a newborn product). Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us."

"Our use of some of these services may be classified under California law as a “sale” of your Personal Information."

"We may combine personal information we receive from you with personal information we obtain from other sources, such as social media accounts that you use to log into or connect to the Service, which will allow us to collect the information you chose to make available in your settings on that social media account. "

How the company says they may share data with law enforcement:
"We may use your personal information to: comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities; protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above. "

Como você pode controlar seus dados?

We ding this app because it is unclear if every user can get their data deleted. Also, we emailed the email address provided to request data deletion multiple times with our privacy questions, however we received no answers to our questions, so we're uncertain how much users should trust using this email for data deletion requests.

"You may request to delete the personal information you have provided through the Service by emailing [email protected]. " - We should note, we emailed that address four times with our privacy related questions and never received any response.

"We generally retain personal information to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes. To determine the appropriate retention period for personal information, we may consider factors such as the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

When we no longer require the personal information we have collected about you, we may either delete it, anonymize it, or isolate it from further processing. "

The app settings allow to delete your account.

Qual é o histórico conhecido da empresa na proteção de dados dos usuários?

Ruim

In 2020, California settled with Glow app over alleged violations of California’s Confidentiality of Medical Information Act (“CMIA”), the Unfair Competition Law (“UCL”), and the False Advertising Law (“FAL”). In addition to a $250,000 civil penalty, the settlement included injunctive terms that require Glow to comply with state consumer protection and privacy laws, and a first-ever injunctive term that requires Glow to consider how privacy or security lapses may uniquely impact women.

The Attorney General's complaint alleged the Glow app:
- Failed to adequately safeguard health information;
- Allowed access to user’s information without the user’s consent; and
- Additional security problems with the app's password change function could have allowed third parties to reset user account passwords and access information in those accounts without user consent.

Already in 2016, a Consumer Reports investigation singled out Glow Inc. for privacy and security flaws.

Informações de privacidade infantil

The Service is not intended for use by children under 16 years of age. If the app provider learn that they have collected personal information through the Service from a child under 16 without the consent of the child’s parent or guardian as required by law, they will delete it.

Este produto pode ser usado offline?

Sim

Informações de privacidade fáceis de entender?

Não

Links para informações de privacidade

Este produto atende aos nossos padrões mínimos de segurança? informações

Sim

Criptografia

Sim

Senha forte

Sim

Atualizações de segurança

Sim

Gerencia vulnerabilidades

Sim

You can submit vulnerabilities here: https://glowing.com/security. Glow shares more information for security researcher on a security page on their website.

Política de privacidade

Sim

O produto usa inteligência artificial? informações

Sim

Glow predicts women's chance/risk of pregnancy with machine-learning technology.

Esta inteligência artificial não é confiável?

Não foi possível determinar

Que tipo de decisões a inteligência artificial faz sobre você ou por você?

Perceived chance to get pregnant

A empresa é transparente sobre como funciona a inteligência artificial?

Não

We found no sources/white papers about how their AI algorythms work

O usuário tem controle sobre os recursos da inteligência artificial?

Não

We found no AI controls in the app
*Privacidade não incluída

Mergulhe mais fundo

  • Serious Privacy Flaws Discovered In Glow Fertility Tracker App
    TechCrunch O link é aberto em uma nova aba
  • Glow Pregnancy App Exposed Women to Privacy Threats, Consumer Reports Finds
    Consumer Reports O link é aberto em uma nova aba
  • Attorney General Becerra Announces Landmark Settlement Against Glow, Inc. – Fertility App Risked Exposing Millions of Women’s Personal and Medical Information
    State of California Department of Justice Office of the Attorney General O link é aberto em uma nova aba
  • California Settles with Glow App Over Alleged Privacy and Security Violations
    WilmerHale O link é aberto em uma nova aba
  • Supreme Court overturns Roe v. Wade: Should you delete your period-tracking app?
    TechCrunch O link é aberto em uma nova aba
  • ‘Delete every digital trace of any menstrual tracking’: Are period-tracking apps safe to use in a post-Roe world?
    MarketWatch O link é aberto em uma nova aba
  • Forget Tracking Your Period—Your Period (App) Is Tracking You
    Marie Claire O link é aberto em uma nova aba
  • Fertility and Period Apps Can Be Weaponized in a Post-Roe World
    Wired O link é aberto em uma nova aba
  • The data flows: How private are popular period tracker apps?
    Surfshark O link é aberto em uma nova aba
  • Supreme Court overturns Roe v. Wade: Should you delete your period-tracking app?
    TechCrunch O link é aberto em uma nova aba

Comentários

Tem um comentário a fazer? Nos diga.