Ovia Pregnancy

Aviso: *Privacidade não incluída neste produto

Ovia Pregnancy

Data da avaliação: 9 de Agosto de 2022

|
A Mozilla investigou por 10 horas
|

Opinião da Mozilla

|
Votos das pessoas: Muito assustador

Ovia Health, which describes itself in a rather wonky way as "the digital platform transforming episodic care into continuous support while improving family wellbeing and fostering positive outcomes," offers up three apps to help you on your reproductive health journey. There's Ovia Fertility, Ovia Pregnancy, and Ovia Parenting.

Ovia's Pregnancy tracking app says its "personalized approach to tracking your baby's development gives you an app as unique as your pregnancy." Fun! It offers users things like realistic illustrations of your baby in the womb each week, baby size comparisons, health coaches, as well as the ability to track everything from weight, nutrition, and vitamins, to sleep, moods, and exercise. They even added a new baby names features that lets you swipe through baby names a "like" or "love" your favorites. Whee! The app is free to download and use but you'll need a sponsored employer/health plan to unlock the premium benefits. How does Ovia look from privacy perspective? Well, we didn't find too much to "like" there, but we do "love" that they clarify how they share data with law enforcement.

O que pode acontecer se algo der errado?

When people ask us here at *Privacy Not Included what we do for a living we often joke that we read privacy policies so you don't have to. Well, you all are going to be super, duper glad we read Ovia's Health App Privacy Policy (they have another one that doesn't cover their apps) because it is 34 pages long with nearly 12,000 words. YIKES! Also, you're welcome.

So, what did we find in Ovia's War and Peace of privacy policies? Well, some stuff that has us worried about your privacy, unfortunately. First, Ovia says they can collect a whole lot of personal information on you. Things like name, email address, location, advertising ID, IP address, data about your activity in the apps, date of birth, cycle type and length, date of last menstrual period, baby’s name or nickname, and expected due date, information you give to Ovia's coaches, and any health tracking data you submit which could include weight, period, moods, symptoms, and more. So, like most fertility tracking apps, Ovia collects a whole lot of personal and usage information. Ovia also has this line in their privacy policy, "For marketing purposes, we may collect personal data about you through social media or from third parties who provide marketing services to us." So yeah, Ovia has a lot of info on you.

How do they say they plan to use this information? Well, in the free consumer version of the app, to show you ads and sponsored content using an advertising profile they create on you (nothing is ever free, remember). Ovia does clarify that they will only share personal information that directly identifies with advertisers and sponsors if you opt-in. We're unsure how clear this opt-in process is, though, so be careful when using the app and don't opt-in to any data sharing that directly identifies you. Ovia also says they can use your information for personalization of content, to send advertising and marketing content, market their products and services, and to conduct clinical and scientific research.

Who does Ovia say they can share the information they collect on you with? Well, a number of third parties, advertisers, health providers and employers it seems. This line from their privacy policy really jumped out at us, "We use Facebook technology in our apps so that users can log on via Facebook. This allows Facebook to collect device information, and data relating to your engagement with our apps, whether or not you use the Facebook login feature. Facebook may use that data to personalize advertising to you, both on and off Facebook." It's no secret we here at *Privacy Not Included are not big fans of Facebook due to their lack of respect for everyone's privacy. The fact that Ovia says they allow Facebook to collect information on their users, whether or not you use the Facebook login feature, really irks us.

There are also some questions that linger about Ovia's data sharing with health providers and employers. In 2019, the Washington Post reported concerns about Ovia sharing health data with employers. According to their privacy policy, Ovia says, "If you receive Ovia as a benefit from your employer, we do not share your health data with your employer unless you expressly opt-in for a specific purpose; … However, we may share personal data with your employer health plan and their business associates, and with employee benefits management vendors, consistent with HIPAA or other privacy laws."
And in 2020, Consumer Reports reported on some concerns about privacy shortcomings period tracking apps, including Ovia, had when it came to the handling of the sensitive user data it can collect.

FInally, Ovia says they use personal information to create de-identified data that they can then use for research purposes. They also say they can use personal data to create aggregated analytic data and statistics which they may share or sell with third parties. Finally, the say they "may disclose or sell de-identified data derived from patient information (as defined by the California Consumer Privacy Act); if so, such patient information is de identified in accordance with HIPAA safe harbor or expert determination de identification requirements." We hope all this de-identified and aggregate data is handled properly so no one can ever be re-identified by their patient or personal data. However, we should mention that it has been found to be relatively easy to re-identify some anonymized data, especially if location data is included.

We do want to give credit where credit is due. Ovia does do a good job explaining how they will handle law enforcement and government requests for their users' data. The have a page on their site that outlines how they handle such data requests and it does all the things we like to see here at Mozilla. They indicate they won't voluntarily disclose users data, that they require valid and legally binding court orders such as subpoenas with clear requests for what data law enforcement is requesting, and that they won't provide data beyond the scope of the valid request and, when possible, will try to limit the scope of data provided. This is all great stuff in our post-Roe v Wade world. Good on you Ovia for providing this clarification.

What's the worst that could happen with Ovia. Well, Ovia does offer coaching services that happen online or over the telephone. And they say that "we collect the information you give to our coaches, which may occur online or through recording of telephone coaching sessions for quality control and monitoring purposes." They also say "your health coach and managers will access your personal data to help you. If you receive Ovia as a benefit from your health insurer or employer health plan, nurse care managers from your health plan (and your employer, if you opt-in to such data sharing) may also have access to your personal data." That's a lot of people who could potentially have access to some sensitive, personal information. Could that data be leaked or shared or accessed by an employee who shouldn't have access or, even worse, handed over to your employer if you weren't clear you were giving consent? It seems possible, if hopefully unlikely. Still, something to consider. And don't forget, Ovia is sharing data about you with Facebook. whether you like it or not. BOO!

Dicas para se proteger

  • If you receive Ovia as a benefit from your employer, do not opt in to sharing of your health data with your employer
  • When signing up from outside of US, do not give consent for Ovia and its advertising partners to use your location and personal data, including data about your health, fertility and pregnancy, to display personalized advertising! If you are from the US, better do not use this app.
  • Opt out of third party personalized advertising by going to the Settings menu of your Ovia app and selecting “Do Not Sell My Info” (for California users) or “Manage My Privacy Settings” (for non-US users). US-based non-California users better use another app.
  • Do not connect GoogleFit or Apple Health to the app
  • If you participate in coaching services, do not provide sensitive personal information, as the app collect the information you give to their coaches, which may occur online or through recording of telephone coaching sessions for quality control and monitoring purposes.
  • Do not sign in via Facebook - better sign in via email and password
  • Chose a strong password! You may use a password control tool like 1Password, KeePass etc
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images and videos, other files)
  • Keep your app regularly updated
  • Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
  • Request your data be deleted once you stop using the app. Simply deleting an app from your device does not erase your personal data.
  • mobile

Pode me bisbilhotar? informações

Câmera

Dispositivo: Não aplicável

Aplicativo: Não

Microfone

Dispositivo: Não foi possível determinar

Aplicativo: Não

Rastreia localização

Dispositivo: Não aplicável

Aplicativo: Sim

O que pode ser usado para se inscrever?

Facebook log-in possible

Que dados a empresa coleta?

Como a empresa usa esses dados?

We ding this product because they may share personal data with a user's employer health plan, because the app or their advertisement partners may use data on health, fertility and pregnancy for personalized advertising (in the US users must opt-out rather than opt-in). Also, the app collects all contents of coaching sessions for monitoring purposes. Finally, Ovia allows Facebook to collect device information, and data relating to your engagement with their apps, whether or not you use the Facebook login feature.

To use the app, a user must provide consent to Ovia's processing in the United States of their personal data, including data about health, fertility, pregnancy, sex life, and family circumstance. If you give consent, Ovia and its advertising partners may use your location and personal data, including data about your health, fertility and pregnancy, to display personalized advertising. This consent is opt-in only outside of US.

"If you are an Employer user, Ovia does not share your personal health data with your employer unless you expressly opt-in for a specific purpose. We may, in some circumstances consistent with HIPAA and other privacy laws, share personal data with your employer health plan, or with a third party business associate or vendor, and we may share limited identity information (such as name and date of birth) with your employer to verify your eligibility for Ovia benefits."

"We use Facebook technology in our apps so that users can log on via Facebook. This allows Facebook to collect device information, and data relating to your engagement with our apps, whether or not you use the Facebook login feature. Facebook may use that data to personalize advertising to you, both on and off Facebook as described in the Facebook Data Policy."

"If you participate in coaching services, we collect the information you give to our coaches, which may occur online or through recording of telephone coaching sessions for quality control and monitoring purposes. "

"To provide the Consumer version of the Services for free, we sell advertising. To do that, we share indirect identifiers such as the Advertising ID of your device and the advertising targeting criteria relevant to you with our advertising management platform. We also share the Advertising ID of your device with advertisers, advertising platforms and advertising technology providers to allow them to measure and track ad performance."


How the company says they may share data with law enforcement:

"Ovia may access, use and preserve data to comply with law, in anticipation of litigation, for security management and investigation, or to protect the rights or property of Ovia or third parties, even if the data is subject to a deletion request from you. We may also provide information to law enforcement or authorities to protect the safety of users of the apps or others."

Como você pode controlar seus dados?

We ding this app for not being clear about the retention details. And for giving no controls over personalized ads for users in the US outside of California residents. And for retaining of personal data as permitted by applicable law to maintain proper business records even if you exercise your rights to delete data.

"Ovia may access, use and preserve data to comply with law, in anticipation of litigation, for security management and investigation, or to protect the rights or property of Ovia or third parties, even if the data is subject to a deletion request from you. We may also provide information to law enforcement or authorities to protect the safety of users of the apps or others."

You can opt out of third party personalized advertising by going to the Settings menu of your Ovia app and selecting “Do Not Sell My Info” (for California users) or “Manage My Privacy Settings” (for non-US users). For other users, that is, US- based users from outside of California, the app provides no advertisement controls.

You can permanently delete your data and your account in the app. You can also email Ovia at [email protected] to exercise these rights and any other data subject rights provided by law.

If you are a Consumer user, Ovia store your data for the period that your account is active and then for a further period in case you return to use the Services again. After this retention period ends, they will delete your data. The length of the period is unclear.

If you are an Enterprise user, Ovia may be required to delete your data after your Enterprise benefits end. They will notify you before your data is deleted and, where possible, offer you the opportunity to convert your account to a Consumer account and retain your data.

The app provides certain privacy rights, including the rights to correct or delete data. However, they say that "even if you exercise your rights described above, Ovia may retain personal data as permitted by applicable law and to maintain proper business records."

Qual é o histórico conhecido da empresa na proteção de dados dos usuários?

Médio

In 2019, the Washington Post reported criticism of Ovia Health for sharing data — though de-identified and aggregated — with employers, who could purchase the period- and pregnancy-tracking app as a health benefit for their workers. People using the employer-sponsored version must currently opt in for this kind of data-sharing.

Informações de privacidade infantil

The Services are not available to children under 13 or who otherwise require parental consent under applicable law to use the Services or provide personal information to Ovia. Ovia does not collect personal data from children under 13. Ovia does not show advertising to any user under the age of 16. Parents and guardians may include personal data about their baby or child in their Ovia account; the parent or guardian is responsible for ensuring they have the legal right to do so.

Este produto pode ser usado offline?

Sim

Informações de privacidade fáceis de entender?

Não

Ovia's Health Apps Privacy Policy is 34 pages long with nearly 12,000 words. Reading it is not easy and is quite time consuming.

Links para informações de privacidade

Este produto atende aos nossos padrões mínimos de segurança? informações

Sim

Criptografia

Sim

Senha forte

Sim

Atualizações de segurança

Sim

Gerencia vulnerabilidades

Sim

Ovia Health does not offer a bug bounty program. Vulnerabilities can be reported to [email protected].

Política de privacidade

Sim

O produto usa inteligência artificial? informações

Não foi possível determinar

Esta inteligência artificial não é confiável?

Não foi possível determinar

Que tipo de decisões a inteligência artificial faz sobre você ou por você?

A empresa é transparente sobre como funciona a inteligência artificial?

Sim

Details on their algorithm can be found here: https://www.fertstert.org/article/S0015-0282(19)30432-7/fulltext

O usuário tem controle sobre os recursos da inteligência artificial?

Sim

Members are able to accept, decline, or change the fertile window predictions presented to them by the AI algorithm.
*Privacidade não incluída

Mergulhe mais fundo

  • What Your Period Tracker App Knows About You
    Consumer Reports O link é aberto em uma nova aba
  • Supreme Court overturns Roe v. Wade: Should you delete your period-tracking app?
    TechCrunch O link é aberto em uma nova aba
  • The data flows: How private are popular period tracker apps?
    Surfshark O link é aberto em uma nova aba
  • Here’s What Period Tracking Apps Say They Do With Your Data
    Vice O link é aberto em uma nova aba
  • ‘Delete every digital trace of any menstrual tracking’: Are period-tracking apps safe to use in a post-Roe world?
    MarketWatch O link é aberto em uma nova aba

Comentários

Tem um comentário a fazer? Nos diga.