The Bump Pregnancy Tracker & Baby App

Aviso: *Privacidade não incluída neste produto

The Bump Pregnancy Tracker & Baby App

Data da avaliação: 9 de Agosto de 2022

|
A Mozilla investigou por 8 horas
|

Opinião da Mozilla

|
Votos das pessoas: Assustador demais

Oof, The Bump Pregnancy Tracker & Baby app comes with some very bumpy privacy and security concerns for us. Which isn't great for an app that tracks all the pregnancy things like baby development, your growing bump, exclusive 3D interactive visualization of your baby's growth, pregnancy symptoms, doctors visits, and more. The Bump also says it offers the "largest catalog of baby products and reviews across all major retailers" which sure sounds like it's going to try and sell you lots of baby stuff. While The Bump website and pregnancy tracker app seem to provide expecting parents with a wealth of information, we worry all that information might be coming at the cost of your privacy. A good reminder that expecting parents are a ripe market for so many advertisers to target and sell products all across the web. Be careful out there expecting parents!

O que pode acontecer se algo der errado?

Reading The Bump's privacy policy was quite the bumpy ride! The Knot, the parent company of The Bump, has a privacy policy that covers all the apps and websites and it is quite the read. Honestly, if you want to see what a bad privacy policy looks like, this would be a good one to read. It's long, it's hard to follow, and it uses too many vaguely worded statements that start with "for example" and "may." If you don't want to read it, here's the tl;dr: The Bump collects a whole bunch of information, gathers even more information on you from data resellers and social media, uses and shares all the personal information for lots of things like lots of targeted, interest-based advertising, personalization, potentially sells your information, and doesn't really give users much control over their information. All in all, it sucks.

Let me break it down for you a little bit more. The Bump says they can collect a whole bunch of persona; information on you from lots of places. They can collect name, email address, postal address, precise location, phone number, wireless device address, gender, interests, lifestyle information, and hobbies, photos, videos, and of course all that personal health information you give the app like doctor visits, baby photos, symptoms, and more. The Bump also says they can collect information on you from third party sources like data resellers (brokers), social media sites, and public sources and combine that with all the other data they've collected on you. Yup, The Bump knows a whole lot about you. They love information!

What does The Bump say they can do with all this information they gather on your from all over the place? Well, share and potentially sell it. Which is bad. They say they can share your data with lots of third-party online advertisers and ad networks, all their business affiliates, service providers, and other third-party partners for marketing and to offer co-branded products or services. They share it with soooo many third-parties it's rather heads spinning. They also go on to say, "We may use Aggregate/De-Identified Information for any purpose, including without limitation for research and marketing purposes, and may also share such data with any third parties, including advertisers, promotional partners, and sponsors, in our discretion." Yikes! This practice always concerns us because it's been found to be pretty easy to re-identify such data, especially if location data is included.

So, basically, The Bump seems like it wants collect as much data on you as possible from as many sources as they like, take all your data and share it around to sooo many third-party advertisers and affiliates to make as much money off it as possible. Yuck! This is maybe not what you expect to happen with all your personal information when you are expecting? We sure hope not.

When it comes how The Bump says they can share data with law enforcement, yeah, that worries us a little too. Here's what they say in their privacy policy, " By using the Services, you acknowledge and agree that we may access, retain, and disclose the information we collect and maintain about you if required to do so by law or in a good faith belief that such access, retention or disclosure is reasonably necessary to: (a) comply with legal process or a regulatory investigation (e.g. a subpoena or court order)." Here at Mozilla we like to see companies clearly state they won't give up user data through voluntary disclosure, and they won't give up user data to law enforcement unless required to under subpoena (and even then, we like to see them commit to only giving up the bare minimum necessary). The Bump's privacy policy on this does mention subpoenas and court orders, which is good, but is also still a little too vaguely worded to be clear on this issue, in our opinion.

Let's not forget about those security concerns we found with The Bump. The app doesn't meet our Minimum Security Standards because we found we could log in with the weak password "111111". If you do use this app, please use a stronger password, as one won't be required as sign up. Also, we emailed the contact listed in The Bump's privacy policy four times with our privacy questions. We received no response from them so we are unable to tell if they use have a way to manage security vulnerabilities and use strong encryption in transit and at rest. Not good for an app that collects so much personal and health related information.

What's the worst that could happen with this app? Uhg, well, if you do use The Bump, count on see lots and lots of ads following you all around the internet trying to sell you lots of pregnancy and baby products. Which might be fine. It also might not be great for your mental health is you're a woman forced to carry a pregnancy to term that you don't want to because you live in a state where abortion is not legal. That could go very poorly.

Dicas para se proteger

  • When you no longer use the app, go to "Delete app data" in the app menu
  • Chose a strong password! You may use a password control tool like 1Password, KeePass etc.
  • Do not give access to your camera, files and media.
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images and videos)
  • Keep your app regularly updated
  • Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
  • mobile

Pode me bisbilhotar? informações

Câmera

Dispositivo: Não aplicável

Aplicativo: Sim

Microfone

Dispositivo: Não aplicável

Aplicativo: Sim

Rastreia localização

Dispositivo: Não aplicável

Aplicativo: Sim

O que pode ser usado para se inscrever?

Que dados a empresa coleta?

Como a empresa usa esses dados?

We ding this product as they may combine data with data from consumer data resellers. They also share some personal information to third parties, and It may be classified under California law as a “sale” of your Personal Information.

"Depending on what Services you use, we may provide the following categories of personal information to third parties for these purposes:
For online targeted advertising purposes: demographic and statistical information, user-generated content, device information and identifiers, connection and usage data, geolocation, and social media information.
For sharing with third parties to send you relevant offers and promotions: contact and account registration information; demographic and statistical information, user-generated content, and geolocation."

"For the purposes discussed in this Privacy Policy, we may combine the information that we collect through the Services with information that we receive from other sources, both online and offline, and use such combined information in accordance with this Privacy Policy." In particular, they are collecting data such as gender, interests, lifestyle, hobbies, etc. from consumer data resellers.

How the company says they may share data with law enforcement:

"By using the Services, you acknowledge and agree that we may access, retain, and disclose the information we collect and maintain about you if required to do so by law or in a good faith belief that such access, retention or disclosure is reasonably necessary to: (a) comply with legal process or a regulatory investigation (e.g. a subpoena or court order); (b) enforce our Terms of Service, this Privacy Policy, or other contracts with you, including investigation of potential violations thereof; (c) respond to claims that any content violates the rights of third parties; and/or (d) protect the rights, property or personal safety of TKWW, its agents and Affiliates, its users and/or the public. This includes exchanging information with other companies and organizations for fraud protection, and spam/malware prevention, and similar purposes."

Como você pode controlar seus dados?

We ding this product as not all users may be able to delete their data.

"Depending on the laws of your local jurisdiction, you may have certain rights and choices with respect to your information. For example, under local laws, you may be able to ask us to:
Provide access to certain information we hold about you
Update or correct your information
Delete certain information
Restrict the use of your information
We will consider all requests and provide our response within the time period stated by applicable law. "

The Bump stores and maintains your information for the purposes for which it is processed by them. The length of time for which they retain information depends on the purposes for which they collected and use it and/or as required to comply with applicable laws.

Qual é o histórico conhecido da empresa na proteção de dados dos usuários?

Médio

No known privacy or security incidents discovered in the last 3 years.

Informações de privacidade infantil

The Services are intended for general audiences and not for children under the age of 13.

Este produto pode ser usado offline?

Não foi possível determinar

Informações de privacidade fáceis de entender?

Não

Uhg, this privacy policy was not fun to read. It was long and hard to follow and full of vague statements.

Links para informações de privacidade

Este produto atende aos nossos padrões mínimos de segurança? informações

Não

Criptografia

Não foi possível determinar

Senha forte

Não

We managed to sign in with '111111'. There is at least a requirement of 6 digits.

Atualizações de segurança

Sim

Gerencia vulnerabilidades

Sim

Política de privacidade

Sim

O produto usa inteligência artificial? informações

Não foi possível determinar

Esta inteligência artificial não é confiável?

Não foi possível determinar

Que tipo de decisões a inteligência artificial faz sobre você ou por você?

A empresa é transparente sobre como funciona a inteligência artificial?

Não foi possível determinar

O usuário tem controle sobre os recursos da inteligência artificial?

Não foi possível determinar

*Privacidade não incluída

Mergulhe mais fundo

Comentários

Tem um comentário a fazer? Nos diga.