These Period Tracker Apps Say They Put Privacy First. Here’s What We Found.
With growing concern about reproductive health privacy, CR’s Digital Lab evaluated the protections offered by Drip, Euki, Lady Cycle, Periodical, and more
If you use an app to track your menstrual cycle, you may enjoy the sometimes spot-on predictions about when your next period is coming. But your period-tracking app doesn’t just offer insight. It gathers a lot of data about you along the way, too—maybe even more than you know.
Period tracker apps collect deeply personal information that can include how often you have sex, whether you are trying to have a baby, if you get pregnant, and if you experience a miscarriage. When Consumer Reports last evaluated period tracker apps in 2020, our Digital Lab, which tests how well products and services protect consumers’ privacy, found that the five apps we evaluated—which all store users’ data in the cloud—provided no guarantee that this information would not be shared with third parties, even when users thought they were anonymous.
These lax privacy protections have long been a concern because users’ data can be used to target them with ads, or even possibly to determine life insurance coverage or loan interest rates. Now, after the leaked draft of a Supreme Court majority opinion overturning Roe v. Wade—which would end the constitutional right to an abortion—many app users may be newly worried that data about their fertility, missed periods, and more could be used against them in criminal and civil proceedings as circumstantial evidence that they’ve had an abortion. Some people who have miscarriages could also be implicated, because “miscarriages are often conflated with induced abortions in the . . . law,” according to the Kaiser Family Foundation, and even insurers sometimes code them as such. These privacy concerns are set against the backdrop of newly restrictive abortion laws in some states, some of which are in effect now and some of which could take effect when the Supreme Court decision is final.
What We Found
**An iOS version of Drip will be available starting in August 2022.
Our testing was led by Fitzgerald, who has worked on issues related to data privacy and security for more than 15 years and has designed multiple privacy evaluation systems. The testing plan was developed by Fitzgerald, along with CR’s Brookman, an attorney who has worked on privacy issues for 15 years and was previously chief of the Internet Bureau at the New York Attorney General’s office and policy director at the Federal Trade Commission’s Office of Technology, Research, and Investigation, and Yael Grauer, deputy editor with CR’s Digital Lab, who is the lead content creator of CR’s Security Planner, serves as a board member of the CyberMed Summit, and has covered police surveillance, data brokers, and other privacy and security issues for more than a decade.
Fitzgerald analyzed the privacy policies of these apps and ran automated tests that examined selected parts of the source code. Our evaluation was looking for a few key features that offer the strongest protections a period tracking app can provide for consumers worried about the privacy of their data.
Local data storage: When your data stays on your phone or tablet, the company can’t sell it, share it with third parties, hand it over in response to a legal request, or expose it in the case of a security breach at the company.
Not allowing third-party tracking: Third-party trackers allow companies other than the app-maker to collect data about your activity for purposes such as optimizing app performance or targeting you with ads. Refraining from using any of these trackers is a critical privacy protection. When your data reaches a third-party company, it can be traded, shared, or sold repeatedly, with no realistic way for you to ever find out where it has gone or to ask for it to be deleted.
Transparency reports: Some companies, such as Google and Meta, publish what are known as transparency reports as a measure of accountability to the public. These are designed to publicly disclose information about issues such as threats to user privacy and how the company responds to data access requests. They typically report the number of government requests the company received for data, whether data was provided, and whether users were informed.
Of the eight services we looked at, three—Drip, Euki, and Periodical—offer the two main features we were looking for: local data storage and no third-party tracking. Unfortunately, none of the services we evaluated issue transparency reports right now.
We also checked for a few other privacy features, although these aren’t as crucial as the three discussed above.
Pseudonymous accounts: Being able to use a pseudonym can be advantageous in case there is a security breach and the information is leaked. But not requiring real names, email addresses, and phone numbers is not as strong a privacy measure as the local-only storage features we’ve identified on some of the apps we tested, CR experts say, because even information linked to a pseudonym can be tied back to you in other ways.
No location tracking: Location data could be shared with third parties and could potentially find its way into a legal proceeding—if you go to an abortion clinic, for example. Common tools known as geofence warrants are already used by law enforcement in many states, according to the Harvard Law Review. In these warrants, police simply specify a location and period of time around which a crime occurred, and companies are required to hand over information from their databases about whose cell phones were in that area during the specified time, unless they successfully challenge the warrant in court. From a functional perspective, there’s also no reason a period tracking app should need to know your location. None of the eight services we evaluated ask for permission to access the user’s location via the phone’s GPS, though there are other ways of inferring location—see below for more details.
Data deletion rights: Companies should offer a clear way to delete any data about you that the service has stored. That’s a central tenet of the Digital Standard, a set of benchmarks by which CR evaluates whether digital products are respectful of consumer privacy rights. For the three apps that don’t store your data remotely and don’t use third-party trackers, a data deletion policy isn’t necessary, because you have all your own data on your device and don’t need the company to delete it for you. The other services offer varying levels of control over when your data is deleted and how completely, but none offer as complete a data deletion right as our experts would have liked to see.
Overall, three apps emerged as having superior privacy practices: Drip, Euki, and Periodical. Neither Drip nor Periodical is available for iOS, though Drip told CR it expects to release an iOS version in August 2022.
Euki is available for both iOS and Android, though it was the only one of those three that doesn’t offer a period prediction feature, which many users may want. A clause in its terms of service stating that the company reserves the right to modify the app or services at any time without notice could potentially lead users to believe that important protections like local storage of data could be eliminated without notice. A spokesperson for the company confirmed that it doesn’t have the capacity to gather users’ data and store it remotely, so it could not change that practice—good news for consumers. Euki also recently updated the publicly available policies on its website to match the more detailed ones on the app, in response to feedback from CR’s experts.
Though Lady Cycle mainly uses local storage and its marketing materials say user data is never shared with third parties, our analysis found that the app does have a single third-party tracker enabled. This tracker, Google Firebase Analytics, provides info to the app maker on how people use the app. This sort of tracker “can be used well, or it can be used poorly,” says Fitzgerald, CR’s researcher who led the testing. “Firebase is a well-known analytics provider and is generally less worrisome than some other third-party trackers.” Lady Cycle did not respond to CR’s request for comment.
We also reached out to the companies that make apps with third-party trackers and remote storage to get their take on our results, as well as any future plans they may have for their products in light of the pending Supreme Court decision. Period Tracker referred us to its blog, which says the service can be used with local-only storage if users don’t create an online account. In the blog post, the company suggested that it would not comply with a subpoena designed to convict someone for having an abortion. “We would rather close down the company than be accomplice to this type of government overreach and privacy violation,” the company’s post states.
Flo told us that remote storage of data is necessary to support the algorithms that fuel its cycle prediction features, and to respond to frequent requests for data restoration. Denae Thibault, a senior communications manager at Flo, told CR in an email that third-party tracking “benefits the user because we use that information to analyze what our users want from the app and what they find helpful and informative.”
The co-founders of Fertility Friend told CR in an email that they store data remotely to provide features like data syncing between devices, but only store the “minimum data to render the service our members expect. For example we do not store their name, address or location.” When a user closes their account, the company used to delete their data within 30 days; under a recently updated policy, that deletion will now be completed in less than seven days.
CR did not hear back from Period Calendar.
What Are the Risks?
Often, when privacy experts (including those here at CR) speak about the problems with having all kinds of information about you shared without your knowledge or understanding of who’s receiving it, the harms can seem somewhat abstract. After all, it may feel mildly creepy but not directly threatening when, for example, you’re targeted with specific ads based on your online activity.
However, that calculation has changed somewhat, in light of increased restrictions on abortion now in place in certain states and the impending criminalization of abortion in those states and others if Roe v. Wade is overturned. “If ever there was a concrete example of the harms, boy do we have one,” says Leah Fowler, research director at the Health Law & Policy Institute and research assistant professor at the University of Houston Law Center.
If this summer’s Supreme Court decision on Dobbs v. Jackson Women’s Health Organization is similar to the draft opinion leaked in May, Roe v. Wade would be overturned and abortion will become illegal in at least 13 states almost immediately. It could also potentially become illegal in more states where pre-Roe abortion bans are still on the books, according to the Guttmacher Institute, a reproductive health research and advocacy organization. The concern, then, says Irina Raicu, director of the internet ethics program at the Markkula Center for Applied Ethics at Santa Clara University in California, is that prosecutors will be able to use data from period tracking apps (or other online data) showing that someone was getting a period at one point—and then later wasn’t getting it—as evidence suggesting that they may have had an abortion.
“Since the advent of Roe v. Wade, we’ve built an entire surveillance state in which every person is carrying a tracking device in their pocket,” says Eva Galperin, director of cybersecurity for the Electronic Frontier Foundation. “This potentially gives away a lot of information about people who may become pregnant, people who have become pregnant, and people who are seeking abortion services.” That’s a huge amount of data that wasn’t available in the 1970s when Roe v. Wade was decided. “What that enables individuals and law enforcement to do is to essentially create an entire dragnet of people who are seeking abortion services,” Galperin says.
Law enforcement using data about digital activity to build a case has ample precedent. According to a 2020 University of Baltimore Law Review article, “Across the U.S., police and prosecutors conducted at least 50,000 extractions of digital devices between 2015 and 2019 for a wide range of crimes including graffiti, shoplifting, marijuana possession, car crashes, vandalism, parole violations, public intoxication, prostitution, grand larceny, promoting prostitution, petit larceny, fraud, trafficking, drug possession, unlawful disclosure of an intimate image, unlawful surveillance, and more.” The law review article also cites two cases in which women were reportedly indicted or even convicted of crimes against their fetuses based in part upon online search activities or text messages indicating they were seeking out information on abortion drugs.
Laws like those in Texas mean it might not only be law enforcement seeking to acquire data on people’s online activity, says Raicu at Santa Clara University. “There are valid concerns that with the laws that now incentivize people to sue other citizens, that there might be ways [for private citizens] to get this information from period tracking apps,” Raicu says.
Some Best Practices
The apps we found to have strong privacy practices—Drip, Euki, and Periodical—are an exception to the prevailing norms of data sharing across the Internet. Our experts say these offer a reasonable alternative for people who want to use a period tracking app without putting their data at risk.
In general, whether using period tracking apps or other digital tools, it’s a good idea to minimize the amount of data that you share to avoid having that data used against you in ways you did not anticipate, whether by criminals, companies, or law enforcement. Here are a few important tips to help protect you.
Know your rights. A major advantage of Drip, Euki, and Periodical is that they store data locally on your phone rather than in the cloud. In most cases, police need a warrant in order to search your phone, which is generally a higher bar to clear than to purchase data from a data broker, or even to subpoena a company for its collected data. And note that HIPAA, the federal health information privacy law, doesn’t apply to period tracking apps.
Delete your data. Storing data locally isn’t a total guarantee that the data your app collects could never end up in the hands of someone else. Backups can undermine that protection, so you should be wary of backing up sensitive data to the cloud. Regularly deleting your period-related data is another wise strategy to protect your privacy.
Limit location sharing. “Location data is poorly protected, is easily obtainable even by commercial entities, and can give away a lot of information about a person,” Galperin says. Even though the apps we recommend don’t track or share your location, your phone still could be doing so. See CR’s detailed guide on how to protect your location information.
Keep your communications encrypted. Texts and emails can also be a major source of potentially incriminating evidence against people in many types of cases. End-to-end encryption—which means only the sender and receiver can access the contents of a message—can protect these communications. Consider using messaging services that offer end-to-end encryption by default, such as Signal. It’s best to use them as a matter of course, rather than only when discussing sensitive topics, Galperin says. CR’s privacy advocates have also urged lawmakers to vote against the EARN IT Act. If that passes, it would undermine the critical protections provided by encrypted messaging.
Protect your search data. Like your location data, your search and web browsing history could also potentially be used against you. A number of strategies for protecting your browsing data are available, including using a more private web browser (such as DuckDuckGo) or tracking blockers, such as uBlock Origin. Using a trustworthy VPN is also a good strategy. “Two VPNs that stand out in our privacy and security testing are Mullvad and IVPN,” says Grauer at CR’s Digital Lab. Here’s CR’s full guide to VPNs to help get you started.
The Electronic Frontier Foundation also offers an extensive guide with many more strategies for protecting your search history and online activity. And CR’s Security Planner can help you figure out how to keep your data more private.
Go analog. Of course, you always have other options for period tracking, including forgoing the use of an app. Pen and paper is a good option. You could also use a spreadsheet like Microsoft Excel or LibreOffice Calc (a free, open-source spreadsheet program). But avoid cloud-based services like Google Sheets.
More Action Needed
While it’s important for individuals to take precautions to protect the privacy of their period and other health data, the experts we spoke with stressed that the responsibility to protect people’s reproductive privacy shouldn’t be on individuals alone.
It’s great when consumers are able to do their due diligence and find an app that’s doing a good job of protecting privacy, says Leah Fowler at the University of Houston Law Center. “But woe unto the consumers who don’t have that level of digital literacy, especially when these apps all look so similar.”
Educating consumers about how to protect themselves is of course important, Santa Clara University’s Irina Raicu says. But “if you’re a mother of three living in poverty and you get pregnant, you’re not going to become a superspy in terms of protecting yourself. You have too many other things to be worried about,” she says. “The organizations and businesses and lawmakers who care about this issue need to take more of the responsibility onto themselves.”
Our digital privacy and security experts say lawmakers could also help more broadly by enacting stronger privacy laws that limit what companies can collect and share about you. “We’ve urged that these laws apply by default, that you don’t have to find ways to opt out, and you aren’t bombarded with requests to opt in,” says Brookman, CR’s director of consumer privacy and technology policy. “Collection and sharing that isn’t directly related to the functionality you’ve asked for should be prohibited.”