A woman on their iPhone checking their period tracker app.

After Catherine Feintuch gave birth to her second child, a son now 2, she downloaded a free app called Flo to her smartphone to help her track her menstrual cycle. To see whether her cycle had returned to normal and to create a reliable record to discuss with her gynecologist, she input data about her period, including dates and flow levels.

Hoping to keep her information private, the 33-year-old infectious disease researcher chose to use the app anonymously, opting not to register with her email address and create an account. Still, she wonders whether some of her personal information may be getting out into the wider world.

“I understand that the app is free and I’m giving them my data in exchange for getting the service," Feintuch says. "But I don’t know what else the data I am giving them is being used for, or if the app is accessing other information on my phone.”

Feintuch, one of about 50 million women worldwide who uses a period tracker app, is right to be concerned. 

More on Privacy

These kinds of apps are billed as useful tools for people who are trying to have a baby, want to prevent pregnancy, or need to monitor menstrual-cycle-related health problems such as hormone-triggered migraines. But to do so, the apps collect deeply personal information that can go well beyond the dates of your period. Depending on the app, that can include how often you have sex, if you are trying to have a baby, and whether you engage in unprotected sex, have experienced a miscarriage, or are approaching menopause.

As Consumer Reports’ Digital Lab found in a recent examination of five popular period tracking apps—BabyCenter, Clue, Flo, My Calendar, and Ovia—this means even anonymous users like Feintuch have no guarantee that their information won’t be shared in some way with third parties for marketing and other purposes. 

Having your personal health information disseminated in ways you’re unaware of could have serious repercussions, says Dena Mendelsohn, CR’s senior counsel on privacy and technology policy. It could, for instance, affect your ability to obtain life insurance and how much you pay for that coverage, increase the interest rate you’re charged on loans, and even leave you vulnerable to workplace discrimination. And because you usually don’t know who has your data, you may never know if you’ve experienced any of those harms.

CR’s Digital Lab, which tests products and services to ensure that consumers’ data and privacy are protected, found pros and cons in each of the five apps it looked at. Some make it easy for users to understand what data the app collects and how it’s shared, as well as provide ways for you to limit who can get your personal information or how it’s used.

But none guarantee that all of your information will be used only in ways you intend. That’s because they all share some user data with external partners for purposes such as targeted advertising. And those partners may then share or resell your personal information to third parties who make no promises to you about how they handle it.

CR’s Digital Lab also found shortcomings among all five apps in how they protect the sensitive user data they gather—though when CR alerted the companies to these findings, some moved quickly to make fixes. (See the chart below for details on what we found.)

"Consumers have a choice when it comes to using health apps,” says CR’s Mendelsohn. “They should be aware that information shared with health apps like these have the same data privacy rights as with any other app—which is very little.”

Here’s what you need to know about privacy issues with period tracking apps, what CR’s analysis found, and ways to protect your information.

The Growth of 'Femtech'

Period trackers have been used by nearly a third of women in the U.S., according to a recent Kaiser Family Foundation survey. They are part of the burgeoning market for “femtech,” which are technology-based products and services focused on women’s health. The market for all digital tools for women’s health needs—such as apps for personalized nutrition advice, weight-loss coaching, and high-tech breast pumps that record when and how much is pumped—could be worth as much as $50 billion by 2025, according Frost & Sullivan, a research and consulting firm.

Period trackers can be used for a wide variety of reasons in addition to monitoring menstruation. Professional athletes, such as those on the U.S. women's soccer team and several British Olympic hockey gold medalists, use them to tailor workouts and nutrition plans to their body's cycles. Clue, Ovia, and Flo say that medical researchers use anonymized information from the apps to study women’s health concerns. Some even have features that manufacturers claim will help diagnose medical conditions. Flo and Clue recently introduced tools to assess a user’s risk of polycystic ovary syndrome (PCOS), a hormone disorder that can affect a woman's fertility.

All five apps are free, but Clue offers a subscription version that allows you to chat with other users and get discounts or free products like tampons. Flo’s subscription service provides extra features such as period predictions and health reports you can share with your doctor. 

The Problem With Period Trackers

As period tracker apps grow in popularity and utility, so does concern about what happens with the personal information users input. Unlike medical records held by doctors and hospitals, the information collected by health-focused apps isn’t covered by the Health Insurance Portability and Accountability Act (HIPAA), a 1996 federal law that limits where healthcare providers can share your health information.

That means health app makers are mostly free to do what they want with the data they collect. For instance, they may work with companies that analyze how users interact with the app to improve its design or function. Or they may share information with digital ad and marketing partners who use it to send personalized ads to users for, say, baby products, or to recruit new users. These partners may be giant tech companies like Facebook and Google, small tech firms you never heard of, or both.

Those external partners may then have a relationship with data brokers, who collect, aggregate, and combine personal information about you from a variety of sources to create a profile on you and in turn sell it to others. And there’s no way to really know who is getting that profile. A recent study by an advocacy group called the Norwegian Consumer Council examined 10 popular apps including Clue and found that they were collectively feeding personal information to at least 135 companies.

What’s more, even when your data is de-identified by removing identifiable information such as your name or email address, it can be combined with other information—such as your location, contacts, or unique identifiers in your phone—and traced back to you, research suggests.

“It is the ability of a mobile app to collect far more data about you than you’re telling it that can be harmful,” says Jennifer King, director of consumer privacy at Stanford Law School’s Center for Internet and Society.

While consumers may shrug at such sharing as a trade-off of the digital age, there's emerging evidence of harm. Last March, for instance, the Department of Housing and Urban Development sued Facebook for housing discrimination, saying that the social media giant allowed advertisers to restrict who can see housing-related ads based on race, religion, sex, or disability. This information was gleaned from Facebook’s data mining activities, and then handed over to advertisers.

While the Facebook suit isn’t related to personal health data, it’s not hard to imagine that the information collected by period trackers—especially with some employers and health insurers licensing the apps to use as part of corporate wellness programs—could be used in ways that harm women, King says.

CR’s Mendelsohn agrees. “With issues like pregnancy discrimination still a concern for many women, those using reproductive health apps will want to be sure their private information stays private," she says.

There's a bipartisan effort in the Senate to address the problem with the Protecting Personal Health Data Act, introduced in June by Amy Klobuchar (D-Minn.) and Lisa Murkowski (R-Alaska). The proposed law, which CR supports, would require that mobile health technologies such as health apps and fitness trackers allow users to review, change, and delete health data collected by companies. Some states are also taking action. For example, the California Consumer Privacy Act of 2018, which went into effect this month, gives consumers similar protections. 

What CR’s Digital Lab Found

To evaluate privacy practices and data security for BabyCenter, Clue, Flo, My Calendar, and Ovia, CR’s Digital Lab used principles outlined in the Digital Standard. Launched by CR in 2017 in partnership with privacy and security experts, the standard is a set of benchmarks that companies can use to design digital products that are respectful of consumer privacy rights.

CR examined the apps and their privacy policies for clarity and comprehensiveness, transparency about data sharing, user control over their information and access to it, and best practices in how apps are designed to keep information secure.

CR found that some companies make it fairly easy to understand what's going on with your information. Clue’s privacy policy, for example, is light on jargon and broken down into readable chunks, and includes additional steps you can take to protect your data. BioWink, the company that developed Clue, is based in Germany and is subject to strict European Union regulations implemented in 2018 that dictate how businesses and organizations handle sensitive digital information of EU residents.

Those rules, such as giving users the right to delete their data, don’t apply to the other apps CR examined, which are made by companies based in the U.S. But several take some of the same precautions voluntarily.

For users who don’t want to slog through a full-length privacy policy, Flo provides a summary with key takeaways and lists the specific data points it collects, including information you don’t explicitly input, such as your location. Flo also allows if you want to opt out of having your data used by the company or its partners to send you offers for personalized products or services from Flo or its partners.

In addition, Flo dropped Facebook as an ad-tracking and data-analytics partner after The Wall Street Journal revealed last February that the app shared personal data, such as whether a user intended to become pregnant, with the social media giant, which used the information for targeted advertising. Now Flo uses only one partner for ad targeting and app usage analysis while the other apps CR evaluated use a half-dozen or more.

While CR’s Digital Lab didn’t uncover any major security issues, it did find shortcomings in the way all five apps handle the sensitive user data they collect, says Maria Rerecich, CR’s senior director of product testing. For example, none require users to log in by default every time they open the app, or offer multifactor authentication (which requires that users input a code sent by text to their phone), or require an additional security step before accessing the app. “Those are best practices that can better secure your data,” Rerecich says.

5 Period Tracker Apps
It's no fun to read privacy policies but that's the only place a user can get details on what companies do with your information. CR's Digital Lab did some of the work for you. In the five period tracker apps we evaluated, we looked at the clarity of their privacy policies, who they share information with, and several security criteria. All of these apps shared data with analytics companies, and none of them include multi-factor authentication—the use of more than your password to log in. But some allow you to work with a password manager, which can help protect your personal information, or offer other precautions. Here's a quick rundown.
It's 8,500 words long but does not include the specific third parties it shares data with.

BabyCenter

Clue

Flo

My Calendar

Ovia
Is the privacy policy easy to understand? NO YES YES NO YES & NO
Can you use without sharing your name and email? YES NO YES NO NO
Who does the app share your data with?
Advertisers and marketers YES YES YES YES YES
Health researchers, with your permission NO YES YES NO YES
Insurers and employers via wellness programs NO NO NO NO YES
Does the app use these 2 security precautions?
Default is to authenticate the user with each use NO NO NO YES NO
Works with password managers YES YES YES NO YES
5 Period Tracker Apps
It's no fun to read privacy policies but that's the only place a user can get details on what companies do with your information. CR's Digital Lab did some of the work for you. In the five period tracker apps we evaluated, we looked at the clarity of their privacy policies, who they share information with, and several security criteria. All of these apps shared data with analytics companies, and none of them include multi-factor authentication—the use of more than your password to log in. But some allow you to work with a password manager, which can help protect your personal information, or offer other precautions. Here's a quick rundown.

BabyCenter
Is the privacy policy easy to understand?
Not very. It's 8,500 words long but does not include the specific third parties it shares data with.
Can you use without sharing your name and email?
YES
Who does the app share your information with?
• Advertisers and marketers
Does the app use these 2 security precautions?
Default is to authenticate the user with each use: NO
Works with password managers: YES

Clue
Is the privacy policy easy to understand?
Yes. It starts with a simple explanation of important points and the detailed policy is easy to understand.
Can you use without sharing your name and email?
NO
Who does the app share your data with?
• Health reseachers, with your permission
Does the app use these 2 security precautions?
Default is to authenticate the user with each use: NO
Works with password managers: NO

Flo
Is the privacy policy easy to understand?
Yes. Provides a summary of key takeaways and the policy is long but easy to understand.
Can you use without sharing your name and email?
YES
Who does the app share your information with?
• Advertisers and marketers
• Health reseachers, with your permission
Does the app use these 2 security precautions?
Default is to authenticate the user with each use: NO
Works with password managers: NO

My Calendar
Is the privacy policy easy to understand?
No. It's written in legalese and you must download a PDF from the app to even read the policy.
Can you use without sharing your name and email?
NO
Who does the app share your information with?
• Advertisers and marketers
Does the app use these 2 security precautions?
Default is to authenticate the user with each use: YES
Works with password managers: NO

Ovia
Is the privacy policy easy to understand?
YES & NO, The 4,000-word policy is fairly clear on its security measures and the data it collects, but does not list the specific third parties it shares data with.
Can you use without sharing your name and email?
NO
Who does the app share your information with?
• Advertisers and marketers
• Entities that research health, with your permission
• Insurers and employers via wellness programs
Does the app use these 2 security precautions?
Default is to authenticate the user with each use: NO
Works with password managers: YES

When CR reached out to each of the app makers with our findings, we received varied responses.

MyCalendar addressed each point raised, updating its privacy policy so it’s easier to find information on topics such as how to request that your data be deleted. It also plans to require users to log in every time unless they actively choose not to, and says it will add fingerprint and face recognition options for additional protection.

Ovia updated its privacy policy to comply with California’s new privacy law. The company said the updated policy addresses some of the issues CR raised, such as how consumers are informed about data breaches.

Clue told CR it doesn't require users to enter a passcode to log in because that's more user-friendly. But it noted that users can opt to use a PIN to unlock the app each time they launch it. After Consumer Reports reached out, Clue also modified the app so that it now works with password managers, which generate strong passwords and encrypt your information.

BabyCenter said that while it doesn't list the specific third parties it shares data with, the compant does describe the categories of personal information it gathers and what types of information it may disclose. But that information is buried in the app's roughly 8,500-word privacy policy. Company spokesperson Linda Murray also told CR that it requests access to a user’s camera—something the other apps CR looked at don’t do—so pregnant users can take photos of their bellies. Those photos can be stored in the user’s device and in the cloud, so if users get a new device or have a problem with their phones the photo can be restored. “Tracking pregnancy progress visually is one of the most popular activities in our app,” Murray says. The company does not share photos with any of its partners, she said. However, like other apps with discussion groups, photos posted on BabyCenter’s community forums are viewable publicly. 

Flo didn’t respond to several requests to explain why its app doesn't require a password login by default and doesn't describe how it reports data breaches. After CR reached out to Flo, the most recent version of the app now works with a password manager.

How Accurate Are Period Trackers?

Is putting your personal data at risk worth the benefits that come with using these apps? That may depend in part on why you’re using them. “An app can be a reliable digital record of your menstrual cycle. If you’re trying to get pregnant, it can be a helpful tool,” says Nathaniel DeNicola, M.D., the chair of telehealth for the American College of Obstetricians and Gynecologists. “But there’s real cause for concern if you’re using it to avoid getting pregnant. If you’re just one day off, it could result in an unintended pregnancy.”

None of the apps that CR evaluated are marketed as a method of birth control, though MyCalender says its app can help users concerned about birth control and contraception. Another app, Natural Cycles, is certified in Europe for birth control and is approved for marketing as a contraceptive in the U.S. by the Food and Drug Administration. In 2018, Natural Cycles was investigated by Swedish authorities after a report that dozens of women using the app had unwanted pregnancies. The investigators recommended Natural Cycles clarify the risk better for users, and the company complied.

A 2016 study in the Journal of the American Board of Family Medicine found that only six of 30 apps marketed to help women avoid pregnancy accurately predicted a woman’s fertile window. And a 2017 study from the University of Washington found that 20 percent of people who reviewed fertility apps said the apps incorrectly predicted their cycles. That could be because the apps failed to account for factors such as recent childbirth or approaching menopause, both of which can affect menstrual cycles, and other design flaws.

DeNicola points out that the accuracy of the apps also depends on how carefully and consistently you track. The longer you track and the more data about your cycle you supply, the more accurate results should be, he says.

How to Protect Your Personal Information

“Data privacy should be a fundamental right for consumers, but that’s not the reality right now,” says CR’s Mendelsohn. “Instead, health app makers can collect, buy, and sell your data without your knowing consent.”

To address those issues, Mendelsohn says, app developers should use consumers’ data only for the purpose of the app and not share or sell the information; collect only the data the app needs to operate, and destroy that data after use; and give consumers clear, concise information about why they collect the data and what they do with it. Finally, companies that violate their privacy policies should face strict penalties, Mendelsohn says.

Until such protections are in place, here’s how you can reduce the risk that your information will be shared inappropriately:

  • Use privacy controls. When you download a period tracker—or any app—check for options that allow you to opt out of permissions to sell your data or share it with external partners. As CR found, some period trackers clearly explain how to do this, but more often the details are buried in the privacy policy. You can also use your smartphone settings to limit permissions to your location data or your contacts. Change your location setting to “while using” or “ask” for iPhone apps, and to “on” or “off” for Android apps.
  • Consider a password manager. These programs—such as 1Password, Dashlane, KeePass, or LastPass—generate extremely strong passwords for all your accounts and encrypt them to keep them safe. When you go to the app you want to use, it will log you in.
  • Hide from ads. If you don’t want targeted ads to follow you to social media platforms and possibly tip people off to conditions such as pregnancy or infertility, use your smartphone settings to limit ad tracking. On Apple phones, go to settings, scroll down to “privacy,” click on “advertising,” and turn on the “limit ad tracking” button. On an Android phone, go to “settings,” scroll down to Google, and click on “ads,” where you’ll find an option to opt out of ad personalization and to reset your advertising ID.
  • Watch what you share. Apps rely on consumers to volunteer information. But just because they ask doesn't mean you have to answer. As with Flo, some fertility apps don’t require you to register an email address to use it. And if an app does require you to use an email address, you can set up an alternate email account for that information to cut down on the marketing spam clogging up your primary email inbox.
  • Keep updated. Apps are updated frequently to add new features and fix bugs. You can turn on automatic updates on your phone’s settings. Or check apps periodically to see if updates are available.
For more information, check out Consumer Reports’ Guide to Digital Security & Privacy, or follow our steps for 30-second privacy fixes you can tackle right now.

Editor’s Note: This article was updated on Jan. 28 to include a statement from BabyCenter explaining why its app requests access to a user’s camera.