Period-tracking apps promise simplicity: a colorful calendar that predicts when your next cycle begins, reminders about ovulation, and even personalized insights into your health. But behind the convenience lies a less visible tradeoff— your most intimate health data may be quietly harvested, sold or shared in ways you never intended.
Experts say users often underestimate just how sensitive this information is, and the legal protections meant to safeguard it are far weaker than most people realize.
diane555 via Getty Images
The legal system has not yet caught up to the data privacy needs associated with period-tracking apps.
The stakes are especially high in a post-Roe America, where reproductive health data can be politicized or weaponized.
Tracking your period on a phone may feel like a harmless, even empowering daily ritual. Yet the same information can be used to infer pregnancies, fertility struggles, or even the possibility of an abortion. In the wrong hands, data that feels private and personal could become evidence or a marketing opportunity. As awareness grows, so does the push to rethink how and where people track their cycles.
Flo’s Privacy Problems Are Far From Over
Flo, the popular period- and fertility-tracking app used by more than 300 million people worldwide, has faced repeated scrutiny over how it handles sensitive reproductive health data. In 2021, the Federal Trade Commission (FTC) charged the company with misleading users by promising privacy while secretly sharing intimate details, like menstrual cycles, pregnancy status and related health information, with marketing and analytics firms such as Facebook and Google. As part of the settlement, Flo agreed to obtain explicit consent before sharing health data, submit to an independent privacy audit and notify affected users.
But new legal challenges show the controversy didn’t end there. In 2025, a massive class-action lawsuit alleged that Flo continued to transmit reproductive data to third parties, including Meta, through embedded tracking tools. While most defendants quietly settled, Meta fought the case in court and lost.
A San Francisco jury ruled that Meta violated the California Invasion of Privacy Act by intercepting sensitive Flo user data without consent, affirming that users had a reasonable expectation of privacy when logging health details in the app.
What Period Apps Collect (And Why It Matters)
Most users download period apps for one purpose: to track when their period starts and ends. But what begins as simple date-logging often expands into something far more detailed.
“Beyond basic cycle dates, most period-tracking apps collect a wide range of sensitive data,” said Miller Morris, M.A., M.P.H., and the founder and CEO of Comma, a secure app for tracking menstrual data. “Some apps even allow users to track body temperature and medication use. This comprehensive data collection helps users uncover patterns and insights into their cycle.”
She adds that OB-GYNs often call menstruation a “vital sign” because shifts in cycle length, flow, or symptoms can reveal underlying health issues. That makes this information powerful — but also deeply private.
“Apps often collect data on flow levels, cramps, changes in appetite, sexual activity, ovulation dates, even skin changes like acne,” Dr. Rani Aravamudhan, senior medical director at Nomi Health, told HuffPost. “Individually, these don’t feel significant. But combined, they build a detailed and intimate picture of a user’s reproductive and overall health.”
The sensitivity comes not just from the data itself, but from the patterns it reveals.
“That portrait can be a lifeline for patients and providers, but it also represents a goldmine for advertisers, insurers and anyone seeking to monetize women’s health,” Morris said.
And history shows the risk is more than theoretical.
“There is a long and bloody history of cycle-tracking apps selling user data to advertisers,” Morris notes. “What started as a purported value proposition of highly targeted marketing for reproductive health products, like supplements or pregnancy tests for someone trying to conceive, quickly became an egregious misappropriation of sensitive health care information. Insurers could use cycle tracking data to influence premiums for coverage for reproductive health conditions. What is missing here is informed consent.”
The Legal Loopholes Around Health Tracking Apps
Many users assume their menstrual data is protected under U.S. health privacy laws like HIPAA. In reality, most period apps fall outside that framework.
“Most health and wellness apps — including period and fertility trackers — aren’t considered ‘covered entities’ under HIPAA,” according to Andrea Frey, co-chair of the reproductive health and digital health practices at health care law firm Hooper Lundy. “This is because they do not engage in standard transactions such as electronically submitting claims to payors. This creates a significant privacy gap that many users are unaware of.”
She adds that increasingly, states are stepping in to close this gap through comprehensive consumer privacy legislation. For example, Washington’s 2023 My Health, My Data Act is considered one of the most expansive state laws protecting health-related data not covered by HIPAA. It includes reproductive health information collected by apps such as period and fertility trackers, and imposes strict consent, transparency and geofencing restrictions.
picture alliance via Getty Images
In the wrong hands, your menstrual data could be used as evidence or a marketing opportunity.
And other states are also following suit, including Nevada and Virginia, which have both enacted similar consumer privacy laws, and New York, which has introduced legislation aimed at protecting reproductive health data. In California, the legislature recently amended the Confidentiality of Medical Information Act (CMIA) (the state’s analog to HIPAA) to explicitly apply the law’s requirements to fertility trackers and similar apps that store data about sexual activity, ovulation and fertility.
Instead, these apps operate in a legal gray zone, governed only by their own privacy policies, which can change at any time.
“App developers often bypass stricter protections through their terms of service,” Morris explains. “These are often lengthy, filled with complex legal jargon, and presented as a single ‘accept’ button that users must click before using the app. By agreeing, users inadvertently grant the company broad permission to collect, use, and share their data with third parties for purposes like advertising and research.”
“Even if a vendor claims all data is de-identified before sharing, experts say re-identification is possible. Patterns of location, conditions, and behavior types can often be traced back to an individual.”
– Dr. Rani Aravamudhan, Senior Medical Director at Nomi Health
In practice, the fine print allows developers to legally profit from data that users assumed was confidential. But the patchwork of state and federal rules makes it difficult for users to know their rights — and for users in states where abortion is illegal, states can potentially use data from period-tracking apps to see if someone is pregnant or has had an abortion. But even where stronger privacy laws exist, enforcement is often slow or limited.
“Even if a vendor claims all data is de-identified before sharing, experts say re-identification is possible,” Aravamudhan said. “Patterns of location, conditions and behavior types can often be traced back to an individual.”
For Morris, the solution is straightforward: treat period data as health care data. “Menstruation should be treated with the same clinical standards as other areas of health,” she said. “Only then can we close this dangerous loophole.”
Low-Tech Ways To Track Your Cycle
For people uneasy about their data being sold or surveilled, there are lower-risk ways to keep tabs on reproductive health.
“The most common is the calendar method — just use a physical calendar or notebook to mark the first day of your period,” Morris said. “Over time, you’ll see patterns in cycle length and flow.” Journals or paper planners can also capture details like mood changes, cramps, or cravings without the risk of that information leaving your bedroom.
Aravamudhan adds that even digital diaries or phone notes can be relatively safe if stored securely. “A password-protected journal app or even a simple spreadsheet on your device offers privacy, as long as you avoid commercial cloud storage and disable data-sharing features,” she said. These approaches may feel old-fashioned, but they give users full control of their data in a way most apps cannot.
For those who want digital convenience without surveillance, subscription-based or security-first tools may be worth exploring. Morris points to Comma’s Sara app, which treats menstrual data as protected health information. “Unlike most apps, users access Sara through our website, not an app store,” she explains. “That means there’s no metadata about when, how, or where you use it being collected. The data is encrypted, anonymized and stored securely, allowing users to benefit from clinical insights without surveillance risk.”
20 Years OfFreeJournalism
Your Support Fuels Our Mission
Your Support Fuels Our Mission
For two decades, HuffPost has been fearless, unflinching, and relentless in pursuit of the truth. Support our mission to keep us around for the next 20 — we can’t do this without you.
We remain committed to providing you with the unflinching, fact-based journalism everyone deserves.
Thank you again for your support along the way. We’re truly grateful for readers like you! Your initial support helped get us here and bolstered our newsroom, which kept us strong during uncertain times. Now as we continue, we need your help more than ever. We hope you will join us once again.
We remain committed to providing you with the unflinching, fact-based journalism everyone deserves.
Thank you again for your support along the way. We’re truly grateful for readers like you! Your initial support helped get us here and bolstered our newsroom, which kept us strong during uncertain times. Now as we continue, we need your help more than ever. We hope you will join us once again.
Already contributed? Log in to hide these messages.
Not everyone will want or need a high-tech solution. For many, the peace of mind of a notebook or paper calendar outweighs the convenience of an app. But as abortion access shrinks and reproductive rights face heightened scrutiny, experts say people should think critically about what they share, and with whom.
“Period tracking is immensely powerful when used correctly,” Morris said. “But no one’s health information should ever be for sale.”