Tracking your menstrual cycle is a powerful tool for understanding your health, but it should never come at the cost of your privacy. As digital health tools become more sophisticated, and more invasive, users must be vigilant about how their data is collected, stored and used.
Period tracking apps have become ubiquitous, offering millions of users a convenient way to monitor their menstrual cycles, fertility windows and symptoms. But as concerns grow over the use and potential misuse of personal health data, many are beginning to question whether these tools are as safe as they are useful.
A damning report from the University of Cambridge’s Minderoo Centre has ignited fear that some cycle tracking apps may be sharing sensitive data with third parties. The report highlighted these apps were a ‘gold mine’ for consumer profiling. By collecting information, it could allow companies to produce targeted advertisements linked to information users think is kept private.
In a digital era where health information is increasingly politicised and monetised, the question of how to track one’s cycle securely has never felt more urgent.
Read more: ‘I got my hormones tested to fix my irregular periods — the results shocked both me and the experts’
The privacy problem
Period tracking apps often request, and store, highly sensitive data: from the dates of menstrual cycles to information about sexual activity, mood changes, contraception use and reproductive history. If this data is stored in the Cloud or shared with third parties, it may be exposed through data breaches or used in ways the user didn’t explicitly or knowingly consent to.
Under EU and UK law, the data from these period tracking apps comes under a special category, which means it should have special protections from being sold on — but this report highlights that consent options aren’t always enforced or implemented. This then allows the data to be sold to advertisers and tech giants.
If the data is sold on, it can be used to target women with tailored adverts for different parts of their cycle such as beauty ads targeted during ovulation, as well as ads relating to pregnancy.
“There are real and frightening privacy and safety risks to women as a result of the commodification of the data collected by cycle tracking app companies,” said Dr Stefanie Felsberger, the lead author of the report.
Read more: Can Ozempic help manage PCOS symptoms like irregular periods?
How to protect your data when using cycle tracking apps
If you use a cycle tracking app, there are steps you can take to minimise your privacy risks:
- Prioritise apps that store data locally rather than in the Cloud, as information stored here is more vulnerable to cyber-attacks.
- Avoid linking your cycle tracker to other health platforms (such as Google Fit), unless absolutely necessary.
- Set up PIN codes or biometric locks for apps with sensitive content.
- Opt out of data sharing wherever possible in the app’s settings.
- Regularly review and delete stored data, especially if you’re no longer using the app.
- Limit location sharing — a period tracking app shouldn’t need location data to provide a service.
- Avoid entering information about contraception, sexual activity, sensitive symptoms or reproductive history into apps with unclear privacy practices.
As well as these precautions, Jacob suggests: “Use a VPN or proxy service like ours to conceal your IP address when accessing these apps. This prevents app developers or advertisers from tying your usage patterns to your geographical location or identity. Where the app allows it, always employ biometric access or PIN protection to prevent the app from being easily opened by someone else on your device.”
He adds: “It’s also worth realising that even deleted data can reside on a company’s servers unless the app specifically says otherwise, so apps such as Euki, which never sends your data off your phone, are reassuring.”
Finally, Jacob says: “Never use your real name, email or link your social media sites to the app, even if prompted. That kind of connection opens up a backdoor, which can be exploited if the app’s database is hacked in the future.”
Read more: What exercises are best during periods? Phases explained
What can cycle tracking companies do to rebuild user trust?
Lynda Wilkes-Green, lawyer and founder of period tracking app Ahyla, shared a few steps that she’s taken — and is urging others to take — in order to protect user safety and rebuild their trust.
Clarity
For Lynda, trust starts with clarity. She explains: “Privacy policies should be written in plain English, rather than legal jargon — users deserve to understand what data is being collected, where it’s stored and how they can delete it. If people can’t understand a company’s privacy policy, they can’t give meaningful consent.”
Necessary data collection
Lynda says that “many apps overreach by asking for information that isn’t essential to function” and instead should only collect what’s “truly necessary” for cycle insights.
Third-party policies
She adds that companies need to be “transparent about third-party sharing”. Popular cycle tracking app Clue shares anonymised health data with research partners to advance menstrual and reproductive health research — which is severely under-researched — but it’s possible some users may not be aware of this information. Lynda says: “Even if data is anonymised, users deserve to know if and how their data might be shared with partners or platforms. Vague ‘may share with trusted partners’ language is no longer acceptable.”
The involvement of women
Lynda stresses the need to involve women in privacy-centric design. She says: “If a company is building a product for women’s bodies, women must be part of the decision-making process, from feature design to testing to data governance.”
Feature image: Freepik
