Cycle-syncing apps have been all the rage lately, and we’re here for them — especially since they help women understand their bodies on a deeper level. Nearly one-third of women in the U.S. use them, too. 

It’s crazy when you peel back the layers and realize how many women don’t know anything about their own menstrual cycle, including when they’re ovulating, which "phase" they’re in at any given time of the month, what that means for them and their body, and more. 

When we don’t understand what’s going on inside our bodies, we can’t optimize our lives accordingly through fitness, nutrition, sleep, and other lifestyle changes so we can feel our best no matter what time of the month it is. 

Period tracking apps are amazing for this because they help women get to know their cycles on a granular level. Some apps even reference training and dietary changes a woman can make based on where they’re at in their cycle. 

Since the overturn of Roe v. Wade, though, the reproductive data stored inside these apps has become a point of concern, which is why privacy regulations and data protection have become even more top of mind in the past year. 

Cycle-tracking apps: Why data privacy matters

Period tracking apps aside, any mobile application that’s collecting data on a woman’s body and behavioral habits has brought about concern among privacy experts in fear of how that data could be used to penalize anyone considering an abortion. 

Because these apps show when a woman’s period has started and stopped, the timing of ovulation and sex, and more, they can be used to indicate pregnancy. Basically, they are a digital trail of your fertility status. 

And in the case that a woman pursues an abortion, then consequently restarts her cycle, those changes in her cycle pattern could potentially be used against her in states where abortion has now been made illegal. 

Depending on the app’s privacy policies, the data collected could be subpoenaed by the government or sold to a third party under specific conditions. Scary, we know. 

According to Axios, 20 U.S. States have already banned or restricted access to abortion and four more are expected to follow suit in the near future. 

Privacy concerns go beyond period tracking apps 

These privacy concerns could potentially go beyond period tracking and other women’s health apps, for that matter. 

For example, if you’re sitting in the waiting room at an abortion clinic and using another app that’s collecting your location data, that history could be leveraged against you in the case that you’re breaking the law in your state of residence. In a similar vein, Google search history could also be pulled to reveal someone had been looking up abortion services near them. 

It’s not uncommon for apps to cooperate with law enforcement under criminal investigations, and period tracking apps like Flo have been under fire for sharing user data in the past. It’s also not just the government who may want to seize data under these circumstances, but pro-life organizations as well. 

A final thing to keep in mind is that HIPAA, the federal health information privacy law, doesn’t apply to period-tracking apps.

What to look for in a period tracking app

1. EU-based 

The EU has the strictest privacy regulations in the world. European law honors their community’s health data more than any other country, so using an app that was developed under the European Union is one of the safest bets. 

Depending on where you live, too, you may be subject to additional protection. For example, California, Colorado, and Virginia residents have additional rights over their data, but it still doesn’t fully compare to GDPR regulations in the EU. 

2. Subscription model 

When you pay for the use of an app, you become the main customer, not advertisers or other third parties they could be selling your data to. If you want your data to be secure, paying for it is a great place to start, though be sure to read any privacy policy you sign regardless to dig further into which rights you’re giving up when you decide to use their platform. 

3. Public statements on their website

If a company genuinely cares about data privacy, they will make it known in their core product messaging and/or include it as a section in their footer, so you can read more about how they plan to protect your data. 

Look on their site for information on what data they collect, what data they keep and for how long, how and where that data is stored, and how it can potentially be shared.   

Companies should state that: 

  • They don’t allow third-party tracking or resale to third parties

  • They enable you to use the app without location services turned on

  • Your data remains locally stored on your device, not remotely

  • If there’s a messaging or communication element involved, they utilize end-to-end encryption, meaning only the sender and receiver can access the message and there’s no possibility of it being breached while in transit 

  • They offer a clear way to delete any data that’s been stored 

4. Specific features around data privacy and protection

Following the Dobbs decision, more apps have rethought their privacy policies and the data they collect from users in general, resulting in new features such as Anonymous Mode from Flo Health. This lets users enter data into the app without adding their name, email, or other technical identifier, making it impossible to connect data to someone once that feature is activated. 

5. Where data is being stored

Generally, it’s recommended to use apps that store data locally on your device as opposed to the cloud where it’s more accessible. When your data stays on your phone or tablet, the company can’t sell it, share it with third parties, or hand it over to a legal party in the case of a security breach at the company. 

To go a step further with this, you can also disable location services for that app in particular, or use incognito mode when searching on the web through browsers like Google Chrome. The Electronic Frontier Foundation has a much more robust list of how you can protect your search history and online activity here

So, which period tracking apps are safe?

1. Cycles 

  • Users can use the app without creating an account 

  • Stores your data locally on your device 

  • If you decide to create an account, you can hide your email from the company meaning they won’t be able to link anything back to your email address

  • Users have the option to delete their data within the app without having to contact the company to do so 

  • The company is based in Sweden and thereby operates under GDPR guidelines, meaning they have to abide by the strictest data privacy standards in the world 

2. Stardust

Be the expert in you.

Take the Quiz

  • There is a whole landing page on their site dedicated to data privacy, stating: they have a team of dedicated lawyers and an upgraded security system managed by Rownd, a privacy-first authentication platform, and they’re committed to continually investing more resources into in-class protection for all users

  • No third-party tracking or sales

  • All user sessions are 100% anonymous

  • They don’t collect IP addresses

  • It’s impossible to connect any user information to specific logins because they have no way of knowing which data set belongs to which person (read more about their in-depth privacy policy here

3. Drip

  • Stores your data locally on your device 

  • No third-party tracking and sales 

  • All your data is protected by a PIN established by you 

4. Euki

  • Option to establish a PIN when logging in that’s not linked to any of your personal information such as your email address or phone number 

  • Stores your data locally on your device 

  • No third-party tracking or sales

  • You can delete data on demand or schedule sweeps to remove sensitive information from your device 

5. Lady Cycle 

  • Stores your data locally on your device 

  • No third-party tracking or sales 

  • Recommended by independent security experts 

  • Don’t need a personal login or internet connection to use the app (so there’s no way to link your personal info to the data collected)

6. Spot On

  • Can remain fully anonymous (there’s no need to ever make an account)

  • Made by the non-profit, Planned Parenthood so there’s no economic incentive behind the product 

  • No third-party tracking or sales

7. Period Plus 

  • Stores your data locally on your device 

  • No third-party tracking or sales

  • They transparently stated they only use user data in a de-identified form for the sake of improved product development and statistical studies to prove product efficacy 

8. Clue 

  • Because they’re based in the EU, they’re required by GDPR to protect their users' health data to the strictest degree in the world; they’re not allowed to disclose their users’ data, regardless of where they live

  • They transparently stated they only use user data in de-identified form for the sake of improved product development and statistical studies to prove product efficacy

With these options, you can rest assured that you don't have to delete your cycle-tracking apps in order to maintain data privacy, leaving you free to continue learning more about your body and your cycle, and living your life accordingly. 

Caroline McMorrow is Rescripted's Content Manager.