Since the Supreme Court’s Dobbs decision depriving people of the right to abortion leaked last month, some have advised deleting period tracking apps to prevent that data from being used to target people seeking abortion care. But it’s useful to distinguish between the security and privacy threats that abortion seekers are actively experiencing now versus threats that may come in the future. Dragnet surveillance of period tracking apps in order to identify people with menstrual irregularities or other supposed evidence of terminated pregnancy fits squarely in the latter category.
So, should you delete your period tracking app? The short answer is: not necessarily. You may want to review your choice of app, along with other digital practices depending on what kinds of privacy invasions and threats you are most concerned about. Abortion seekers face much more urgent threats right now, and period tracking apps are not at the top of the list of immediate concerns. In the meantime, the companies behind period tracker apps have some serious shaping up to do, and legislators must move forward common-sense privacy legislation to protect not only health-related data but the full range of consumer data that could be weaponized against abortion seekers.
More Immediate Threats
Right now, the most common scenario in which people are criminalized for their pregnancy outcomes is when a third party—like hospital staff, a partner, family member, or someone else they trust—turns them in to law enforcement, who may pressure them into a device search. The most common types of evidence used in the resulting investigations are text messages, emails, browser search histories, and other information that could straightforwardly point to someone’s intention to seek an abortion. This type of criminalization is nothing new, and it has disproportionately affected people of color and people dependent on state resources.
With that immediate scenario in mind, think carefully about who you trust with information about your pregnancy. Use end-to-end encrypted messengers with disappearing messages turned on whenever possible. This functionality is available on both WhatsApp and Signal, and we have step-by-step guides for how to turn it on for Signal on iOS and Android. Refer to our security tips for people seeking an abortion and Surveillance Self-Defense guides for the abortion movement for information about other privacy considerations and steps.
Of course, it’s still important to prepare for future threats and make sure you have a period tracking method that works for you and protects your privacy. Read on to learn more about how period tracking apps work, what to look for in choosing one, and what companies can do to protect their users.
What Period Tracking Apps Collect and How It Can Be Abused
Besides the information around your reproductive health that you would expect your period tracking app to collect, there is a wide array of other types of data it may be picking up on: your phone’s device identifier, the location you are using the app from, the Ad ID that your phone uses as a nametag to communicate with advertisers across all your apps, your contact list, photos, and more. Individually, some of these pieces of data may seem relatively harmless, but they can also be combined and shared across the huge industry of web tracking and advertising. Anyone, not just advertisers, may be able to buy the resulting datasets. It isn’t a far reach to imagine dire consequences from this data collection and sharing—but again, this is not the primary strategy being used to criminalize abortion seekers right now.
Also remember that, just because you may delete an app from your phone, the data you’ve generated with it can live on in that app’s product servers and anywhere else they’ve shared the data they’ve collected. From there, it’s very difficult to delete and confirm it’s actually deleted.
This is why it’s important to be especially careful in choosing a period tracker app that is mindful of user privacy.
Choosing the Right Period Tracking App
If you’re using a period tracker already, consider switching to a more privacy-focused app. Consumer Reports, for instance, analyzed a number of period trackers and found Euki, Drip, and Periodical to be on the side of users when it comes to data retention policies and practices as well as avoiding third-party trackers.
Regardless of the app you choose, carefully examine its privacy settings and privacy policy statements. The privacy settings page is where you are able to configure different controls based on your preferences for how the app ought to collect and share your data. In fact, some apps don’t even have a privacy settings page—if yours doesn’t, consider it a red flag.
The privacy policy statement is where the app will describe the ways in which it manages, collects, and stores your data. These statements are often confusing and full of inaccessible legalese, so just do your best and don’t be discouraged if making sense of it is a challenge. Look for specific sections with phrases like “Data Collection” and “Sharing.” These paragraphs are often where you’ll find how the app plans on collecting your data and sharing it with others (often for a profit). A keyword search for phrases like “legal process” or “subpoena” will usually point to the section on how the provider will respond to police demands. For example, searching for these terms on Flo’s privacy policy reveals that Flo will share your info with police “to the extent permitted and as restricted by law” (emphasis added), which means Flo reserves the right to voluntarily comply with a police data demand so long as it is not specifically illegal to do so.
Companies and Lawmakers Must Step Up
Any company that collects user information must prepare for the possibility that data from their apps will be used to target or punish people seeking abortion and other reproductive healthcare. Our recommendations for tech companies in a post-Roe world certainly apply to the sensitive data and high level of user trust involved in period tracking apps.
And we shouldn’t have to hope companies will implement best practices out of the kindness of their hearts. Proposed legislation at the state and federal level would strengthen data privacy protections for health information. But we know that information directly related to health isn’t the only kind of data that could be used to target abortion seekers or any number of vulnerable, targeted populations. That’s why passing comprehensive state and federal consumer data privacy legislation is one of our strongest tools to prepare for future privacy threats, both the ones we can imagine and the ones that have yet to emerge.
Users shouldn’t have to scramble to find a tool that both helps them manage their health and protects their privacy. While we do not believe data from period tracking apps is an immediate threat, it could be in the future—and that is why now is the time for companies and lawmakers to take concrete steps to minimize the potential for harm.
The Electronic Frontier Foundation is the leading nonprofit organization defending civil liberties in the digital world. Founded in 1990, EFF champions user privacy, free expression, and innovation through impact litigation, policy analysis, grassroots activism, and technology development. We work to ensure that rights and freedoms are enhanced and protected as our use of technology grows. Visit https://www.eff.org