Why People Are Deleting Period Tracker Apps, And How To Do It Right

Period apps carry sensitive information that can be used against you in the US.

This article was originally published on HuffPost US.

Immediately after the Supreme Court overturned Roe v. Wade and took back Americans’ constitutional right to access legal abortion, many people online insisted everyone should delete their period trackers ASAP.

Millions use period trackers as a helpful tool to know when they are ovulating or miss a cycle, and to be notified of potential pregnancies and miscarriages. In a 2019 survey by the Kasier Family Foundation, almost a third of Americans said they have tracked their menstrual cycle with an app, with about 15% saying they do so at least once a month. An app may help you find out you are pregnant before you even wonder if it might be possible.

But can you trust an app with this knowledge, especially now? Privacy advocates warn that period tracker apps can be used to surveil pregnant people and submitted as evidence that someone should be prosecuted for seeking an abortion.

The group National Advocates for Pregnant Women found over 1,300 cases of pregnancy-related criminalisation between 2006 and 2020, and according to the Surveillance Technology Oversight Project, a nonprofit legal services provider, period tracker apps are a “potent source of data for police.”

Here’s what you need to know about the privacy levels of period tracker apps and the digital safeguards you can employ right now.

If you need to use a period tracker app, make sure it’s one that doesn’t use a server or third-party tracking

The first thing to understand is that not every period tracker app has the same features. You’ll want to be careful about period tracker apps that use cloud servers or share information with third parties.

“If they are selling it to third parties, they are selling it to data brokers, and some of the biggest clients of data brokers are government agencies, including, state, local, federal law enforcement,” says Danielle Keats Citron, a University of Virginia law school professor and author of the forthcoming book The Fight for Privacy: Protecting Dignity, Identity, and Love in the Digital Age.

Period trackers already faced criticism over privacy practices. In 2021, the US Federal Trade Commission reached a settlement with makers of the fertility and period app Flo after the FTC alleged they misled consumers and disclosed sensitive health information, such as the fact of a user’s pregnancy, to third parties like Facebook and Google. Flo said the settlement was “not an admission of any wrongdoing.”

“When your data is stored with a third-party server, then it is no longer yours and subject to the power of subpoena, so an overzealous prosecutor in a state which has overturned the right to choose [an abortion] is able to, in some cases, subpoena companies that have information: how often are you having your period, or if you haven’t had your period. That may lead to prosecution in some of those states,” says William Budington, a senior staff technologist at the Electronic Frontier Foundation, a digital rights group.

The US Fourth Amendment protects against unreasonable searches and seizures, but third-party data is not protected thanks to what is known as the “third-party doctrine” established by Supreme Court precedents.

“Supreme Court doctrine says because we have shared that information with a third party, we have assumed the risk that it will be shared with law enforcement, and we have no Fourth Amendment rights. So they don’t need a warrant,” Citron says.

Budington pointed out that the third-party doctrine allows easier access to your private information when it’s on third-party servers or clouds than when it is stored locally on your phone.

“Saying that they will never hand [data] over is all well and good, but that’s just a promise.”

- William Budington, EFF senior staff technologist

HuffPost asked Clue, a popular period tracker app that processes data in a server, what it would do in the case of a subpoena. A spokesperson shared a statement the company published after the Supreme Court struck down Roe v. Wade:

“Our business model is not based on profiting from our users’ personal data – we don’t sell them products based on what they track, we do not share any tracked data with ad networks, and we certainly do not sell our users’ data to any third parties... We would not respond to any disclosure request or attempted subpoena of our users’ health data by US authorities. But we would let you and the world know if they tried.”

Budington, however, said that’s not a promise Clue can keep.

“Saying that they will never hand it over is all well and good, but that’s just a promise. When it comes down to it, they themselves are going to be under the power of subpoena, be compelled to hand it over unless they want to delete that data, but that’s possibly interfering with an investigation,” he says. “The underlying fact is if they never have the data in the first place, then they can’t hand it over.”

This is why the Electronic Frontier Foundation, in its privacy tips guide for people seeking an abortion, recommends the period tracker app Euki. Euki directly states on its website that it does not collect or store any data on a cloud.

Coming out that strongly in terms of data protection is pretty rare, so that’s encouraging,” Budington says.

Consumer Reports’ digital lab team analysed the features of period trackers and recommended Drip, Euki and Periodical because they store data locally on your phone and don’t allow third-party tracking. The Digital Defense Fund, a group that works to increase digital security in abortion access, also recommends using a privacy-focused app like Euki.

Of course, you can go one step further and forgo apps altogether, as Grace Howard recommends. An assistant professor of justice studies at San José State University who researches the criminalisation of pregnancy, she notes that these apps are just one way among many that authorities can surveil people seeking abortions.

“I do think people should delete their period trackers, but this isn’t the only risk,” Howard says. “People need to use VPNs, private browsers and encrypted chat services when they search for abortion care or discuss it. There are already cases where people have been sentenced to prison because their web searches and text conversations have been used as evidence. I would even suggest that folks be cautious with using credit cards and online accounts to make purchases of things like emergency contraception and pregnancy tests.”

In one 2018 case, for example, Mississippi police used a woman’s internet search history queries of “buy abortion pills,” “mifeprisone online” and “misoprostol online” to charge her with second-degree murder following a miscarriage. (The criminal charges were ultimately dropped by a grand jury.)

“Anytime we can minimize the collection of our intimate information, that’s a good thing.”

- Danielle Keats Citron, University of Virginia law professor

Are there any federal protections against apps using your private reproductive health data? The Health Insurance Portability and Accountability Act of 1996, commonly known as HIPAA, requires patients’ sensitive information to be kept confidential and not be shared without the patient’s knowledge and consent.

But Citron noted that HIPAA only narrowly applies to covered entities like your doctor, your hospital and your health insurance, not fertility apps. Howard doesn’t think HIPAA is very protective in the case of period trackers, either.

“We’ve already seen that, when the foetus is considered a person, healthcare providers are required to override patient privacy as mandated reporters,” she says. “Hundreds of people have already been arrested and charged with crimes against their own pregnancies for things like having expressed uncertainty about their pregnancy and then having a miscarriage or stillbirth; testing positive for a drug; failing to protect themselves for abuse; self-managing abortions, etc. Arrests of this nature have happened in almost every state.”

You can delete your information from a period tracker app – but it might not be sufficient

Before you start going through the steps of wiping information, understand that deleting data does not guarantee that what you shared will not be used against you. Budington says wiping the data from a period tracker may have some effectiveness, but it depends on how widely the app has already given out your information to third parties before you request deletion.

“As always, keeping the information local and not stored in the cloud at all is better, but a company who follows its data retention policies and gives recourse to users wishing to delete their data may be effective in erasing it from the cloud,” he says. “It all depends on what they’ve done with that data beforehand.”

Citron said that deleting information off apps is necessary, but not sufficient. “Anytime we can minimise the collection of our intimate information, that’s a good thing,” she said. “I wish the law required the minimisation of collection, and the steps not to collect [that intimate information], but it doesn’t yet. So as individuals there is only so much we can do. The problem is really structural.”

The bottom line, Citron says, is that even if you delete your period tracking app, your phone could reveal other things. For example, if any app on your phone is sharing your location, it could potentially reveal if you go to a Planned Parenthood health centre.

“Unless you throw your phone in the ocean and you stop using your computer, I’m afraid to say it would be very hard to make yourself immune from criminal liability. That is why this is a structural problem,” she says.

With that big caveat in mind, here is how to delete your data from some of the most downloaded period tracker apps:

For Flo: Email support@flo.health to request to delete your data.

For Clue: Go to Support in your app, tap “account & data,” and follow the steps listed in “How can I delete my account?”

For Period Calendar Period Tracker: You can request deletion in the account settings section. And if you believe your data is being misused, you can contact abishkking@gmail.com, according to the developer’s privacy policy.

For Stardust: Email atsupport@stardust.gg or call at (833) 242-2002 to request that your personal information be deleted.

For MeetYou: You can click your personal portrait and submit your request to cancel your account by selecting “Cancellation Account,” according to its privacy policy. After cancelling your account, MeetYou says it will “delete the collected personal information or anonymise it.“

For Fertility Friend: Click the menu icon and select “charts management/permanently delete a chart.”

For BabyCenter: The app’s website recommends “logging into your account or contacting us through our DSAR Portal. We will respond to your request within a reasonable timeframe.“

For Ovia: Go to your profile settings and select “delete account.”