Period Trackers Leak Sensitive Data | Analysis by Brian Moineau

TL;DR

  • Mozilla’s tests found one period tracker, Stardust, routing reproductive health events (pregnancy status, birth control, symptoms) to RudderStack while also pinging Meta and AppsFlyer, contradicting the app’s “Your data is private. Period.” slogan [1][2].
  • The exposure isn’t just what you type; it’s where those events travel: every third‑party SDK or data “pipe” multiplies legal risk after Dobbs v. Jackson Women’s Health Organization (2022), while HIPAA’s April 26, 2024 update shields clinical PHI but not most consumer apps [3][7].
  • Enforcement signals are clear—FTC actions involving Flo (2021), GoodRx ($1.5M in 2023), and BetterHelp ($7.8M in 2023) preview how “privacy promises vs. practice” cases will hit femtech and its vendors next [4][5][6].

What the source said

In July 2026, BBC Future reported on Mozilla Foundation’s hands‑on testing of six period trackers—Flo, Clue, Stardust, Spot On, Period Calendar, and Euki—showing stark differences in how they transmit private data from the United States and Europe [1]. Mozilla and BBC found Stardust was the only app that sent labeled reproductive health events to RudderStack, a routing service not named in Stardust’s policy, while also sharing identifiers with Meta and AppsFlyer; Stardust says RudderStack can’t identify users and is contractually barred from repurposing data [1][2]. Spot On’s in‑app links to Planned Parenthood’s site exposed visits (e.g., for HIV testing or gender‑affirming care) to AB Tasty, while Period Calendar sent device IDs to Google and InMobi without an opt‑out; Mozilla called Euki “squeaky clean” by comparison [1].

Why it matters

Two groups have the most at stake in 2024–2026. First: users whose menstrual logs can imply pregnancy, fertility struggles, or miscarriage in states that criminalize aspects of reproductive care after the 2022 Dobbs ruling; HIPAA’s April 26, 2024 reproductive‑privacy rule protects clinical PHI but does not reach most consumer trackers, creating a gap prosecutors can exploit with subpoenas or geofence warrants [3][7]. Second: the femtech stack—app publishers, attribution firms, analytics routers, and ad platforms—because one mislabeled or misrouted event can turn “we protect your privacy” into Exhibit A for the FTC or a state AG, echoing Flo (2021), GoodRx (2023), and BetterHelp (2023) outcomes [4][5][6].

Original analysis

Consensus view: “Fix period tracker privacy with end‑to‑end encryption and you’re safe.” Contrarian read: encryption helps, but the weak link is metadata exhaust and server‑side event routing that Apple’s App Tracking Transparency dialog doesn’t meaningfully police, so sensitive streams can leave at app open to partners like RudderStack, AppsFlyer, or Meta, even before a user toggles a setting [2]. In discovery, the map of who received which payloads on which dates typically matters more than whether fields were encrypted in transit [4][5][6].

Historical analogue: Flo’s 2021 settlement and GoodRx’s 2023 penalty. In Flo, the FTC alleged the app labeled events like “Pregnancy” and sent them with identifiers to Facebook, Google, Flurry, Fabric, and AppsFlyer, contrary to public promises, leading to an order requiring affirmative express consent and external assessments [6]. GoodRx paid $1.5 million and was banned from sharing health information for advertising after claiming to be “HIPAA secure” while not being a covered entity; DOJ and FTC highlighted the mismatch between claims and data flows [5]. BetterHelp paid $7.8 million and faced a ban on sharing sensitive health data for ads, reinforcing that regulators don’t need a breach to act—just a broken promise with corroborating packet logs [4].

Back‑of‑envelope calculation (example math using 13 cycles/year and 2M MAUs):

  • Assumptions: a typical user logs 8 items per cycle (bleeding, PMS, two symptoms, mood, sex, contraception, note). At 13 cycles/year, that’s ~104 health events per user/year (author’s calc).
  • If an app routes those to 3 partners (analytics, attribution, data router), that’s ~312 transmissions per user/year (author’s calc).
  • With 2 million monthly actives sustaining this cadence, that’s roughly 624 million transmissions/year—a compounding discovery, breach, and subpoena surface if IDs or device metadata allow linkage later (author’s calc).

Period tracker privacy: a 2x2 that predicts risk based on Mozilla/BBC’s 2026 findings [1]

  • Axes: “Visibility of data flows” (transparent logs, partner lists, on‑device options such as iOS 17’s App Privacy Report) vs. “Third‑party dependence” (count and criticality of external SDKs/pipes on iOS 17 and Android 14).
Quadrant What defines it Example placement (from reporting/tests)
High visibility + Low dependence Clear partner registry, minimal SDKs, local storage by default Euki (“squeaky clean” per Mozilla/BBC) [1]
High visibility + High dependence Lots of SDKs but a detailed map and user controls Few period apps today; a target state
Low visibility + Low dependence Few partners but opaque disclosures Gap apps not audited this round
Low visibility + High dependence Multiple partners, event routing, limited controls Stardust (RudderStack for health data; AppsFlyer/Meta identifiers) [1][2]; Period Calendar (Google, InMobi, no user opt‑out per report) [1]; Spot On’s linked web features leaking to AB Tasty [1]

Named‑stakeholder breakdown (4 groups, 2024–2026):

  • App publishers (Stardust, Period Calendar, Spot On): if your privacy page and packet captures diverge, you are replaying Flo/GoodRx’s storyline in a harsher legal climate spanning Washington to Texas [1][5][6].
  • Data routers/SDKs (RudderStack, AppsFlyer, Meta): you are “processors,” and Washington’s My Health My Data Act (RCW 19.373, 2023) regulates processors via contracts, logs, and retention duties that will surface in discovery [7].
  • Regulators (FTC, state AGs, HHS OCR): toolkits and precedent—Flo (2021), BetterHelp (2023), GoodRx (2023)—align with HIPAA’s 2024 rule that clarifies covered‑entity limits and spotlights the consumer‑app gap [3][4][5][6].
  • Users: the safest default is local‑only logging or apps proven to avoid third‑party transmission of health events (Mozilla highlighted Euki in 2026 testing) [1][2].

What others are missing

The overlooked angle is vendor‑chain accountability one layer downstream of the app: event‑routing platforms that shuttle payloads between mobile clients and data warehouses in Seattle‑to‑San Francisco stacks. Washington’s My Health My Data Act (RCW 19.373) binds publishers and processors alike and compels a homepage‑linked health data policy, opt‑in consent, and deletion rights with concrete effective dates (large entities by March 31, 2024; small businesses by June 30, 2024) [7]. HIPAA’s April 26, 2024 reproductive‑privacy rule tightens disclosures inside clinics yet explicitly doesn’t cover fertility/period apps that aren’t regulated entities, so compliance pivots on state law and SDK contracts instead of hospital playbooks [3][7].

What to watch next

  1. By Q4 2026, at least one state attorney general will file a My Health My Data Act action against a consumer reproductive‑health app or a processor for undisclosed sharing of cycle or pregnancy events, citing packet logs and partner contracts as evidence.
  2. By Q2 2027, a top‑5 mobile analytics or attribution vendor (by market share in North America) will ship a “reproductive‑health safe mode” that rejects cycle‑ or pregnancy‑labeled events and enforces 30‑day deletion SLAs, and at least one major tracker will announce adoption in a press release.
  3. By Q1 2027, Apple or Google will update platform policy to restrict server‑side routing of sensitive health events to non‑clinical processors without explicit, in‑context consent and an in‑app partner list, with enforcement via app rejections.

My take

If you ship a period tracker in 2026, you can’t outsource privacy to your SDKs or routers. The rule of thumb is simple: if your network logs show pregnancy or symptom events leaving the device, you’re building a plaintiff’s timeline for the FTC or a state AG. Build a data diode now: keep health events on‑device, publish a partner bill of materials, and ban reproductive‑health labels in analytics streams. HIPAA’s 2024 fix protects clinic charts, not your app; FTC precedent punishes broken promises; Washington’s MHMD creates direct exposure for processors—choose the “squeaky clean” quadrant or budget for discovery [1][3][5][6][7].

Sources

  1. The privacy problems hidden in your period tracker — BBC (https://www.bbc.com/future/article/20260715-how-period-trackers-share-womens-private-details) — Core report from July 2026 based on Mozilla’s testing; details on Stardust–RudderStack, Spot On’s AB Tasty issue, Period Calendar’s tracking, and Euki’s “squeaky clean” status.

  2. Privacy Review: Stardust Period Tracker — Mozilla Foundation (https://www.mozillafoundation.org/en/nothing-personal/stardust-privacy-review/) — Confirms health‑event transmission to RudderStack and identifiers to AppsFlyer/Meta; explains why Apple’s ATT doesn’t constrain these pipes.

  3. The HIPAA Privacy Rule (incl. Apr 26, 2024 Final Rule to Support Reproductive Health Care Privacy) — HHS.gov (https://www.hhs.gov/hipaa/for-professionals/privacy/index.html) — Establishes scope and the 2024 reproductive‑privacy update; clarifies covered entities/business associates vs. consumer apps.

  4. FTC Gives Final Approval to Order Banning BetterHelp from Sharing Sensitive Health Data for Advertising, Requiring It to Pay $7.8 Million — Federal Trade Commission (https://www.ftc.gov/news-events/news/press-releases/2023/07/ftc-gives-final-approval-order-banning-betterhelp-sharing-sensitive-health-data-advertising) — Shows FTC bans on ad uses of sensitive health data and monetary relief.

  5. Digital Healthcare Platform Ordered to Pay Civil Penalties… (GoodRx) — U.S. Department of Justice (https://www.justice.gov/archives/opa/pr/digital-healthcare-platform-ordered-pay-civil-penalties-and-take-corrective-action) — Details $1.5M penalty and advertising bans for sharing health data despite privacy claims.

  6. FTC Finalizes Order with Flo Health, a Fertility‑Tracking App that Shared Sensitive Health Data — Federal Trade Commission (https://search.ftc.gov/news-events/news/press-releases/2021/06/ftc-finalizes-order-flo-health-fertility-tracking-app-shared-sensitive-health-data-facebook-google) — Lays out how labeled pregnancy/period events went to analytics firms and the remedial order (consent, audits).

  7. Protecting Washingtonians’ Personal Health Data and Privacy (My Health My Data Act FAQ) — Washington State Attorney General (https://www.atg.wa.gov/protecting-washingtonians-personal-health-data-and-privacy) — Clarifies RCW 19.373 scope, effective dates (Mar 31 and Jun 30, 2024), policy‑link requirement, and that processors are in scope.

FaceTime in iOS 26 will freeze your call if someone starts undressing – 9to5Mac | Analysis by Brian Moineau

FaceTime in iOS 26 will freeze your call if someone starts undressing - 9to5Mac | Analysis by Brian Moineau

FaceTime's New Feature: Privacy in a Pixelated World


In an era where technology constantly blurs the lines between public and private, Apple is stepping up its game with the latest iOS 26 update. Among its suite of new features, the update introduces a FaceTime safety feature designed to prevent nudity without consent by freezing your call if someone starts undressing. This move is as much about safeguarding privacy as it is about navigating the increasingly complex landscape of digital communication.

The Naked Truth About Digital Privacy


It's no secret that privacy concerns have been at the forefront of tech discussions in recent years. From Facebook's infamous Cambridge Analytica scandal to ongoing debates over data encryption, tech companies have been under immense pressure to protect user privacy. Apple's new FaceTime feature is a direct response to these concerns, providing a safeguard against unwanted exposure.

The feature works by using machine learning to detect when someone in a FaceTime call is undressing, automatically freezing the video. This proactive approach is reminiscent of Apple's other privacy-focused initiatives, such as their App Tracking Transparency, which gives users more control over their data.

A Broader Context: Privacy in the Digital Age


Apple's move comes at a time when digital privacy is more critical than ever. The COVID-19 pandemic accelerated the shift to online interactions, making features like FaceTime indispensable for personal and professional communication. However, with increased usage comes increased risk. According to a 2021 report by the Federal Trade Commission, cases of online fraud and privacy violations saw a significant rise during the pandemic, underscoring the need for robust privacy measures.

This update also aligns with broader societal trends towards consent and personal agency. In a world increasingly advocating for bodily autonomy and the right to privacy, Apple's feature is both timely and relevant. It's a tech solution that echoes the sentiments of global movements pushing for respect and consent in all interactions.

Drawing Parallels: Tech and the Art of Consent


The introduction of this FaceTime feature is reminiscent of other tech companies' attempts to put control back into the hands of users. For instance, Zoom, a company that became a household name during the pandemic, introduced end-to-end encryption to ensure secure calls. Similarly, social media platforms like Instagram have implemented features that allow users to better control who can see their content.

These initiatives reflect a growing recognition within the tech industry that privacy isn't just a feature—it's a fundamental right. As users, we are becoming more aware and demanding of our rights in the digital space, pushing companies to innovate in ways that prioritize our safety and consent.

Final Thoughts: A Step in the Right Direction


Apple's new FaceTime feature is a welcome addition to the ongoing conversation about digital privacy. By freezing calls when nudity is detected, Apple is sending a clear message: privacy and consent are paramount. While technology continues to advance at a breakneck pace, it's comforting to see companies like Apple taking steps to ensure that these advancements don't come at the expense of our personal privacy.

As we continue to navigate this pixelated world, it's essential for tech companies to keep pushing the envelope on privacy and safety. Apple's latest feature is a reminder that while technology can sometimes feel intrusive, it also has the potential to protect and empower us. Here's hoping that more companies follow suit, making the digital world a safer space for everyone.

Read more about AI in Business

Read more about Latest Sports Trends

Read more about Technology Innovations