SUPPORT SFLC.IN

Menstruapps: Tracking Your Cycle or Tracking You?

Posts

You downloaded a menstruation app to track your cycle, maybe to predict your period, monitor your fertility, or simply to understand your body better. Menstruation apps—also known as menstruapps, have millions of downloads today, they offer convenience and personalized insights, making them seem like an essential tool for health and body awareness. But under the disguise of convenience and personalized insights of your body, what if these apps are tracking more than just your period? What if it’s tracking everything about you?

Many of these apps go far beyond simply tracking your menstrual cycle dates. They collect personal information, including details about your health conditions, sexual activity such as choices of contraception, pregnancy goals, sleep cycle, daily moods, mental health, food habits, lifestyle habits, exercise routines, food cravings,  as well as unexpected aspects of your health, like skin and hair changes, digestion patterns, and even stool consistency – clearly creating an extensive digital profile that extends far beyond what is necessary for period tracking.

While some of this data may be useful for users who want more personalized insights—such as ovulation tracking for pregnancy plannings—many apps fail to explain why they collect such extensive data, whether it is truly necessary for period prediction, and how it is being stored or shared.

What is even more concerning is that while many users assume their information stays private, in reality, many menstruapps share this sensitive data with advertisers, third-party analytics companies, and even pharmaceutical corporations. These companies use the information to target users with personalized ads, develop medical products, or integrate it into larger data-driven business models. Often, this happens without the explicit and informed consent of users as privacy policies are often lengthy, confusing and lack complete information.

We deep-dive into the privacy policies of five popular menstruapps in India and globally, and uncover how these apps handle user privacy, their complex privacy policies, and the hidden ways they exploit your most intimate data. As surveillance capitalism tightens its grip, it’s time to ask: Who really owns your body’s data—and what are they doing with it?

METHODOLOGY

We evaluate the privacy policies across five key parameters:

  1. Categories of Data Collected: This section outlines the types of data an app collects from users and its legitimacy under the privacy policy.
  2. Third Party App/Devices the App Can Access: Some apps request permission to access data from other applications on the user’s device. We analyse whether the privacy policy clarifies why this access is needed and whether users can control these permissions.
  3. Third Party Access : We analyse whether the app shares user data with external parties, whether these parties are specified, what data is shared and if users can opt out.
  4. Rights under the Digital Personal Data Protection Act, 2023 (DPDPA) : We analyse whether the privacy policy mentions the rights available to data principles as provided in DPDPA, such as  Right to Withdraw Consent, Right to Access, Right to Erasure, Right to Correction and Right to Grievance Redressal.
  5. Plain Language and Readability : We analyse whether the privacy policy is written in clear, simple language that is easy for users to understand.
  6. Data Protection Score: For the Data Protection Score, we assess apps based on the seven data protection principles. We further score them out of 7. The 7 Data Protection Principles are as follows:
    1. Lawfulness, transparency and fairness : Are the apps collecting and processing data in compliance with law, is there a legal basis (e.g., consent, contract, legitimate interest, legal obligation), whether the policy clearly specifies what data is collected, why it’s used, and inform users of their rights, whether data collection is proportionate, non-deceptive, and -non-exploitative or harmful and whether, opt-out options are available.
    2. Storage limitation: How long does the app keep your data, do they mention for what purposes they store it, and why they may need to store it indefinitely (if specified)?
    3. Purpose limitation: Do the privacy policy mention why they need your data, and for what reasons they need the different kinds of your personal data ?
    4. Data minimisation: Do they collect an adequate amount of personal data that would be relevant for their service? Or do they collect personal data beyond what is necessary for performing their service?
    5. Accuracy: Do they mention that they expect users to have provided reasonably accurate personal information, and not to provide misleading information? Do they tell you how you can correct it?
    6. Integrity and confidentiality: Does the policy mention if reasonable data security measures are implemented to protect and secure your data? Do they specify encryption, access controls, or other safeguards to ensure data protection?
    7. Accountability: Do they have policies in place that would explain these principles (terms of use, privacy policy, any other records/measures they mention)

If the data protection principle is complied with, you will see that the checkbox has been ticked. You’ll see that we’ve left some boxes empty- We have done that where the policy was unclear or we don’t have enough information to determine whether the principle was complied with.

FLO

Flo, launched in 2015, is the most popular period, ovulation and pregnancy tracker app. With over 400 million downloads worldwide and 1.5 million monthly active users in India, it has created a  presence in India.

Subscription Model: Flo operates on a freemium basis, offering both free and premium subscription options. The free version provides essential features such as period and ovulation predictions, symptom logging, custom reminders, and access to a supportive community through Secret Chats. For users seeking enhanced functionalities, the premium subscription model unlocks advanced features like detailed health insights, a virtual health assistant, and comprehensive pregnancy tracking. 

Anonymous Mode: In response to growing privacy concerns, especially following significant legal changes regarding reproductive rights in the USFlo introduced “Anonymous Mode” in September 2022. This feature allows users to access the app without providing personally identifiable information, such as names or email addresses, thereby enhancing user privacy.  

Secret Chat Mode: Users can engage in discussions within the app while keeping their identity hidden. It provides a safe space for users to ask personal questions about health, periods, pregnancy, etc., without revealing their username or profile details.

Lawsuits against Flo

  1. In January 2021, the U.S. Federal Trade Commission (FTC) reached a proposed settlement with Flo Health. The FTC alleged that Flo shared users’ sensitive health information—including menstrual cycles, ovulation, and pregnancy data—with third-party analytics and marketing services such as Facebook and Google, despite assurances of privacy. As part of the settlement, Flo Health agreed to obtain user consent before sharing health data, undergo an independent review of its privacy practices, and notify users about the unauthorized data disclosures.
  2. In March 2024, a class action lawsuit filed in the Supreme Court of British Columbia claimed that Flo shared users’ data without consent, including “details about their periods, sex lives and pregnancies,” to companies such as Facebook.

Lets analyse the Flo’s Privacy Policy in detail (Last updated on 6 September, 2024) 

A. Categories of Data Collected: Flo allows users to log an extensive range of personal details, including:


Data Collected as per the Privacy Policy based on User Input 


Data collected as per the Privacy Policy (automatically)

Data collected but not explicitly mentioned in the Privacy Policy (the user can input further details under each of these categories – Images 1.1 – 1.3 )
  1. General information:
    • Name;
    • Email address;
    • Year of birth;
    • Password or passcode;
    • Place of residence and associated location information including time zone and language;
    • ID (for limited purposes).
    • Name and email address of partners. 
  2.  Health and well-being:
    • Weight;
    • Body temperature;
    • Menstrual cycle dates;
    • Details of your pregnancy (if you select the pregnancy mode);
    • Various symptoms related to your menstrual cycle, pregnancy and health;
    • Other information about your health (including sexual activities), physical and mental well-being, and related activities, including personal life.
  3. Third-party apps on/linked to device (including wearables)
  1. Device Information:
    • Device model;
    • Information about the operating system and its version;
    • Unique device identifiers (e.g. IDFA);
    • Mobile operator and network information;
    • Device storage information;
    • Version of your device system.
  2. Location Information:
    • IP address;
    • Time zone;
    • Information about your mobile service provider.
  3. Data about your use of the Services,    including, among others:
    • Frequency of use;
    • Areas and features of the services that you access or use
    • payment transaction information (excluding full payment card details) 
    • Engagement with particular features.
  4. Data from external sources if useful in enhancing or supplementing existing information and for statistical purposes/ analytics.
  • Ethnicity
  • Height
  • Feelings of the day
  • Sexual activity and sex drive
  • Mood fluctuations
  • Symptoms related to menstruation or pregnancy 
  • Vaginal discharge
  • Appetite 
  • Swelling and other body changes in case of pregnancy 
  • Digestion and stool consistency
  • Pregnancy test results
  • Ovulation test results
  • Daily activities (e.g., travel, meditation, journaling)
  • Physical activity and exercise routines
  • Oral contraceptive consumption
  • Other medications taken
  • Daily water intake
  • Daily Weight tracking
  • Daily Basal body temperature
  • Personal notes and observations

(Table 1)

Observations: While user consent is the primary legal basis for collecting and processing sensitive personal data, certain categories of data are collected automatically without explicit consent. These include general information, device details, location data, app usage patterns, and data from external sources and sensitive health data (Table 1, Column 2). Inputs related to health and wellbeing can be voluntarily added by users, however it is unclear whether  data collected in these categories are essential or scientifically necessary for predicting or monitoring periods, ovulation, or pregnancy. (such as the type of exercises undertaken, daily journal entry etc).

Image1.1
Image 1.2
Image 1.3

B. Third-Party Apps/Devices that Flo can access:

  • Apple Health on IOS devices
  • Google Health on Android 
  • Wearable tech enabled devices like smartwatch and rings (details not specified) 
  • Location

Observations: Flo can access and import health and activity data from third-party services like Apple HealthKit and Google Health Connect. Flo seeks user consent for these purposes. Such data may include fitness activities, weight, height, BMI, calories burned, heart rate, step count, distance traveled, body temperature, and sleep data. Flo uses this information to provide cycle predictions and general activity insights. However, the data-sharing process is also governed by the Privacy Policies of Apple HealthKit, Google Health Connect, and wearable device providers, which may collect usage data for their own business purposes. The data accessed from Apple HealthKit or Google Health Connect is not shared or sold to advertising platforms, data brokers, or information resellers.

C. Third-Party Access to Data 

Flo’s Privacy Policy states the third parties with whom the data is shared, type of data shared and the purpose for which it is shared. The Privacy Policy lists down 21 companies. These companies may further share user data according to their respective privacy policies. 

Opt-Out Option to withdraw consent for data sharing is only available for 1 company (AppsFlyer). However it’s not clear how this option can be exercised. 

Flo “may” anonymize, aggregate, or de-identify personal data to prevent identification and share it with third parties such as: 

  • academic research institutions.
  • to use for statistical purposes and scientific research including articles, blog posts, or scientific publications.
  • for advancement of female health research.

Flo also allows users above the age of 18 to allow users (18+) to share certain Flo account data with their partner. Partners get read-only access and cannot edit, download, or view past calendar entries, personal notes, symptoms, or Secret Chats. Partners also receive tailored educational insights, and symptom notifications depending on period/pregnancy. The partner’s name and email address are collected. 

Flo’s Privacy Policy states that it does not rent or sell personal data for monetary gain.

D. Rights under DPDPA

Observations:

  1. Right to access is not available for users who operate Flo in Anonymous Mode.
  2. Flo has a 30-day timeframe to process user requests, which can be extended to 90 days.
  3. Grievance redressal is provided for, however, does not contain specific details of an officer but provides a support team email and data protection officer’s email. 
  4. Additional rights available to the user include the Right to data portability and Right to object processing of personal data.

E. Plain Language and readability 

The Privacy Policy has language that is simplified and structured. It also has a summary, illustrative examples and visual aids to improve readability. However, some information relating to collection of information and sharing of information with third parties can be communicated more clearly. 

F. Data Protection Score

Data Protection Score : 2/7

Observations: 

  1. Lawfulness, transparency and fairness: Flo states that its policies are in line with the Global Data Protection Regulation (GDPR) framework. It primarily relies on user consent for processing personal data. However, some data categories (e.g., general information, device details, location, app usage patterns, and external data sources) are collected automatically without explicit consent. The processing of sensitive data is prohibited under GDPR unless the exceptions apply. Flo collects certain data (ethnicity, health details, medications used etc – Table 1, Column 2) which are sensitive in nature, without explicit consent and such practices raise concerns under this principle and Article 9 of GDPR.
  2. Storage limitation: The privacy policy does not clearly state how long user data is retained. While data is used for improving service quality, no explicit retention timeline is provided. It is also unclear why certain data may need to be stored indefinitely. 
  3. Purpose limitation: While the privacy policy clearly states the purpose for each type of data collected as listed in the policy, it does not clearly specify why certain data points which are entered voluntarily are necessary for the core purpose.
  4. Data minimisation: Data collected as per Table 1, Column 2 raises concerns of whether the data minimisation principle is followed. Flo’s collection of extensive personal information beyond data essential for the specific purpose, for instance, tracking periods/ovulation/pregnancy without transparency contradicts this principle.
  5. Accuracy: The privacy policy emphasizes the importance of data accuracy by allowing users to access, modify, correct, erase, and update their personal data. 
  6. Integrity and Confidentiality: Flo has obtained independent certifications in both ISO/IEC 27001 in Information Security and ISO/IEC 27701 in Privacy. Key safeguards include encryption (in transit and at rest), vulnerability scanning, penetration testing, and data integrity protection. Access to user data is restricted based on necessity, with strict accountability measures for employees. Flo also conducts periodic data protection impact assessments and privacy audits, especially in cases of mergers or acquisitions. 
  7. Accountability: Flo has requisite policies in place i.e Privacy Policy, Terms of Use, Cookie Policy, FAQs etc. The company has appointed a Data Protection Officer, accessible via dpo@flo.health, to address privacy-related concerns. However, in light of lawsuits and settlements, questions remain about the effectiveness of these policies in ensuring compliance with data protection regulations and safeguarding user privacy.
CLUE

Clue is a period tracker and health tracker app designed to help users monitor their menstrual cycle, fertility, and overall health. Clue, developed by Berlin-based BioWink GmbH, was launched in 2013. Since its inception, Clue has garnered a substantial user base, with over 15 million users across 180 countries. 

Clue has 5 different modes:

  1. Track my period
  2. Try to conceive
  3. Track without a Period
  4. Follow my pregnancy
  5. Track perimenopause.

Clue also allows individuals to monitor their health trends over time and gain a better understanding of their bodies.

Mandatory Sign In: Clue requires a mandatory sign-up and creation of an account to use the app. 

Subscription Model: Clue offers both a free version and a premium subscription called Clue Plus, each catering to different user needs. The free version allows users to track their menstrual cycle, log symptoms, set reminders, and access basic educational content. It includes predictions for upcoming periods and fertile windows, along with customizable tracking options. Clue Plus, the paid version provides advanced cycle predictions up to 12 months ahead, enables use of track perimenopause mode and specialized modes for fertility, pregnancy, expands symptom tracking and provides insights. Users can also access Clue’s medical content, unlimited custom tags, priority customer support, and features like Clue Connect, which allows users to share their cycle data with trusted individuals. 

Lets analyse the Clue’s Privacy Policy in detail (Last updated as of January 20, 2025)

A. Categories of Data Collected: Flo allows users to log an extensive range of personal details, including:


Data Collected as per the Privacy Policy based on User Input 


Data collected as per the Privacy Policy (automatically)

Data collected but not explicitly mentioned in the Privacy Policy (the user can input further details under each of these categories – Images 2.1 – 2.3 )
  1. Health Data
    • Period length
    • Pain levels
    • Spotting
    • Weight
    • Body temperature
    • Hair quality
    • Sexual intercourse
  2.  Third-party apps on/linked to device (including wearables)
  1. Account Data
    • Username
    • Date of birth
    • Email address
  2. Usage Data
    • Device model, name, and identifiers
    • Device settings
    • Application identifier
    • Crash information
    • Browser settings
    • Operating system
    • System settings
    • Collected from browser or mobile device to deliver services
    • Used to determine approximate location for statistical, analytics, and regulatory compliance purposes

*Note: Precise location is not collected
  • Health History 
  • Feelings
  • Pain 
  • Sleep Quality 
  • Sleep Time 
  • Energy 
  • PMS
  • Daily Note 
  • Mind and Moods
  • Social Life 
  • Craving 
  • Discharge 
  • Digestion 
  • Stool
  • Exercise 
  • Meditation Time 
  • Leisure activities 
  • Partying and social life details
  • Tests taken for pregnancy/ovulation
  • OG/GYN Appointments
  • Medications
  • Ailments 
  • Type of contraceptive used 
  • Supplements 🔒
  • Breast and Chest 🔒
  • Urine 🔒
  • Hot Flashes 🔒
  • Vulva and Vagina 🔒

(Table 2)

Observations: Clue’s Privacy Policy specifies certain categories of data collected (Table 2, Column 1). However, additional user-inputted data (Table 2, Column 2) is also collected, though not explicitly mentioned in the Privacy Policy. These details are voluntary for users to log. Further, Clue Plus (subscription model) users may provide additional data (marked with 🔒 in Table 2, Column 2), indicating potentially exclusive data collection for premium services. Some of these details are extremely intrusive and don’t justify the reason behind collection (such as medication and supplements taken, record of sleep time, leisure activities , partying and social life details etc.)

Image 2.1
Image 2.2
Image 2.3

B. Third-Party Apps/Devices that Clue can access:

  • Apple Health on IOS devices
  • Ourarings (wearable tech) 

Observations:

With user consent:

  • Apple Health: Clue can access and import personal data from Apple Health.
  • Oura Ring: Oura shares some pseudonymized tracked data with Clue to enhance data visualization and improve the user experience. However, no personal information is shared with Oura.

It’s important to note that the data-sharing process is also subject to the privacy policies of Apple Health and Oura, which may collect and use data for their own business purposes.

C. Third-Party Access to Data 

Clue’s Privacy Privacy clearly states the third parties with which the data is shared, type of data and the purpose for which it is shared. However, it can be further categorized as follows:

i. No Opt-Out Option

Five third-party providers are essential for Clue’s core functionality, and users cannot opt out of sharing data with them.

ii. Explicit Option to Control Data Sharing

Users can manage data sharing settings for:

  • 2 apps/devices that Clue accesses through apps on the phone or connected wearable devices.
  • 3 social login providers (Facebook, Apple, Google).
  • 1 partnership company, where users can control privacy settings within their respective accounts to determine what data is shared.

iii Explicit Consent for Opt-In with Opt-Out Option

Clue provides an explicit opt-in/opt-out option during consent to the Privacy Policy for sharing data in the following cases:

  • Advancing scientific research
  • Improving features with health analytics
  • Receiving recommendations from Clue
  • Customizing advertising efforts
  • Enhancing the technical performance of the Clue app

Additionally, the Privacy Policy includes a separate link listing all scientific research partnerships Clue is involved with, allowing users to review them before deciding to share their data.

iv. Lack of Clarity on Opt-Out Option

For 8 third-party providers, there is uncertainty regarding whether users can opt out of data sharing. These include:

  • Payment Providers
  • Customer Support Tools
  • Survey and Research Tools
  • Advertising Tools

The Privacy Policy also mentions that 

  • Personal data may be transferred outside the European Economic Area only if privacy regulations are observed.Transfers rely on Standard Contractual Clauses (SCCs) under Article 46 GDPR when no EU Commission adequacy decision exists. Clue further does not choose processors based in countries where there are concerns of rule of law with respect to privacy.
  • For U.S.-based processing, third-party providers must be certified under the EU-US Data Privacy Framework as an additional safeguard.

D. Rights under DPDPA

Observations:

  1. There are no timelines set by Clue to facilitate user’s data protection rights. 
  2. No specific details of the Grievance Officer are provided except only a support team email address.

E. Plain Language and readability 

The Privacy Policy has language that is simplified and structured. The policy also has various illustrative examples to make users understand the relevance of data sharing and its connection with stated purposes.   However, there are parts of information, relating to collection of information and sharing of information with third parties, that can be communicated more clearly.

F. Data Protection Score

Data Protection Score : 2/7

Observations: 

  1. Lawfulness, transparency and fairness: Clue states that its policies are in line with the GDPR framework. It primarily relies on three legal basis for processing data : (i) Consent as per Article 6 (1) (a) of GDPR and Article 9 (2)(a) of GDPR which allows the processing of personal data and special categories of personal data when explicit consent is provided by the data subject, (ii) Contract as per Article 6(1)(b) of GDPR, which permits data processing necessary for the performance of a contract in this case the contract is with certain third parties and (iii) Legitimate interest as per Article 6 (1) (f) to collect and process technical data based on Clue’s legitimate interest as a company to continuously improve the functionalities of the app. The Privacy Policy also clearly specifies the legal basis for processing each category of data by Clue or third party. However, Clue collects sensitive personal data without clearly stating the specific purpose under the Privacy Policy. 
  2. Storage Limitation: The Privacy Policy mentionsAll personal data collected for our customer service is deleted by us as soon as it is no longer required for the purpose for which it was collected” in multiple clauses. However, there are no other specifications mentioned regarding timelines.
  3. Purpose limitation: While the privacy policy clearly states the purpose for each type of data collected,, it does not clearly specify why certain data points which are entered voluntarily, are necessary for the core purpose (Table 2, Column 2).
  4. Data minimisation: Data collected as per Table 2, Column 2 raises concerns of whether the data minimisation principle is followed. Clue’s collection of extensive personal information beyond data essential for tracking periods/ovulation/pregnancy without clear scientific basis contradicts this principle.
  5. Accuracy: The privacy policy does not clearly emphasize the importance of data accuracy. However, Clue provides mechanisms for users to correct personal information if required. 
  6. Integrity and Confidentiality: Clue employs robust security measures to protect personal data, including encrypting data during transmission and storing passwords using one-way encryption techniques. They state that health data is stored separately from personal data for enhanced protection.
  7. Accountability: Clue has requisite policies in place i.e., Privacy Policy, Terms of Use, Cookie Policy, FAQs etc. Clue has appointed a Data Protection Officer to address privacy-related concerns. These measures reflect Clue’s commitment to upholding data protection principles and maintaining user trust.
PERIOD TRACKER PERIOD CALENDAR

Period Tracker Period Calendar (PTPC), developed by Simple Design Ltd., is an app designed to help users monitor their menstrual cycles. It offers features such as tracking periods, cycles, ovulation, and daily chances of conception. The app has gained significant popularity with over 150 million users worldwide. PTPC also has a subscription model which is ad-free and has access to more features and insights.

No mandatory Sign-In: The app’s popularity comes from its lack of a mandatory sign-in requirement, this ensures user anonymity. Users can use all the free features of the app without signing in. However, consent is not taken explicitly if the user does not login, and is treated as implied. 

Data only stored on local device: The Privacy Policy states that the data entered by the user is only stored in the local device of the user and not on the server of the App. If the user chooses to login in the app, then PTPC collects data entered, such data can also be backed up to the user email or to the cloud.

Lets analyse PTPC’s Privacy Policy in detail (Last updated as of August 2023)

A. Categories of Data Collected:


Data Collected as per the Privacy Policy based on User Input 


Data collected as per the Privacy Policy (automatically)

Data collected but not explicitly mentioned in the Privacy Policy (the user can input further details under each of these categories – Images 3.1 – 3.3 )
  • health information
  • menstrual cycle, 
  • Weight
  • Body temperature
  • Feedback regarding features of the app  
  1. If user logins:
    • Account name 
    • Email address 
    • Public profile associated with that Account. 
  2. Upon interaction with PTPC
    • Button clicks 
    • Page views 
    • General settings 
    • Time spent on the app
    • Activity duration on specific features
  • Blood Flow 
  • Diary entry 
  • Intercorse details
  • Medicine details -Contraceptive details and Vitamin supplements 
  • Lifestyle related details – sleep, water consumption
  • Symptoms – Head, Body, Cervix, Fluid, Abdomen, Mental (There’s a 1 to 4 star rating that user can give )
  • Moods
  • Ovulation Tests
  • Pregnancy Test 
  • Breast self-exam 
  • Cervix mucus 
  • Cervix position
  • Cervix status
  • Cervix temperature

(Table 3)

Observations: PTPC does not explicitly seek user consent under the Privacy Policy. While the Privacy Policy explicitly states that it does not collect identifiable personal data, it does not categorically rule out collecting anonymized data, thus it’s likely that PTPC retains the ability to collect and potentially share anonymized data. Furthermore, depending on the level of anonymization and whether it is combined with other datasets, privacy concerns can still arise.

For users who log in, the Privacy Policy allows the collection of account names, email addresses, and the public profile associated with that account. While it is voluntary for the users to add additional information (Table 3, Column 2) and the Privacy Policy states that the app cannot access health data,  however, the information sought is clearly extensive and intrusive.

Image 3.1
Image 3.2
Image 3.2

B. Third-Party Apps/Devices that PTPC can access:

  • Third-party social network Account for Login (Gmail ID, Apple ID) 
  • Google Calendar (if login by Google ID) 
  • Cloud access (Google drive, icloud, dropbox) 
  • Apple Health 
  • Apple Watch

Observations

The user is unable to use the app without granting permission to access the Calendar. The Privacy Policy does not explain the purpose of requiring access to Calendar, which may contain other personally identifiable information of the user

Additionally, PTPC has the ability to access and import personal data from Apple Health and Apple Watch. However, explicit user consent was not obtained, as access was automatically enabled upon installation.

C. Third-Party Access to Data 

PTPC’s Privacy Policy states that it does not share any user-tracked data on the app, including health information, with third parties.

The only exception to data sharing with third parties is for providing personalized advertisements; AdMob by Google is the only third-party app mentioned in the Privacy Policy. Further, Google may collect limited personal data, such as online identifiers and IP addresses, for advertising, analytics, and fraud prevention purposes. Users have the option to opt-out of personalized ads and the above mentioned data collection through settings or Google’s specified instructions, though they may still see ads that are less relevant.

For payment processing, third-party providers handle transactions securely in compliance with PCI-DSS security standards. The app itself does not store or collect payment card details. Google playstore’s in- app payments option can also process payment and the data collection will be as per the privacy policy of Google.

Further, data may only be shared in specific situations, such as when required to (i) fulfill legal obligations or to comply with authorities, (ii) when it is necessary to prevent significant danger or disadvantages and obtaining user authorization in time is not possible and (iii) when sharing is permitted by law. The data so shared will be anonymized in a manner so as to not be linked to the user. 

PTPC alo allows users to share menstruation history, cycle phase, reminders and future predictions with their partner. Partners do not have access to other details recorded.

D. Rights under DPDPA

Observations:

  1. It is not clarified whether right to access is available when users operate PTPC without logging in.
  2. There are no timelines set by PTPC to facilitate the data protection Rights. 
  3. Grievance redressal is provided, however, it does not contain specific details of an officer.
  4. Additional rights available to the user include the Right to data portability and Right to object processing of personal data.

E. Plain Language and readability 

The policy reads as a legal contract, and while structured, is not easy to read. The Privacy Policy is also hard to locate on the app.  User consent is not taken in an explicit manner. Vague language is used throughout the policy giving levy for data collection practices. 

F. Data Protection Score

Data Protection Score: 2/7

Observations: 

  1. Lawfulness, transparency and fairness: PTPC states that its Privacy Policy is in line with the GDPR framework. The legal basis as per the Privacy Policy are (i) Consent, (ii) Performance of contract, (iii) Legal obligations, (iv) Vital interests, (v) Public interests and (vi) Legitimate interests. However, the app does not explicitly collect consent for the Privacy Policy or the data collected. The Privacy Policy does not explicitly state the types of data collected and the purposes achieved by such collection. 
  2. Storage Limitation: The Privacy Policy states the PTPC does not store any data on their server, data is only stored in the users local device or backup to email/cloud if the user opts to. Users also have an option to request for deletion of data. Additionally, any feedback provided by users is retained only as long as necessary and is deleted within a month if not required.
  3. Purpose limitation: While the privacy policy states the purpose for which data is collected as listed in the policy, it does not clearly specify why certain data points which are entered voluntarily are necessary for the core purpose. (Table 3 , Column 2)
  4. Data minimisation: While Privacy Policy states that PTPC does not collect any personal data, the information sought by the app (Table 3, Column 2) is clearly extensive and intrusive and does not justify the purposes. 
  5. Accuracy: The privacy policy does not clearly emphasize the importance of data accuracy. However PTPC provides mechanisms for users to correct personal information if required. 
  6. Integrity and Confidentiality: User data is stored only on their device, ensuring privacy and preventing unauthorized external access. If users choose to back up data to their personal storage (e.g., Google Drive), the app developers do not have access, maintaining confidentiality. Additionally, users can request for deletion of their data. The policy states that the organization implements administrative, technical, and physical security measures to protect user information. It also explicitly mentions system vulnerability scanning, penetration testing, data integrity protection, and organizational/legal measures as safeguards. These indicate efforts to ensure data security and confidentiality. Additionally, the app also has a “Protect Mode” feature that enables users to input “0000” to generate sample data in situations where they are compelled to disclose sensitive information.
  7. Accountability: PTPC has a Privacy Policy in place; however, it lacks a Terms of Use and a Cookie Policy. Additionally, the Privacy Policy does not provide details of a Grievance Officer or Data Protection Officer (DPO), instead, it only includes a general support team email.
MY CALENDAR – PERIOD TRACKER

My Calendar – Period Tracker by SimpleInnovation was developed in the US and launched in 2015. The app is highly rated in the Android Play store and iOS App store and has over 10 million downloads. The app allows users to track ovulation, fertility and periods,  birth control pills, moods and other symptoms. Additionally, the app offers a subscription model specifically designed for users trying to conceive.

No mandatory Sign- In:  Users can access the app without signing in. However, consent is not taken explicitly if the user does not login and is treated as implied. 

Cloud storage: The app allows users to back up data into existing cloud accounts linked to login email id. 

Let’s analyse My Callender’s Privacy Policy in detail (Last updated as of Aug 31, 2023 )

A. Categories of Data Collected:


Data Collected as per the Privacy Policy based on User Input 


Data collected as per the Privacy Policy (automatically)

Data collected but not explicitly mentioned in the Privacy Policy (the user can input further details under each of these categories – Images 4.1 – 4.3 )
  1. User Data
    • First name or preferred means of address;
    • Your email address;
    • Menstrual cycle and period dates and length;
    • Symptoms and moods experienced day-to-day;
    • Sexual activity;
    • Contraceptive methods and dates;
    • Medicines taken;
    • Temperature measurements;
    • Weight measurements;
    • Personal notes, which could, depending on what was entered, contain information which could on its own or together with other information, be used to personally identify you.  
  1. Analytics Data
    • A device identifier enabling other issues on the same device to be located;
    • Crash logs, enabling application failures to be investigated; and
    • App interaction signals and event data, typically indicating when an application feature has been used in a certain way
  2. Purchase Data
    • ID generated by the app store, 
    • price information, 
    • the date and time of the purchase, 
    • ZIP code of the purchaser.
  3. Advertising Data
    • Advertising ID linked to device.  
    • Device Data
    • Inferences – Third parties may combine the Advertiser ID with location data or other app usage data to learn about user behavior.
  • Symptoms – Head, Face, Body, Digestion, General including sleep, fatigue, emotions, sexual activity, cervix, discharge
  • Moods – divided into General, Positive, Negative 
  • Notes

(Table 4)

Observations:

My Calendar does not explicitly request user consent for the Privacy Policy. By default, user data is stored locally on the user’s device, and My Calendar does not have access to this data. However, the Privacy Policy also states that if a user opts to back up their data to the cloud, a limited number of employees may have access to it.

Image 4.1
Image 4.2
Image 4.3

B. Third-Party Apps/Devices that PTPC can access:

  • N/A

C. Third-Party Access to Data 

The Privacy Privacy states that the following data is shared with third parties:

  1. Analytics Data : The Analytics Data (Table 4, Column 1) is shared with third parties to assist My Calendar in enhancing the app, troubleshooting issues, and assessing feature usage, including when and how users interact with different functionalities and how quickly new features are discovered. It states that this data is anonymized. There is no option to opt-out of sharing Analytics Data, which is provided to 3 third-party companies.
  2. Advertising Data : A standard advertising identifier (“Advertiser ID”) is shared with selected advertising partners to display relevant ads. This ID, generated by the user’s device does not contain personal information but can be used by third-parties to track online activities. Both iOS and Android allow users to reset or disable their Advertising ID, and if disabled, the App will not share it. Users can opt out of targeted ads through their device settings. The Privacy Policy lists down 10 companies. These companies may further share your data according to their respective privacy policies.

The Privacy Policy also mentions the provision for use of Advertising IDs may constitute a sale of personal information under certain laws including including the California Consumer Privacy Act (CCPA).

D. Rights under DPDPA

Observations:

  1. My Calendar has a one-month timeframe to process and facilitate users’ data protection rights.
  2. Grievance redressal is provided, however, it does not contain specific details of an officer but just a support team address. 
  3. Additional rights available to the user under CCPA include the Request Disclosure (Right to Know), Right to Opt-Out of Sale/Sharing of Personal Information and Right to Non-Discrimination. 
  4. Additional rights available to the user under GDPR include the Right to Resist Processing and Right to Data Portability .

E. Plain Language and readability 

The Privacy Policy reads as a legal contract, and while structured, is not easy to read. The Privacy Policy is also hard to locate on the app and consent is also not taken explicitly. Additionally, the policy lacks clarity, often using vague terms like “may” when describing data sharing, which leaves room for interpretation. This ambiguity raises concerns about potential data collection, making it challenging for users to fully understand what personal data is being gathered and how it is used.

F. Data Protection Score

Data Protection Score: 2/7

Observations: 

  1. Lawfulness, transparency and fairness: My Calender states that the legal basis as per the Privacy Policy are (i) Consent, (ii) Performance of contract and (iii) Legal obligations. However, the app does not explicitly collect consent for the Privacy Policy or the data collected. 
  2. Storage Limitation: The Privacy Policy states that My Calendar by default stores user data on their device unless they choose to back it up to the cloud. When stored in the cloud, user data is encrypted, and only a limited number of the company’s employees have access to it. If users decide to store their data in the cloud, they will be asked to provide a password to prevent unauthorized access, along with an email address to enable password recovery if needed. Apart from these limited uses, the company does not use the data users provide; it is solely intended to facilitate the use of the app. Additionally, users have the option to request for deletion of their data.
  3. Purpose limitation: While the privacy policy states the purpose for which data is collected, it does not clearly specify why certain data points which are entered voluntarily by the usre are necessary for the core purpose. (Table 4 , Column 2)
  4. Data minimisation: While the Privacy Policy states that My Calendar does not collect any personal data, the information sought by the app (Table 4, Column 2) is clearly extensive and intrusive and does not justify the purposes. 
  5. Accuracy: The privacy policy does not clearly emphasize the importance of data accuracy. However My Calendar provides mechanisms for users to correct personal information if required. 
  6. Integrity and Confidentiality: User data is stored only on their device, ensuring privacy and preventing unauthorized external access. If users choose to back up data to their personal storage (e.g., Google Drive), the app developers only have limited access, maintaining confidentiality. The Privacy Policy also mentions My Calender uses commercially reasonable physical, managerial, and technical safeguards to preserve the integrity and security of your data, however, these are not specified.
  7. Accountability: My Calendar has a Privacy Policy in place; however, it lacks a Terms of Use and a Cookie Policy. Additionally, the Privacy Policy does not provide details of a Grievance Officer or Data Protection Officer (DPO), instead, it only includes a general support team email.
MAYA

Maya is a period tracking app developed by Plackal Techno Systems Pvt. Ltd., an Indian based company. The app was launched in 2012 and has since gained widespread popularity with over 10 million downloads. Users can leverage Maya for four main instances: (i) track cycles and health, (ii) avoid pregnancy, (iii) try to conceive, (iv) track pregnancy. Maya also offers a subscription model that provides users with an ad-free experience, detailed health insights, additional storage for syncing multiple accounts, and enhanced visual features. 

Mandatory Sign In: Maya requires users to mandatorily sign-up/log in to use the app. 

Community Chat: Maya has a community feature that allows users to discuss health with other users and experts. Users including children share intimate details using this feature,often seeking advice.

Let’s analyse Maya’s Privacy Policy in detail (Last updated date not available)

A. Categories of Data Collected:


Data Collected as per the Privacy Policy based on User Input 


Data collected as per the Privacy Policy (automatically)

Data collected but not explicitly mentioned in the Privacy Policy (the user can input further details under each of these categories – Images 5.1 – 5.3 )
  1. Personally Identifiable Information
    • Notes
    • Symptoms
    • moods
    • Menstrual cycle length
    • Health information
    • Weight
    • Body Temperature 
    • Love- Physical intimacy 
    • Location 
  1. Personally Identifiable Information
    • Name
    • E-mail address 
    • Automatically syncs entered data to the registered email address.
  2. Automatically Tracked
    • Your IP address
    • The website from which you were referred to our website (e.g. if you followed a link)
    • The webpages you are visiting on our website
    • The browser you are using and its display settings
    • Your operating system
    • The date and duration of your visit
  3. Device Information
    • the hardware model, 
    • operating system and version, 
    • software and file names, 
    • preferred language, 
    • unique device identifier, 
    • advertising identifiers, 
    • serial number, 
    • device motion information, 
    • mobile network information.
  • Texture of Mucus

(Table 5)

Observations:

Maya does not explicitly request user consent for its Privacy Policy. Instead, it assumes consent through user interaction with its platforms. The policy states that by visiting the platform or providing information, users consent to data collection and sharing as outlined. Additionally, it acknowledges that even non-registered users may have their data collected if a registered user shares their information to facilitate services. The Privacy Policy leaves broad scope for data collection with usage of vague phrases like “any information that you enter into the App”. 

Personal information which is collected is not anonymised and is used for internal research on users’ demographics, interests, and behaviour to better understand, protect and serve users. Some of this information is also tracked automatically. This information is then further compiled and analysed on an aggregated basis.

Image 5.1
Image 5.2

B. Third-Party Apps/Devices that Maya can access:

  • Location

Observation:

Maya collects users’ location data on the basis of consent, when the app is used on a mobile device, this includes precise location tracking when the app runs in the foreground or background, Maya also collects approximate location derived from the user’s IP address. However, the Privacy Policy fails to specify the purpose of collecting location data.

C. Third-Party Access to Data 

Maya shares user data with the following third parties:

  1. Payment Providers & Authorities: User information may be shared with payment service providers and regulatory authorities upon request.  
  2. Legal & Compliance Disclosures: Personal data may be disclosed if required by law or in good faith to respond to legal processes, enforce policies, address third-party claims, or protect users and the public.  
  3. Business Transfers: User information may be shared or sold if the company undergoes a merger, acquisition, or business restructuring, with the new entity required to follow the Privacy Policy.  
  4. Advertising & Analytics: While personal data of identifiable individuals is not shared with advertisers, aggregated or anonymized data may be shared to help target ads.  v) Sponsors & Business Partners of Maya: User data may be shared for marketing purposes, including newsletters, offers, and updates about new services.

The Privacy Policy does not specify the names/details of any third party company involved. 

D. Rights under DPDPA

Observations:

  1. Maya doesn’t provide users any rights that are available to data principles under the DPDPA. 
  2. Right to withdraw consent is limited to opt-out of receiving non-essential (promotional, marketing-related) communications

E. Plain Language and readability 

The Privacy Policy is written in complex legal language, making it difficult for users to read and understand. It is embedded within the app’s terms, which can make it hard to access. The policy also reads like a contract, and lacks clarity that may confuse users rather than inform them.

F. Data Protection Score

Data Protection Score: 2/7

Observations: 

  1. Lawfulness, transparency and fairness: Maya’s Privacy Policy does not have reference to any data protection laws, it also relies on implied consent for the Privacy Policy and data processing activities. The Privacy Policy also does not specifically mention the existence of data protection rights. 
  2. Storage Limitation: The Privacy Policy states that all information is saved and stored on servers, which are secured with passwords and pins to ensure no unauthorized person has access to it. It does not clearly state how long user data is retained. Additionally, users have the option to request for deletion of their data, however, Maya may still retain some information and record of transactions as required by any law, contract or policy.
  3. Purpose limitation: The Privacy Policy states the purposes for which data is collected, however, it uses broad terms like “to provide services for you” and does not explicitly mention the purpose achieved from collecting each data point. (Table 5)
  4. Data minimisation: The personal information sought is not too extensive and is adequate for providing the services. 
  5. Accuracy: The Privacy Policy does not explicitly emphasize the importance of data accuracy. However, this is mentioned in the Terms of Use, which the Privacy Policy is a part of. Additionally, Maya includes a disclaimer regarding medical advice, diagnosis, or treatment provided within the app. 
  6. Integrity and Confidentiality: The Privacy Policy states that all information is stored securely but does not specify the safeguards in place. Additionally, anonymized user information may be shared with advertisers. Maya’s chat functionalities pose a heightened risk, as data breaches could expose sensitive and intimate details, potentially leading to significant harm. Moreover, chat platforms can also be a source of misinformation.
  7. Accountability: Maya has a Privacy Policy in place; however, it is not detailed and is within the Terms of Use, there is no specific Cookie Policy. Additionally, the Privacy Policy does not provide details of a Grievance Officer or Data Protection Officer, instead, it only includes a general support team email.

HERE’S WHAT WE FOUND:

  • Data Protection Score: All 5 apps scored 2/7 in the data protection principles. 
  • Failure to Follow Data Protection Principles: None of the apps have followed the data protection principle of ‘Lawfulness, transparency and fairness’. Apps have either not clearly stated all the data they collect from users (Flo, Clue, PTPC, My Calendar) or haven’t specified the legal basis for collection (Maya). None of the apps have also followed the data protection principle of ‘Purpose Limitation’, as they do not explicitly justify why they collect specific data or how it serves the intended purpose. 
  • Data Protection Rights: 4/5 apps (Flo, Clue, PTPC, My Calendar) provide users all 5 data protection rights, while 1/5 app (Maya) only provides right to erasure of data. 
  • Consent Assumption: 3/5 apps ( PTPC, My Calendar, Maya) assume that by accessing the app, users automatically consent to the privacy policy.
  • Notification of Policy Changes: 2/5 apps (Flo and PTPC) explicitly state that they will notify users of changes through their website or email, 1/5 (Clue) states that it will only notify the user of privacy policy change if they consider the change to be material for consent and 2/5 (My Calendar and Maya) only update the policy within the app without notifying users.
  • Opt-Out and Data Processing Rights: 4/5 apps (Flo, Clue, PTPC, My Calendar ) provide users the right to opt out of targeted advertisements and limited right to object processing of personal data by law, Maya does not offer such rights.
  • Anonymity & Sign-In Requirements: 3/5 apps (Flo, PTPC, My Calendar) provide users with anonymity by not requiring mandatory sign-in. 

TAKEAWAYS

Despite assurances in their privacy policies that personally identifiable data will not be shared with third parties, menstruation-tracking apps have repeatedly come under scrutiny for questionable data-sharing practices. Even when data is purportedly anonymized, there is a significant risk of re-identification through cross-referencing with other datasets, raising serious privacy concerns. Further under DPDPA, users in India do not have a right to restrict processing or opt out of targeted advertisements, a protection available in other jurisdictions. 

The security measures adopted by these apps are often insufficient, relying on ambiguous statements rather than strong technical protections. Many of these apps gather a vast and highly intrusive amount of personal data without clearly explaining why such sensitive information is needed. This lack of transparency raises concerns about potential data misuse and commercialization.

Some menstruation apps claim to share anonymized data for scientific research. However, accuracy and reliability of the data collected are rarely verified. 

While we recommend a traditional calendar to track your menstrual cycle and reproductive health, if you prefer using an app, before downloading, consider these key factors:

  • Check the Privacy Policy: Look for clear statements on how your data is used, stored, and shared. Ensure the app does not sell data to third parties.
  • Minimal Data Collection: Opt for an app that only asks for essential information and does not require unnecessary personal details.
  • End-to-End Encryption: This ensures that your data is securely stored and cannot be accessed by the app developers or third parties.
  • No Mandatory Account Creation: Apps that allow tracking without requiring an account are generally safer.
  • No Third-Party Tracking: Avoid apps that share anonymized data with advertisers or researchers without your explicit consent.
  • Data Deletion: Choose an app that allows you to delete your data easily.
  • Consider Open-Source Options: Apps like Drip, Euki or Periodical are open-source and do not rely on profit models or involve third-party data sharing.
  • Offline Mode and Local Storage:  Some apps allow tracking without internet access and store data locally on device,  reducing data exposure.

Prioritize privacy and bodily autonomy over surveillance capitalism. Your health data belongs to you—don’t let it become a commodity.

PrintLinkedIn

Unlawful Expansion of Internet Shutdown Powers in India

Beyond Safe Harbor: The Rise of Personal Liability in Platform Regulation

DPDP Rules, 2025: Significant Data Fiduciaries and Data Transfers