Is your privacy at risk with period tracking apps and wearables?

Natural Cycles
(Image credit: Natural Cycles)

Period tracking apps have been around for years, evolving from simple calendars to sophisticated tools packed with insights and predictions. But the landscape of women's health tech is changing rapidly. It's no longer just about apps: wearables such as the best smart rings and best smartwatches are now integrating these features, offering even more precise tracking capabilities. For example, devices like the Oura Ring or Whoop can now detect subtle changes in temperature, using this data to provide more accurate information about your cycle.

The appeal of this technology is clear. It offers a convenient way to track symptoms, spot patterns, and predict periods, ovulation windows, and even pregnancies, all while helping you gain a deeper understanding of your reproductive health – without the hassle of manually jotting things down. 

However, with this convenience comes a major concern: privacy. When you input personal information into these apps, do you really know who is handling your data? How secure is it? And in countries where abortion laws are becoming increasingly restrictive, could this data be used against you? These questions are more relevant now than ever, which is why we asked several experts about the real risks involved.

The hidden cost of “free” apps

I asked Dr. Jenn Hintzsche, Founder and CEO of fertility company PherDal Fertility Science, to explain the appeal of these tracking tools. 

“Women's health data shared anonymously and aggregated could help women stay healthier longer and live better lives. Personalized data insights could also empower people to share more with healthcare providers and prevent diseases,” she says.

However, the same data in the wrong hands could be used for harmful purposes. “This data could also be used to determine if you broke the law by getting an abortion or what level of health insurance you should receive if you have a pre-existing medical conditions,” Hintzsche warns.

Nicky Watson, the Founder and Chief Architect at Cassie, a data consent management company, says: “If an application or device that you’re using is not clearly selling a product, chances are you are the product.”

You’ve probably heard the “you are the product” line many times before, especially in relation to social media, but it sometimes applies to health tech too. 

“If a woman is inputting information into a free cycle tracker, that data is likely being monetized or sold in some way,” Watson warns. 

Samsung Galaxy Ring

(Image credit: Samsung)

Buckle up, because this gets a little complex. Laws regarding health data vary widely depending on your location, from GDPR (the General Data Protection Regulation) in the European Union to HIPAA (the Health Insurance Portability and Accountability Act) in the United States. 

Watson explains this presents challenges for many tech companies because they collect and store data across different devices and jurisdictions, making consent and compliance challenging. “This is especially tricky when data storage spans multiple platforms across countries with varying data protection laws,” she tells TechRadar.

In the US, HIPAA regulations protect sensitive patient information, but many assume these apply to all health apps and wearables too – and they often don’t. 

“HIPAA only protects health information held by specific healthcare providers,” Watson explains. “Data on your Apple Watch or Fitbit, or genetic data on Ancestry.com, are usually not covered. For HIPAA to apply, the data must be created or maintained by a covered entity, typically health care providers or health plans.”

This is especially concerning in the US. While I haven’t found evidence that period tracking data is being used in investigations at present, authorities could request information if they believe someone had an illegal abortion. 

“The government can request information when there is probable cause in a criminal context,” says Jodi Daniels, a faculty member at IANS Research and the Founder and CEO of data privacy firm Red Clover Advisors. However, Daniels explains that some states, like Washington, have implemented privacy laws, such as the My Health My Data Act, to protect sensitive reproductive information.

Understanding privacy policies: what to look for 

A padlock against a black computer screen.

(Image credit: Pixabay)

The safest option is to avoid sharing any data at all. But if you still want to benefit from health tracking tech, you can take precautions. 

Watson advises that women find solutions that don’t require them to use their real information. “Ask yourself: Why do I have to input my email address? What purpose is there for sharing my contact information? If the answers to these questions aren’t immediately obvious or clearly stated, protect yourself and your privacy – and don’t share them,” she says.

Hintzsche suggests we focus less on the data we share and more about who we share it with. And the best way to find out more about the companies you’re sharing your data with is researching them and thoroughly reading their privacy policies. 

I know it’s not fun. I’m a tech journalist, and I even skim over them too fast. But we should all be more mindful about what we’re signing up to more often.

Hintzsche suggests three red flags to watch for: “Is there a privacy policy? If not, that’s a huge red flag – don’t download it. 

“Next, check the Data Collection section. Some apps collect everything; others only collect one or two data points. 

“Finally, look at Data Sharing. When it comes to app data, sharing often means selling. If they don’t have this section, you should probably stay as far away from this app as possible.” 

She also advises looking for terms like “encrypted” and “anonymized” in privacy policies. This means your data might be used in certain ways, like for research purposes, but it won’t be tied to your name or any other identifying details. “These green flags indicate the app developers are at least somewhat concerned with privacy,” Hintzsche says.

Daniels adds, “A privacy policy should be updated at least once a year. An outdated policy is a sign that privacy isn’t a key priority. Look for detailed explanations of how the company protects your data.”

If this seems daunting, there are unbiased resources that can help. I like Mozilla’s *Privacy Not Included buyer’s guide, which ranks the privacy practices of major apps, breaking down everything you need to know in a really accessible way – it even ranks apps and tech from “creepy’ to “not creepy”. But unfortunately not every app or tool is currently on there. Which means the responsibility still lies with you.

Of course, even the most trustworthy company with a robust privacy policy could be subject to a data breach. Hintzsche says, “Safe is relative. Data breaches can happen.” But she doesn’t think this means we should ditch tech or useful tools altogether. We just need to learn all we can and enter into agreements with our eyes wide open. 

“When it comes to digital privacy, knowledge is power. Understanding what data you share and with whom is key to not being caught off guard.”

You might also like

Becca Caddy

Becca is a contributor to TechRadar, a freelance journalist and author. She’s been writing about consumer tech and popular science for more than ten years, covering all kinds of topics, including why robots have eyes and whether we’ll experience the overview effect one day. She’s particularly interested in VR/AR, wearables, digital health, space tech and chatting to experts and academics about the future. She’s contributed to TechRadar, T3, Wired, New Scientist, The Guardian, Inverse and many more. Her first book, Screen Time, came out in January 2021 with Bonnier Books. She loves science-fiction, brutalist architecture, and spending too much time floating through space in virtual reality.