All of us use period tracking apps for the convenience of it. But what if this convenience comes at the cost of your privacy? Every month, just like you, millions of women open colourful period-tracking apps and dutifully log the most intimate details of their lives. When they last had sex, whether they used contraception, and if they’re trying to conceive a child. What they don’t realise is that every tap, every logged symptom, every private detail is being quietly harvested and sold to Facebook, Google, and data brokers. Sometimes even to their employers. This isn’t a dystopian warning. It’s happening right now to hundreds of millions of women worldwide.

The apps that sold you out

When Maya and MIA Fem were exposed for sending deeply personal information about women’s contraception use, period timings, and sexual activity directly to Facebook, the revelation sent shockwaves through the tech world. Privacy International’s investigation found that Maya, with five million downloads, shared information with Facebook the moment users opened the app, before they’d even agreed to privacy settings.

MIA asked whether users wanted to track their periods or maximise their chances of conceiving, not for medical reasons, but so advertisers could target them more effectively. The apps Maya, MIA, My Period Tracker, Ovulation Calculator, and Mi Calendario were all caught transmitting user data to Facebook without proper consent.

Even Flo, the world’s most popular period-tracking app with over 230 million users, wasn’t immune. In 2019, the Wall Street Journal revealed Flo had been sharing sensitive information with Facebook and Google, including when users were having their periods and whether they intended to get pregnant.

A report found that 67 per cent of period-tracking apps tested share data for “legal obligations”. A 2019 BMJ study found that 79 per cent of health apps regularly shared user data and were “far from transparent”.

Most period-tracking apps store user data on the app provider’s servers or third-party servers rather than keeping it only on the user’s device. This means your most intimate health information is sitting on someone else’s computer, potentially accessible to hackers or law enforcement.

Your employer is watching too

But Facebook wasn’t the only one buying. In 2019, The Washington Post uncovered that Ovia Health was sharing data, though supposedly de-identified, with employers who purchased the app as a health benefit for workers.

Companies like Activision Blizzard paid Ovia Health to access their employees’ reproductive data. To use the app, women had to agree to 6,000-word terms permitting Ovia to sell data to third parties, plus a “royalty-free, perpetual, and irrevocable licence, throughout the universe” to “utilise and exploit” users’ de-identified data.

Employers could access aggregated data, including employees’ average age, number of children, current trimester, how long it took to conceive, percentages with high-risk pregnancies, who had C-sections, and when new mothers planned to return to work. Privacy experts warned that in workplaces where only a handful of women were pregnant, it would be trivially easy to identify exactly who the data belonged to.

Why your period data is worth a fortune

Pregnancy data is marketing gold. Whereas a data processing company might spend $0.10 for data on an average user, it could spend upwards of $1.50 for the data of a pregnant person, a 1,400 per cent increase. Women who are pregnant or trying to conceive represent a demographic about to spend enormous sums on baby furniture, nappies, formula, and thousands of other products.

Even in India, the value of reproductive health data is quite high. India’s health market is rapidly growing, and so is the value of the data that enables this growth. The reproductive health market size touched $1.1 billion in 2024 and is expected to touch $2 billion by 2033.

Reproductive health data is particularly valuable because it reveals intimate patterns about people’s lives and future plans. It can indicate pregnancy before a woman has told anyone, even her partner.

Digital privacy laws in India: The regulatory black hole

The part of the problem, especially in India, is that the latest Digital Personal Data Protection Act (DPDP Act) is still rolling out in phases. Though the act protects privacy by regulating the collection and storage of an individual’s data, it’s not yet fully effective. Studies also show that understanding a period-tracking app’s privacy policy typically requires a college-level education. So, it’s not that easy to stay vigilant. 

Things like IP addresses, location, and device information tracked by these apps can easily identify users despite claims of sharing only “non-personally identifiable” data. When you combine device ID, IP address, location, and the precise time you opened an app, it becomes easy to identify exactly who you are.

Privacy International found that 61 per cent of apps automatically transferred data to Facebook the moment users opened them, whether users had a Facebook account or not.

The fightback

In August 2025, a California jury delivered a bombshell verdict: Meta was found liable for exploiting consumers’ sensitive reproductive health information for targeted advertising. Given Flo’s massive user base, experts estimate Meta could face damages of up to £190 billion.

Privacy International conducted technical investigations in both 2019 and 2025 to assess whether apps had improved their practices. While some progress was made as many apps now allow users to sign in anonymously and have removed the automatic Facebook data-sharing, the fundamental problem remains.

The scale of this surveillance is staggering. Flo alone has 230 million users. Clue claims 12 million monthly active users. Millions of women use Ovia through employer wellness programmes. When you add up Maya, MIA, and the dozens of other popular apps, we’re talking about potentially hundreds of millions of women whose most intimate health data has been harvested, packaged, and sold.

The period-tracking app in your pocket isn’t just monitoring your cycle. It’s creating a detailed digital map of your reproductive life, and that map is being sold to the highest bidder.

Images Source

Featured Image Source

Related: Your City’s High AQI Could Be Making Your Periods More Painful. Here’s All You Need To Know

FAQs

Q1. Can period tracking apps access my phone’s camera or microphone?

Many period apps request unnecessary permissions, including camera, microphone, and location access. Always review and deny permissions that aren’t essential for basic tracking functionality.

Q2. What happens to my period data if the app company goes bankrupt or gets acquired?

Your data becomes an asset that can be sold to the highest bidder during bankruptcy proceedings or transferred to the acquiring company, often without your explicit consent.

Q3. Are paid subscription period apps safer than free ones?

Generally, yes, as their revenue model doesn’t rely on selling user data to advertisers, but always verify their privacy policy.

Q4. Can my mobile carrier or internet service provider see what I’m logging in period apps?

If the app lacks end-to-end encryption, your ISP or carrier can intercept data being transmitted, especially on unsecured Wi-Fi networks.

Q5. Will deleting the app remove all my data from company servers?

No, deleting the app only removes it from your device. You must separately request account deletion and data erasure.

Q6. Can insurance companies in India access my period app data to deny coverage?

Currently, there’s no direct legal framework preventing this.