← Guides
TECH

How to Check What Your Period Tracker App Does With Your Data: Flo, Clue, Natural Cycles, and Safer Alternatives

med privacymed tech

A guide to understanding what Flo, Clue, and Natural Cycles collect and share, why consumer period tracker data is not covered by HIPAA, how to audit and change your app's privacy settings, and how to switch to a local-only alternative if you want stronger protection.

April 14, 2026 · 7 min read
1

Understand what period tracker apps collect and why the law does not protect it

Most people assume health-related apps have some form of legal protection over the data they log. Period tracker apps do not. Understanding what is collected and why it sits outside standard health privacy law is the starting point for making an informed decision about which app to use.

What these apps actually log
  • Cycle start and end dates, period flow, and predicted fertile windows are the baseline. Most apps also log symptoms, mood, energy levels, sleep quality, and physical signs like cervical mucus and basal body temperature
  • More detailed logs include sexual activity, whether you are trying to conceive or avoid pregnancy, pregnancy status, and, if you test at home, ovulation test results and pregnancy test results
  • Many apps request your age, weight, and general health details during setup. Location data may be collected passively if the app has location permissions enabled, even if you never use a location-based feature
  • The complete log of this data, tied to your account and linked to your real identity, is stored on the company's servers. This is the record that matters for privacy purposes
  • You can check what data a specific app holds about you by requesting a data export: in Flo, go to Profile, then Settings, then Privacy, then Download My Data. In Clue, go to Settings, then Account, then Export Data
Why HIPAA does not apply and what that means
  • HIPAA (the Health Insurance Portability and Accountability Act) applies to covered entities: doctors, hospitals, health insurers, and their direct business associates. Consumer period tracker apps are not covered entities, regardless of how health-focused their branding is
  • A period tracker app can legally share your cycle and symptom data with advertising partners, data brokers, and third-party services, and it is not a HIPAA violation. The only legal constraint is its own privacy policy
  • The FTC took action against Flo Health in 2021 after finding that Flo shared detailed health data, including information about menstruation and pregnancy attempts, with Facebook and Google for advertising purposes, despite promising users it would not. The case was resolved by consent decree requiring stronger privacy practices
  • Following the Supreme Court's Dobbs decision in June 2022, digital rights organizations including the Electronic Frontier Foundation identified period tracking data stored on company servers as a potential legal exposure risk: data held on a company's servers can be subpoenaed by law enforcement. Data stored only on your own device cannot
2

Audit your current app's privacy settings

Each major period tracker has different privacy controls and different legal frameworks governing it. The steps below walk through what to check and change in each app before deciding whether to switch.

Flo Health 10 min
  • Anonymous Mode: Flo introduced Anonymous Mode to separate your health data from your personal identity on their servers. To enable it: open Flo, go to Profile, then Settings, then Privacy, then Anonymous Mode. Enable it and follow the prompts to re-link your account without personal identifiers. This does not delete existing data; it affects how future data is stored
  • Third-party data sharing: go to Profile, then Settings, then Privacy, then Data Sharing. Review each toggle and turn off any sharing you did not intentionally enable. Advertising-related data sharing should be restricted under the FTC consent decree, but verify this yourself
  • Location permissions: Flo does not require location to function. On iPhone, go to Settings, then Flo, then Location, and set it to Never. On Android, go to Settings, then Apps, then Flo, then Permissions, then Location, and select Deny
  • Deleting your data: if you want to remove your history, go to Profile, then Settings, then Account, then Delete Account. Select the option to delete all health data. Flo is required to process deletion requests within 30 days for California residents under CCPA. Request a data export first to confirm what was stored before deleting
Clue, Natural Cycles, and Apple Cycle Tracking 10 min
  • Clue: Clue is operated by BioWink GmbH, a German company, and is subject to GDPR. Go to Settings, then Privacy, to review what data Clue collects and shares. To export your data: Settings, then Account, then Export Data. To delete: Settings, then Account, then Delete Account and Data. Under GDPR, deletion requests must be processed within one month
  • Natural Cycles: the app is FDA-cleared as a contraceptive method and operates under stricter clinical standards than general wellness apps. Go to Settings, then Privacy Settings to review data sharing. Natural Cycles stores data on servers and is subject to GDPR and US data law. To delete: Settings, then Account, then Delete Account
  • Apple Cycle Tracking: if iCloud Health sync is turned off, all your cycle data stays on your device only and is never transmitted to Apple's servers. To check: go to iPhone Settings, tap your name, then iCloud, and confirm that Health is toggled off. Apple does not use Health data for advertising. If iCloud Health sync is on, your data is stored encrypted on Apple's servers under their end-to-end encryption architecture
  • Regardless of which app you use, check location permissions and revoke them if location access is not essential to your use of the app
3

Understand your actual risk and reduce your exposure now

The legal risk from period tracker data is specific to certain situations. Understanding exactly when it applies helps you decide how much to change versus what you can leave as is.

Who can access this data and under what circumstances
  • In states where abortion is restricted or criminalized, state attorneys general have authority to subpoena data from companies as part of criminal investigations. Companies must comply with valid legal process from jurisdictions where they operate or where users are located
  • Flo is incorporated in the UK and Delaware. Clue is incorporated in Germany. Natural Cycles is incorporated in Sweden and the US. All three are subject to US legal process when serving US users, depending on the scope of the legal request
  • Data that a company does not hold cannot be subpoenaed. This is the practical advantage of local-only storage: a company cannot hand over data it does not have
  • Location data is a separate and often overlooked risk. If an app has location permissions enabled and passively logs your location, that data can place you at a clinic or pharmacy. Review location permissions for all health apps: iPhone Settings, then Privacy and Security, then Location Services. Android Settings, then Apps, then the app name, then Permissions, then Location. Set to Never for period tracker apps
Steps to reduce your exposure now Act now
  • Delete historical logs you no longer need. In Flo: go to Profile, then Settings, then Health Data, where you can remove individual log entries or date ranges. In Clue: tap a day on the calendar, tap Edit, and remove individual entries. Clearing old data limits how much a company holds, and therefore how much could be requested
  • If your app allows it, use an email address not linked to your real name for your account. This reduces how easily account data can be tied to your identity if it is ever disclosed
  • Enable Flo's Anonymous Mode if you use Flo. Review third-party sharing toggles in any app you use and turn off anything unrelated to app functionality
  • Turn off location permissions for all period tracker apps in your device settings, as described above
  • If you are not actively trying to conceive and do not need prediction synced across multiple devices, switching to a local-only app in Section 4 removes the server-side exposure entirely
4

Switch to a private alternative that stores nothing on servers

If you want complete protection, the most reliable approach is an app that stores data on your device only, with no account and no server. These apps exist, they work, and they require no ongoing trust in a company's privacy policy.

Drip and Euki 5 min to switch
  • Drip is an open-source period tracker available for iPhone and Android. All data is stored locally on your device only. There is no account, no server, and no company that holds your data. The source code is publicly available for review at bloodyhealth.gitlab.io
  • Euki is a free app designed specifically for private reproductive health tracking. It stores data locally on your device, requires no account or email address, and includes a decoy PIN that displays a different screen if someone asks you to unlock the app. Available for iPhone and Android at eukiapp.com
  • Both apps support period logging, symptom tracking, and cycle history. Neither offers the predictive accuracy of Flo or Clue's algorithms or cross-device sync, because both require server data to function. If you track primarily for your own records rather than for predictions, this is a reasonable trade-off
  • To migrate: export your data from your current app first if you want to retain your history, then install the new app. Neither Drip nor Euki can import data from other apps, so your past logs stay as reference documents rather than active data
Apple Cycle Tracking with iCloud sync off 5 min
  • If you use an iPhone and want to stay within Apple's ecosystem, Apple Cycle Tracking in the Health app is a fully private option when iCloud Health sync is disabled
  • To use it: open the Health app, go to the Browse tab, select Cycle Tracking, and start logging. Confirm iCloud Health is off: Settings, then your name, then iCloud, then verify Health is toggled off
  • Apple Cycle Tracking supports period logging, symptom tracking, fertile window estimates, and irregular cycle notifications. It integrates with Apple Watch for passive heart rate and temperature data if you use one. All of this remains on-device when iCloud sync is off
  • Apple does not use Health data for advertising and has no financial incentive to monetize your cycle data. This is structurally different from apps whose revenue model includes data licensing
  • This option is iPhone only. There is no equivalent Android-native experience that offers the same level of on-device integration

Most people who use period tracker apps have not read the privacy policy and have not checked whether their data is being shared with third parties. The Flo FTC case confirmed that even apps with explicit privacy promises can share detailed reproductive health data with advertising platforms. The audit steps in Section 2 are the minimum to complete now, regardless of whether you plan to switch apps. Section 3 explains when the risk is practical rather than theoretical: if you are in a state with abortion restrictions or travel to one, the data these apps hold on their servers can be legally requested, and most apps hold more than users realize. Completing the steps in Sections 2 and 3 reduces what is held. Switching to Drip, Euki, or Apple Cycle Tracking with iCloud disabled (Section 4) removes the server-side exposure entirely, because there is nothing stored for anyone to request.