Need to know
- Fertility apps often collect extremely sensitive and intimate data, then keep it for too long or share it with others, exposing it to 're-identification' and data breach risks
- Their privacy policies are confusing and claims such as 'we never sell your data' are potentially misleading
- Many apps are not transparent about the data they trade with and collect from other companies.
Fertility apps collect extremely sensitive and intimate data about our cycles, health, pregnancies, and sex lives.
There is growing concern over the handling of this data, which is often kept for too long (exposing it to data breach risks) and disclosed to other companies on a supposedly 'de-identified' basis (when there are real risks of re-identification).
The apps' privacy policies, messages and settings are often confusing and potentially misleading. An app might claim "we never sell your data", but the fine print might say the whole database can be sold to another company as a business asset.
An app might claim 'we never sell your data', but the fine print might say the whole database can be sold to another company
And many are not fair or transparent about the data they trade with other companies, including extra information they collect about the consumer from data brokers and the disclosure of your usage data, which can allow companies to predict sensitive information about your health and circumstances.
What is a fertility app?
We use the term 'fertility apps' to cover mobile apps that assist consumers in tracking their menstrual cycles, ovulation and potential fertile windows if they're attempting to conceive, and stages of pregnancy up to birth.
How we compare
We examined the privacy terms of 12 of the most popular fertility apps used by Australian consumers (taking into account downloads, apps installed and active usage).
We examined the privacy policies and in-app messages and settings for each of these apps in February and March 2023, to determine the extent to which they protect the consumer's privacy, having regard to the quality of the privacy information and choices they give consumers, and the extent to which they indicate that they restrict the collection, use and disclosure of personal data to limit the risk that the consumer will be humiliated, excluded, exploited or exposed to data breaches.
The privacy policies, messages and settings are often confusing and potentially misleading
We did not include apps that depend on the consumer buying a wearable device, like an Apple watch or a FitBit, that tracks biometric data directly using sensor technology; or apps that track a baby's development from birth. These raise different and important issues, which deserve to be considered separately.
We have grouped the apps into three categories – apps to avoid, apps to be cautious of and one that stands out from the others but could still be improved.
Apps to avoid
BabyCenter
BabyCenter is a pregnancy app that was bought by Everyday Health Inc, which also owns the What to Expect app. This is why their privacy policies are identical and equally focused on sharing users' data for profit. Everyday Health Inc is owned by US marketing technology company, Ziff Davis, which includes its tracking technologies in the app.
Pros
- Provides three in-app privacy settings that allow you to opt out of tracking technologies, although these are difficult to find and defaults are set to less privacy.
- Provides some details about its numerous extra uses of your data, but these are also difficult to find in a privacy policy over 10,000 words long.
- Doesn't collect information about when you have your period or when you have sex, so that is not being sold as part of its commercial uses of your data.
- Provides an option to
delete your data (although this is unlikely to include data already passed on
to other companies).
Cons
- Collects further information about you from other companies behind your back, including data brokers.
- Seeks sensitive data from you which is not necessary for the app's functions, including details of your child's name, gender, measurements and date of birth.
- Sells, rents and otherwise profits from your data, including using it for its "lead generation" business, selling or renting contact lists to other companies and providing data about you to companies that provide ads in the app.
- Discloses your information to other companies that already have some of your personal information so those companies can "enhance their records about you".
- Other companies collect data about your use of the app via tracking technologies in the app, including Amazon Advertising, unless you find and change the cookie settings.
- Can also disclose all your data to another company, if it sells the app or the database to that company.
- Does not promise that it will delete your data after a specific period, which means your data may be exposed to data breaches while it sits in their databases for extended periods.
Glow Fertility, Glow Nurture, Eve by Glow
Glow Inc operates several apps, which allow users to track their periods, sex lives, and pregnancies. Glow's privacy terms and settings generally indicate that it gives users less privacy by default to serve its commercial purposes.
In 2020, Glow settled a lawsuit brought by the Attorney General of California alleging breach of medical privacy and data security laws concerning "clear basic security flaws that put its users' data at risk".
Pros
- Provides two in-app privacy settings, although these are difficult to find and they are set by default to less privacy if you don't find them and change them.
- Includes an option to delete your data and store the data only on your own device, but this setting is difficult to find in the app.
Cons
- Collects further information about you from other companies, which are only described as "third party sources".
- Other companies collect information about your activities on the app over time via tracking technologies set in the app.
- Uses your data for "research" purposes, with no choice to opt out and only vague claims that the data is "de-identified".
- Can also disclose all your data to another company, if it sells the app or the database to that company, and even to other companies negotiating for the potential purchase of the app or the database.
- Does not promise that it will delete your data after a specific period, which means your data may be exposed to data breaches while it sits in their databases for extended periods.
- States that when "we no longer require" your personal data, it can choose to merely "isolate it from further processing", which would expose it to risk of breach indefinitely.
Ovia Fertility and Ovia Pregnancy
The Ovia ovulation and pregnancy apps are owned by a company that is part of the US drug development corporate group, Labcorp.
The apps ask for remarkably wide-ranging and sensitive information in its "Health Questionnaire" and sell "de-identified" health information to other companies.
Pros
- Provides an option to delete your data on request, but lists exceptions to this.
- Provides an option about whether your data is used for advertising, but this is presented in a potentially misleading way (make sure that box is unticked).
- Says it does not share the period data you enter in the app with other companies for advertising (although it can use and share data about what you select, read and do on the app for advertising purposes).
Cons
- Asks for extensive personal data not necessary for the app's functions, including diseases, financial situation, housing, safety and education level.
- Provides a very confusing, potentially misleading option with regard to use of your data for advertising (make sure that box is unticked).
- Provides a very unclear privacy policy which repeatedly states that Ovia will or will not do certain things "if permitted by law" or if "not permitted by law". This is meaningless, especially when the law is different from country to country.
- Says it shares information about your location and "activity" on the app with advertising networks, advertising platforms and advertisers.
- Your activity on the app could allow these companies to make predictions about you – e.g., based on reading articles such as "Mental wellbeing through menopause"; "Are antidepressants safe when trying to conceive?"; "How to find abortion care?"; "Coping after a pregnancy loss".
- Sells your "de-identified" health data to other companies, but there remains a risk that such data could be re-identified.
- If you don't take action to delete your data, Ovia keeps your data for too long (seven years after you cease using the app).
What to Expect
What to Expect is a pregnancy app owned by Everyday Health Inc, which later bought the BabyCenter app. This is why their privacy policies are identical and equally focused on sharing users' data for profit. Everyday Health Inc is owned by US marketing technology company, Ziff Davis, which includes its tracking technologies in the app.
Pros
- Provides three in-app privacy settings, although these are difficult to find and defaults are set to less privacy.
- Provides some details about its numerous extra uses of your data, but these are difficult to find and understand in a privacy policy over 10,000 words long.
- Doesn't collect information about your period or when you have sex, so that is not being sold as part of its commercial uses of your data.
- Provides an option to delete your data (although this is unlikely to include data already passed on to other companies).
Cons
- Collects further information about you from other companies behind your back, including data brokers.
- Seeks sensitive data from you that is not necessary for the app's functions, including details of your birth experience and child's date of birth.
- Sells, rents and otherwise profits from your data, including using it for its lead generation business, selling or renting contact lists to other companies and providing data about you to companies that provide ads in the app.
- Discloses your information to other companies that already have some of your personal information so those companies can "enhance their records about you".
- Can also disclose all your data to another company if it sells the app or the database to that company.
- Other companies collect data about your use of the app via tracking technologies in the app, including Amazon Advertising.
- Does not promise that it will delete your data after a specific period, which means your data may be exposed to data breaches while it sits in their databases for extended periods.
Apps to approach with caution
Clue
The Clue app is renowned for its founder's goal to use the health data collected for research purposes.
It collects extensive highly personal information, such as data about reproductive health conditions, masturbation, use of sex toys, orgasms and painful intercourse, and does not give confidence that this information will be adequately de-identified before it is disclosed to others.
Pros
- Provides a choice to opt out of use of your data for targeted advertising by navigating to "Settings" and then "Privacy settings" in the app.
- You can request an opt-out from extra research uses of your data, but only by emailing the company.
- Says it does not share the period data you enter in the app with other companies for advertising (although it can use and share data about what you do on the app for advertising purposes).
- Provides an option to delete your data on request.
Cons
- Tracks your usage of the app and attaches that record to your date of birth and a unique identifier that can be shared for advertising purposes, unless you take action to opt out.
- Discloses information about the way you use the app to other companies, including Google, for advertising purposes, unless you opt out.
- Your use of the app could allow these companies to make predictions about you – e.g. based on reading articles such as articles on polycystic ovary syndrome; miscarriage; bacterial vaginosis; and uterine fibroids.
- Says it "de-identifies" your extremely sensitive health data to share it with others for research purposes, but its description indicates a weak "de-identification" process, which leaves a risk that your information will be re-identified.
- Doesn't promise that any research using your sensitive health data will be subject to recognised ethics guidelines or ethics oversight.
- Doesn't provide a simple opt-out from this research use in the app, with the consumer instead required to email Clue.
- Collects extra information that is potentially prejudicial to the consumer and unnecessary for the app's function, including cigarette use and alcohol consumption.
- Does not promise that it will delete your data after a specific period, which means your data may be exposed to data breaches while it sits in their databases for extended periods.
Flo Health
Flo is the most popular fertility app in Australia and invests heavily in advertising that it respects your privacy. The app developer faced a complaint by the US Federal Trade Commission in 2020 alleging it misled consumers regarding privacy practices, which led to two class actions against it in the US.
The app is now operated by a company of the same name subsequently set up in the United Kingdom by the same founder as the US company.
While Flo settled the complaint brought by the US Federal Trade Commission regarding alleged privacy breaches and denied wrongdoing, we await the outcome of the US class actions that allege Flo made misrepresentations about its data sharing with Google and Facebook.
Pros
- Provides an option to use "Anonymous Mode" without linking your data to your identifying details, although this is not presented as a choice during set-up.
- Provides some choice about tracking of your activities on other websites and apps.
- States that it has passed the scrutiny of an independent privacy audit but does not mention this was required as part of its settlement with the US Federal Trade Commission over an alleged privacy breach.
- Says it does not share the period data you enter in the app with other companies for advertising (although other data is collected by such companies via the app).
- Says it will "generally delete all your Personal Data" if you email and request this.
Cons
- Flo collects extra information about you from other companies to add to your profile, with no opt-out permitted.
- Repeatedly claims that it will "never share" and "never sell" your health data, but according to the fine print of the privacy policy, it can sell the whole app or database to another company.
- Notifies AppsFlyer, Google Ads, Pinterest, Facebook and Apple Search Ads of your advertising identifier, age group, subscription status and launch of the app when you become a Flo user.
- Says it will use your "de-identified" health data for "research", with no opt-out permitted, even though there remains some risk that your health data will be re-identified.
- Flo Health keeps your data for too long (three years after you cease using the app), which means your data may be exposed to data breaches while it sits in their databases for extended periods.
My Calendar
My Calendar provides some options that can assist users in protecting their privacy, but it takes a disturbingly hands-off approach, for example by claiming that it is "not responsible for circumvention of any privacy settings or security measures". (It should be responsible if it has not taken reasonable steps to secure your data.)
Pros
- Provides an option to delete your data on request through in-app settings.
- Provides an option to only store your data locally on your own device rather than on My Calendar's servers, but in-app messaging pushes users away from this option.
- Says it does not share the period data you enter in the app with other companies for advertising (although other data is collected by such companies via the app).
Cons
- Claims in its privacy policy that "we are not responsible for circumvention of any privacy settings or security measures we provide" – this is both untrue as a matter of privacy law and a bad sign for the company's data practices.
- Other companies collect data about the way you use the app via tracking technologies in the app, and My Calendar warns that "We do not control all of the Advertisers' tracking technologies or how they may be used".
- Provides your advertising identifier to its "advertising partners" unless you disable your device's advertising identifier in the device settings.
- Claims that it does not sell or share your data, but according to the fine print of the privacy policy, it can sell the whole app or database to another company.
- Does not promise that it will delete your data after a specific period, which means your data may be exposed to data breaches while it sits in their databases for extended periods.
Period Calendar
Period Calendar is one of three apps marketed by Hong Kong-based Abishkking Ltd, "a fitness and health mobile apps development company". It provides some options that can assist users in protecting their privacy, but diminishes users' privacy in other ways, for example by sharing revealing usage data with Google Analytics, which can be used for Google's "own advertising network".
Pros
- Provides an option to delete your data on request, including an option to delete your data if the app or database is going to be sold to another company.
- Provides an option to only store your data locally on your own device rather than on Period Calendar's servers, but in-app messaging pushes users away from this option.
- Says it does not share the period data you enter in the app with other companies for advertising (although it can use and share data about what you select, read and do on the app for advertising purposes).
Cons
- Says Google Analytics tracks how you use the app along with your location and information about your device, and "Google may use the collected information to contextualize and personalize ads of its own advertising network".
- Other companies collect data about your use of the app via tracking technologies in the app, and there is no in-app setting to opt out of this tracking.
- Your use of the app could allow these companies to make predictions about you – e.g. based on reading articles such as "4 Tips to Survive as a Single Parent"; "Having a Baby with an Alcoholic Partner?"; "How to Relieve Vaginal Itching?"; "How to Curb Sugar Cravings?"; "Anxiety Reduction: What Can I Do?"
- Asks for information that is not necessary for the app's functions, including "How long have you been planning a baby?"
- Claims that "We do not sell personal information", but according to the fine print of the privacy policy, it can sell the whole app or database to another company unless you delete your data first.
- Does not promise that it will delete your data after a specific period, which means your data may be exposed to data breaches while it sits in their databases for extended periods.
Period Tracker
Period Tracker is sold by GP Apps, which provides only a vague, brief privacy policy. Other companies collect data via the app about the way you use the app, which could include information about whether you join various "Groups" that reveal your health conditions.
Pros
- Asks you for your age range, rather than your exact date of birth.
- Says it does not share the period data you enter in the app with other companies for advertising (although other data is collected by such companies via the app).
- Says you can delete your data by requesting to delete your account.
Cons
- Provides a vague, brief privacy policy that does not include, for example, detailed information about what data is collected or contact details for privacy concerns or complaints.
- Provides your advertising identifier to its "advertising partners" unless you disable your device's advertising identifier in the device settings.
- Other companies – including advertisers and advertising networks – collect data about the way you use the app via tracking technologies in the app.
- your use of the app could allow these companies to make predictions about you – e.g. if you join a "Group" concerned with "Breast Cancer"; "Depression"; "Eating Disorders"; "Menopause"; "Trying after Miscarriage" or "Assisted Fertility".
- Does not promise that it will delete your data after a specific period, which means your data may be exposed to data breaches while it sits in their databases for extended periods.
- Period Tracker can also disclose all your data as part of the sale of the whole app or database to another company.
Pregnancy+
The Pregnancy+ app is owned by a company in the Philips Avent consumer goods group. Philips creates a profile of your preferences, behaviour and characteristics from tracking your activities in the app and says this profile is disclosed to other companies such as its "affiliates".
Pros
- Provides an option to export your data from the app.
- Says that it will delete the data (not just de-identify it) at the end of the retention period, although the retention period is too long.
- Doesn't collect information about when you have your period or when you have sex, so that is not being sold as part of its commercial uses of your data.
Cons
- Fails to explain that the only difference between "Gold" and "Silver" memberships is that Gold members have less privacy because they will be tracked and targeted using their unique advertising identifier.
- Both Gold and Silver members are extensively tracked and targeted with advertising through various tracking technologies set via the app.
- Philips creates a profile based on your preferences, behaviour and characteristics from observing your activities in the app, on its websites and from using its "connected products", and says this profile is disclosed to other companies including undefined "affiliates".
- Your use of the app's features, such as "Questions for doctor" and "To-do list" selections, can reveal further sensitive information about you.
- Says "Google may combine information collected via the app, with other information it has independently collected from other services".
- Philips keeps your data for too long (three years and three months after you cease using the app), which means your data may be exposed to data breaches while it sits in their databases for extended periods.
WomanLog
It’s difficult to find much information on WomanLog because its privacy policy and terms of use are so brief and vague, but it appears to be operated by Latvia-based Pro Active App SIA. The app includes some privacy features, but the very limited information makes us cautious.
Pros
- Can create an account with only an email address, without the need for a name and date of birth.
- Provides an in-app option to delete your account and your data on request, although this is difficult to find.
- Provides an option to store your data only on your device, with no backup on WomanLog servers.
- Says it "will not disclose any of your health and personal data to third parties".
Cons
- Provides a very brief (one-page) privacy policy that does not include, for example, detailed information about what symptom, activity and logging data it collects or details of the company and its location.
- Does not explain where WomanLog's servers are based if you choose to back up your data with WomanLog.
- Although advertisements are shown in the free version of the app, it does not state whether or not it uses any data for advertising purposes or whether any data is collected if you click on an ad.
- Does not promise that it will delete your backup data after a certain period if you cease to use the app.
Preferred (but not perfect) apps
Natural Cycles
The Natural Cycles app does not have perfect data privacy terms, but it stands out as an app that makes a real effort to give clear information and choices about your data as you open and set up the app.
The app is operated by a Swedish company that focuses on reproductive health and is governed by the stricter privacy laws of the European Union.
Pros
- Provides clear, plain language privacy summaries and options from the launch of the app.
- Your data is only used for research purposes if you actively opt into that extra use, otherwise that box is left unticked in the privacy settings.
- You can ask to delete your data, but it seems this can only be achieved by email and not through the "Delete account" option in the app.
- Says it does not share the period data you enter in the app with other companies for advertising (although other data is collected by such companies via the app).
Cons
- Requires you to enter a date of birth to use the app.
- Other companies collect data about your activities via tracking technologies in the app for their advertising purposes.
- Claims that it does not sell your health data, but according to the fine print of the privacy policy, it can sell the whole app or database to another company.
- If you don't request deletion sooner, Natural Cycles keeps your data for too long (three years after you terminate your account), which means your data may be exposed to data breaches while it sits in their databases for extended periods.
- Does not actually delete your data on your request or after the three years, but only "anonymises" it so that the risk of re-identification depends on the thoroughness of its anonymisation processes. EU law does set relatively high standards for anonymisation.
Privacy reform urgently needed
Potentially misleading privacy claims and settings in fertility apps deserve scrutiny by our regulators under both the Privacy Act and the Australian Consumer Law. We also need urgent reform of our Privacy Act to protect the highly sensitive information held by such app developers, including:
- stricter security obligations, such as rules requiring companies to specify a limited retention period after which personal information will be deleted to avoid unnecessary data breach risks and obligations to protect "de-identified" information
- a requirement that companies' collection, use and disclosure of our data should always be "fair and reasonable", rather than expecting consumers to try and police companies' data practices themselves
- clarification that technical identifiers and "usage data" connected to an individual are "personal information" covered by the Privacy Act obligations.
CHOICE consumer data advocate Kate Bower says "Australia's Privacy Act is woefully out of date and this research shows the potential harms to consumers of not having law that is fit for purpose.
"Stronger consumer protections are urgently needed to ensure that the highly personal and sensitive data collected by these apps is protected and that businesses can't exploit the data for profit."
The research for this project was funded by a grant from the UNSW Allens Hub for Technology, Law and Innovation. You can read the full report here.
Stock images: Getty, unless otherwise stated.