Skip to main content
Floriva logo Floriva logo

Period Tracker Privacy Guide

TLDR

Most period tracker apps collect far more data than they need, and their privacy policies give them permission to share it. This guide shows you exactly what to look for -- and what to avoid -- when choosing a period tracker that actually protects your data.

What “Privacy” Actually Means in Health Apps

When a period tracker says it’s “private,” that word can mean almost anything. Some apps mean your data is encrypted in transit (which is a bare minimum, not a feature). Others mean they won’t sell your data to advertisers (but may still share it with “partners” or “service providers”). A few actually mean your data never leaves your device.

The difference matters more for period tracking than for most app categories. Menstrual cycle data is health data. It can reveal pregnancy, pregnancy loss, fertility treatment, and contraception use. In the post-Dobbs legal environment, this data has been sought by law enforcement in multiple states.

To evaluate any period tracker’s privacy claims, you need to understand three things:

  1. Where your data is stored — on your device only, or on the company’s servers
  2. What data the app collects beyond what it needs to function
  3. Who can access your data and under what circumstances

These three questions cut through marketing language and tell you whether an app is private in any meaningful sense.

Where Your Data Lives: The Three Storage Models

Period tracker apps use one of three data storage approaches. Each has different privacy implications.

Cloud-first (server-side storage). Your data is stored on the company’s servers. You might have a local cache for offline use, but the authoritative copy lives in their infrastructure. This is how Flo, Clue, and most popular trackers work.

Privacy implication: The company has your data. Their privacy policy governs what they do with it. If law enforcement serves a subpoena or court order to the company, the company has the data to hand over. Your app password doesn’t protect you — the company has access to the unencrypted data on their servers.

End-to-end encrypted cloud. Your data is encrypted on your device before it’s sent to the company’s servers. The company stores encrypted blobs they can’t read. Only your device has the key.

Privacy implication: The company genuinely can’t read your data. If they receive a subpoena, they can hand over encrypted data, but it’s useless without your key. This is the model Signal uses for messages. Very few period trackers use this approach.

Local-only (on-device storage). Your data never leaves your phone. There are no servers, no accounts, no cloud sync. The app works entirely offline.

Privacy implication: The strongest privacy model. There’s nothing to subpoena because the company doesn’t have your data. The trade-off is that you lose your data if you lose your phone (no backup), and you can’t sync between devices. Some local-only apps offer optional local backups (to your own iCloud or Google Drive), which puts the data back in a cloud — but under your cloud account, not the app company’s.

What to ask: When an app says “your data is private,” ask: private from whom? If the answer is “from other users” but not from the company itself, that’s not meaningful privacy for health data.

Period Tracker Privacy Guide

How to evaluate period apps for real privacy, not just policy promises.

No spam, ever. Unsubscribe anytime.