What is the FTC enforcement action against Flo

In January 2021, the FTC announced an enforcement action against Flo Health, Inc. The FTC found that Flo had shared users' sensitive health information, including period and pregnancy data, with Facebook and Google contrary to Flo's stated privacy policy. The consent order required Flo to notify affected users and instruct those companies to delete the data.

How much was the Flo settlement

A combined $59.5M class action settlement was reached in September 2025 covering claims against Google, Flo Health, and Flurry (Yahoo) related to the same data sharing conduct identified by the FTC. Individual settlement amounts in class actions are typically modest. The FTC enforcement action itself resulted in a consent order, not a financial penalty, the money came from the civil class action.

How do I delete my data from Flo

To delete your data from Flo: open the app, go to Profile > Settings > Privacy > Delete Account. Deleting your account initiates a data deletion request for Flo's servers. Note that data already shared with third-party SDKs before the FTC action may have been retained by those parties, Flo's consent order required it to ask Facebook, Google, and Flurry to delete the data.

guides

Does Flo Sell Your Data FTC Settlement and What Changed

Flo shared period data with Facebook and Google. The FTC acted in 2021. A $59.5M settlement followed in 2025. What changed and what didn't.

What the FTC Found In January 2021, the Federal Trade Commission announced an enforcement action against Flo Health, Inc. The FTC found that between 2016 and 2019, Flo shared users' reproductive health information (period dates, pregnancy status, and health symptoms) with Facebook and Google via embedded third party SDKs. The SDKs, integrated to provide analytics and performance data, automatically transmitted health events to Facebook's analytics platform and Google's Firebase Analytics. Users had no way to prevent this transmission, and Flo's privacy policy at the time stated that user data would not be shared with third parties except as required to operate the service. The FTC concluded this constituted an unfair and deceptive practice under Section 5 of the FTC Act. The consent order required Flo to notify affected users and direct Facebook, Google, and Flurry to delete the improperly shared data. Read the FTC case at ftc.gov/cases proceedings/192 3133 flo health inc. How the SDK Data Sharing Worked Beginning in June 2016, Flo embedded SDKs from Facebook, Flurry, Google (Fabric and Analytics), and AppsFlyer. These SDKs transmitted "Custom App Events" with descriptive titles th