How do I verify that an app actually uses on-device storage

Three approaches. First, check if the app works in airplane mode. On-device apps function fully offline. Second, monitor network traffic using tools like Charles Proxy or mitmproxy to see what data the app sends. Third, for open-source apps like Drip, read the source code. For closed-source apps, network monitoring is the most accessible verification method.

Does Floriva use encryption

Floriva encrypts your local database using your device's built-in encryption (iOS Data Protection, Android file-based encryption). Since no data leaves your device, there is no network encryption to discuss. Your phone's lock screen passcode is the access control.

What about Apple Health's encryption

Apple Health uses end-to-end encryption for iCloud Health data sync. Apple cannot decrypt this data on their servers. However, a device with your Apple ID credentials can decrypt it. If you use Apple Health for cycle tracking, this is a reasonable E2EE implementation, though on-device-only is still structurally simpler.

guides

How Period Tracker Privacy Architecture Actually Works

Period tracking app privacy depends on architecture. Covers on-device storage, E2E encryption, zero-knowledge design, and why policies are not enough.

The Three Privacy Architecture Tiers Not all privacy is equal, and the differences are technical, not rhetorical. Period trackers fall into three architectural categories, and the category determines the actual privacy you get regardless of what the privacy policy says. Tier 1 is on device storage. Your data exists on your phone and nowhere else. The app developer has no server storing your health data. This is how Floriva and Drip work. The privacy guarantee is structural: no data exists to be shared, sold, or subpoenaed because the company never had it. Tier 2 is end to end encryption with server storage. Your data is encrypted on your device, sent to a server as an encrypted blob, and stored there. The server cannot decrypt it. This is how Apple Health's iCloud sync works. The privacy guarantee depends on the quality of the encryption implementation and the company not holding a backdoor key. Tier 3 is server side storage with a privacy policy. Your data is sent to company servers in readable form. The company promises (via privacy policy) not to misuse it. This is how Flo and Clue work. The privacy guarantee is a legal document that can be changed, violated, or overridden by co