guides

What to Do If Your Period App Is Breached or Involved in a

Step-by-step guide for when your period app is breached: confirm scope, revoke access, request data under CCPA/GDPR, delete your account, and switch to a safer

A period app breach notification lands in your inbox. Or you see a news headline. Or a friend texts you a link to an FTC press release. You've been using this app for two years and it has your full cycle history, your symptom logs, and whatever you disclosed when it asked about health conditions. What you do in the next 24 hours matters. Here's the correct sequence. Step 1: Confirm the incident and understand what type it is Not all privacy incidents are the same, and the risk profile differs by type. Check Have I Been Pwned. Go to haveibeenpwned.com and enter the email address you used for the app. This database aggregates known credential breaches and will tell you if your email appears in leaked credential sets. This is a baseline check — it confirms whether external attackers obtained login credentials. Read the breach notification carefully. The language matters. "Unauthorized access to our systems" means an external party broke into company infrastructure — your data may have been exfiltrated. "Inadvertent disclosure to third party partners" or "sharing with analytics providers" means an SDK data flow incident — your health data was transmitted to advertising or analytics inf