privacy-in-practice

Check a Period App for Trackers

Use this plain checklist to check a period app for ad trackers, analytics SDKs, broad permissions, and risky data sharing signs.

A period app can look calm and still talk to many companies. Some sharing is basic crash logging. Some sharing can feed ads or profiles. The hard part is that the app may not show this inside the app.

The FTC cases against Flo and Premom are the reason this check matters. They show that privacy risk can sit in quiet code, not only in the period calendar you see.

Use this worksheet before you install a new app. Use it again after a major app update.

1. Make a copy of the app facts

Write down:

App name. Company name. App store link. Date checked. App version. Account required: yes, no, or unsure. Cloud sync: yes, no, optional, or unsure.

This keeps the audit tied to one version. Apps change.

2. Check the app store privacy label

Open the app store page. Look for the privacy section.

Mark each item you see:

Health and fitness data. Contact info. Location. Identifiers. Usage data. Diagnostics. Data used for tracking. Data linked to you.

This label is not proof. It is a first pass. If the label says the app tracks you, treat that as a serious flag for period data.

3. Read the privacy policy for sharing words

Search the policy for these words:

Advertising. Analytics. Partners. Affiliates. Third parties. SDK. Social media. Personalized. Sell. Share.

Now write the plain answer:

Who gets data? What data do they get? Can you opt out? Does the policy name the companies? Does the policy say health data is excluded?

If the policy says it may share data with "partners" but does not name them, mark it unclear.

4. Check phone permissions

Open the app settings on your phone.

Turn off anything the app does not need:

Location. Contacts. Photos. Bluetooth. Camera. Microphone. Background refresh. Health data access.

A period tracker can work for many people without location or contacts. If an app breaks when a broad permission is off, write that down.

5. Check account and sync settings

Open the app. Look for:

Account email. Sign in with Apple, Google, Facebook, or email. Cloud backup. Sync. Research sharing. Personalized ads. Marketing consent. Data export. Delete account.

Turn off sharing you do not want. Export data before deleting an account.

6. Optional network check

This step is for people who are comfortable with privacy tools. Use a trusted local firewall or network monitor. Do not install a random "privacy scanner" just for this.

Open the period app and record the domains it contacts.

App company domain. Crash report domain. Analytics domain. Ad network domain. Social media domain. Unknown domain.

Do not enter new cycle data during this test. Open the app, move around, then close it.

This check has limits. It may miss server side sharing. It may also show domains used for safe reasons, like crash reports.

7. Score the app

Use this simple score.

Low concern: no account required, no ad tracking label, narrow permissions, clear policy, easy export and delete. Medium concern: account or sync is optional, some analytics are present, policy names partners, opt outs are clear. High concern: account required, ad tracking present, broad permissions, vague partners, no clear delete path.

High concern does not mean the app broke the law. It means you should be careful before putting sensitive data there.

8. What to do next

Choose one action:

Keep it and turn off extra permissions. Keep it, but stop logging sex, pregnancy tests, or notes. Export your data and delete the account. Switch to paper, a spreadsheet, or an on device app. Run a full phone audit.

Use period app privacy red flags if you want a faster yes or no screen.

Where Floriva fits

Floriva is meant for people who want fewer outside data paths. Basic tracking does not need a cloud account. That lowers what you need to audit. It does not make your phone private by itself. If you turn on optional sync or account features later, check those settings too.