Photo by Miles Burke on Unsplash
All Eyes on my Period? Period tracking apps and the future of privacy in a post-Roe world
Given the continued threats to sexual and reproductive rights globally, we ask: are period tracking apps truly safe for those who rely on them?
Key findings
- the scale of the surveillance and criminalisation of reproductive choices is growing
- period tracking apps may offer valuable tools, they do not operate in a vacuum
- reproductive health data deserves robust protection by design and by default.
Warning: this report includes mentions of pregnancy loss.
Long Read
Post date
28th May 2025
Period tracking apps and the rollback of reproductive rights
The aftermath of the overturning of Roe v. Wade in the United States (US) sparked widespread debate and concern that data from period tracking apps could be use to criminalise those seeking abortion care.
While the surveillance and criminalisation of reproductive choices are neither new nor unique to the US, the scale and intensity of today’s crisis continue to grow. To put it into perspective, 22 million women and girls of reproductive age (15–49) in the US now live in states where abortion access is heavily restricted or entirely inaccessible.
Globally, similar patterns are emerging. Across Europe, rising right-wing populism is fueling anxiety about the future of reproductive rights. In countries like Italy recent legislative changes have raised fears about increased barriers to access. Meanwhile, abortion remains heavily criminalised in Poland and Malta, where legal exceptions are extremely limited. These developments underscore the fragility of reproductive rights even in regions where such rights have been long been considered secure.
In this increasingly challenging landscape, the role of period tracking apps is under renewed scrutiny.
The use of digital evidence in abortion-related prosecutions predates the Dobbs decision. In 2021, a 15-year-old girl in the UK was forced to hand over her text messages and search history as police investigated whether she had taken abortion pills illegally following a pregnancy loss at 28 weeks.
Since then, and in an even more precarious climate, similar examples have continued to emerge. In Nebraska, Facebook chat logs were used to prosecute an abortion seeker. In the UK, police obtained a woman’s Google search history during an investigation into the use of abortion pills beyond the legal limit. In Texas, text messages and screenshots from a group chat were also used in a lawsuit as evidence to prove a woman self-managed an abortion at home.
Where do period tracking apps fit into this picture? Menstruation or period tracking apps have become ubiquitous for people who menstruate, helping them track and manage their periods, fertility and correlating symptoms. These apps can offer empowering means of managing health and wellbeing. They also have the potential to improve access to sexual and reproductive health information, including in legal and social contexts that stigmatise that information or where users face discrimination related to their health status.
While these apps may offer valuable tools, they do not operate in a vacuum. How they are developed, regulated, and used - as well as the political and legal context in which they exist — determines whether they enhance human rights or put them at risk. So the question remains: are these tools truly safe for those who rely on them?
There has been a surge of public debate and media coverage urging users to delete their apps. Against this backdrop, some apps, whether out of genuine concern or in response to market demands, have introduced new measures aimed at protecting users’ privacy. Are these changes enough? What have we actually learned about the technical workings of these apps, and what does this mean for people navigating the complex intersection of privacy and reproductive health?
At Privacy International, we conducted a new technical investigation to follow up on our 2019 research. Our aim was to assess not only whether period tracking apps have improved their practices, but also whether those practices are adequate in today’s increasingly hostile environment.
What do our 2025 findings mean for users’ privacy and reproductive health data in a post-roe world?
First, it’s important to acknowledge that our 2025 research did reveal improvements compared to our findings in 2019 and 2020. For instance, most apps we tested this time now allow users to use the service without creating an account or providing personal information (unless they choose to do so). We also observed the introduction of privacy-conscious features, such as anonymous sign-in methods that keep account data separate from period tracking data, thereby enhancing user privacy.
However, these improvements must be understood in the context we explained before, where the risk that law enforcement could seize data from period tracking apps to prosecute individuals seeking abortion is no longer hypothetical. In jurisdictions where abortion is criminalised or heavily restricted, this data could be used as evidence. It’s important to stress that if a firm that runs an app receives a request by law enforcement, it may have no legal choice but to comply and hand over the data it holds.
It is within this increasingly hostile context that we must assess the key features, functionalities, and privacy safeguards of period tracking apps. While our investigation did not uncover any serious technical failings at this time, the broader risks posed by today’s legal and political landscape highlight areas of concern that warrant closer scrutiny. Is it enough for apps to meet the minimum legal standards, or should they take active steps to resist harmful data practices and safeguard users in this new landscape?
Take this common feature as an example: most apps process data off-device for development or functionality purposes. This was also the case for most of the period tracking apps we examined. In practice, this means users’ inputted data, such as information about their periods and symptoms, is processed on the app provider's servers or third-party servers, rather than staying only on the user’s device.
When we consider the sensitive nature of health data and the current environment, this widespread practice places users in a more vulnerable position. Off-device storage introduces an additional risk: the possibility that such data could be seized and used against individuals (and without their knowledge), particularly in jurisdictions where reproductive care is criminalised or restricted.
But things don’t have to be this way. One feature we found in some apps that stands out from a privacy perspective is the option to store data locally on the user’s device. This means that menstrual cycle information inputted by the user remains on their device and is not automatically transmitted to the app developer or stored in a cloud. This approach potentially enhances user privacy and control, as only the user (i.e., their device) is processing and storing their input data.
We acknowledge that this feature also comes with trade-offs. For users who rely on backup options for convenience or to ensure they don’t lose their data, local-only storage can pose challenges; data stored exclusively on a device cannot be recovered if the device is lost, stolen, or damaged. And importantly, while local storage may reduce the risk of remote access by third parties, it does not protect against device searches or seizures—scenarios that are increasingly relevant in jurisdictions hostile to reproductive rights.
Still, when weighed against the very real risk of law enforcement agencies attempting to obtain reproductive health data from app providers, local storage offers a clear protective advantage. If the app provider does not hold the user’s data in the first place, there is nothing to hand over, for example, in response to a subpoena. In such cases, such as default local storage setting where inputted cycle data never leaves the user’s device can offer a vital layer of protection.
Another area of potential concern lies in the integration of third-parties. In our analysis of web traffic generated by several apps, we observed the presence of a wide range of third parties, primarily for advertising and functionality purposes. These entities were receiving data related to the user’s device. While this kind of data sharing is relatively common across apps and platforms, the picture is still complex.
Although device data is not typically considered sensitive, the granularity of information shared in some cases could, when combined, create privacy risks. For instance, data points such as phone model, IP address, location, and the precise time a user opens the app could potentially be stitched together to uniquely identify an individual, or at the very least, profile them as someone who menstruates. In today’s climate, this type of inference could carry significant consequences.
It’s important to consider what users reasonably expect when using a period tracking app. Most would not anticipate that simply opening the app could trigger the sharing of device-level data with multiple third parties. Nor might they foresee that logging their period and symptoms over several months could result in that data being stored on a server managed by the app provider that, under certain conditions, could be compelled to comply with a law enforcement request.
In a hostile legal environment, it is not unreasonable to ask: what might happen if a user simply forgets to log a cycle? Could this absence of data be misinterpreted as a missed period, and, in turn, raise suspicion in jurisdictions where abortion is criminalised or tightly restricted? These are not abstract questions, but real concerns.
These examples are just a few takeaways from our full research, but they offer important lessons about what we should be asking of period tracking apps, and how these apps must be designed and governed to truly uphold our right to privacy, among other fundamental rights.
Privacy by design
These examples are also a call to reconsider what responsibility truly looks like in this space. While some developers may argue that the issues we uncovered reflect industry-common practices, and that their apps have indeed improved since our earlier research, this cannot be the end of the conversation. The question remains: are we holding these apps to a standard that matches the realities users now face?
We argue that period tracking apps must be held to a higher standard, not only because they handle deeply personal and sensitive data, but also because that data exists in an increasingly hostile legal and political environment regarding reproductive rights. Within this context compliance with data protection laws should be seen as a baseline, not the benchmark.
Reproductive health data, including cycle dates, symptoms, sexual activity, and more, deserves robust protection by design and by default. This means minimising data collection, ensuring transparency about how data is processed and by whom, offering meaningful user control, and favouring local over cloud-based storage where possible, among others. It also means recognising that privacy protections are not just technical features, they are essential safeguards for human rights. These protections must be understood in the context of people’s lived realities, particularly for those who may be in vulnerable situations.
In light of the rollback of reproductive rights, we acknowledge that some apps appear to have publicly taken a stance against the criminalisation of abortion and law enforcement overreach, in the post-Roe world. We welcome these commitments and remain optimistic that some app providers, too, believe that people who menstruate should be able to use technology to improve their lives, without putting themselves at risk. But when politics shifts so dangerously in a certain direction, strong public statements are not enough. Regulatory frameworks must evolve to ensure that protections are embedded by default and not left to chance.
Users should be able to trust that the apps they rely on are not putting their reproductive health data at risk, and that privacy is built in from the start, not treated as an afterthought. No one should need to be a privacy expert to use a period tracking app safely, and no one should be exposed to a tool that can be weaponised against them, rather than used to support their health and autonomy.
To explore our research conclusions and recommendations for app developers, regulators, and users, please see here.
If you want to learn more about coping with and helping others to cope with pregnancy loss, we've found the resources at the UK charity Sands to be helpful.
Our campaign
Related learning resources
