Flo covertly shares users' menstrual cycle data 

Occurred: February 2019

Period tracker Flo shared data with Facebook, Google, and others every time a user had their period or indicated that they wanted to get pregnant, despite promising to keep users’ sensitive health data private.

Flo is a US-based period tracker and pregnancy app used by over 100 million people which allows users to 'access personalized health insights, virtual dialogs, and dozens of courses to learn how your cycle affects your body and well being.'

A critical WSJ article sparked a strong backlash from civil rights and privacy groups, and customers.

The finding resulted in Flo Health settling with the US Federal Trade Commission (FTC) in January 2021.

According to the terms of the deal, Flo must notify affected users about the disclosure of their health information and stop misrepresenting how it collects, manages, and uses customer data.

Flo subsequently advised customers it would launch an ‘Anonymous Mode’ that removes their personal identity from their accounts, prompting further users to cancel their accounts.

Operator: Flo Health
Developer: Flo Health

Country: USA

Sector: Health

Purpose: Track menstrual cycle

Technology: Prediction algorithm
Issue: Privacy

Transparency: Governance; Privacy; Marketing

Page info
Type: Incident
Published: January 2023