Period tracking apps know when you menstruate, when you're ovulating, when you have sex, what symptoms you experience, and whether you might be pregnant. This is some of the most intimate data any app on your phone can collect. And yet, most people download a period tracker, grant it permissions, and never read a single line of its privacy policy. After 2022, that changed for millions of women — but not enough of them.

The Post-Roe Wake-Up Call

When the U.S. Supreme Court overturned Roe v. Wade in June 2022, the privacy practices of period tracking apps became front-page news overnight. The concern was straightforward: if period tracker data is stored on a company's servers, law enforcement could potentially subpoena that data. A missed period, a sudden gap in logging, a note about pregnancy symptoms — this information could theoretically be used as evidence in states where abortion is restricted.

This wasn't hypothetical. In 2023, a Nebraska mother and daughter were charged based partly on Facebook messages. While that case involved social media rather than a health app, it demonstrated that digital health-adjacent data was already being sought by prosecutors. Privacy researchers at the Electronic Frontier Foundation and the Mozilla Foundation both published warnings about period tracker data vulnerability.

The result was a wave of deletions. Millions of users uninstalled Flo, the world's most popular period tracker, despite the company's assurances about privacy. But deleting the app doesn't address the core problem. The question isn't whether one specific app is trustworthy — it's whether the architecture of the app makes trust unnecessary.

What Data Period Trackers Typically Collect

Most period tracking apps collect far more than just your cycle dates. Here's what a typical app asks for:

• Menstrual cycle dates — period start, end, flow intensity
• Ovulation and fertility data — ovulation test results, basal body temperature, cervical mucus observations
• Sexual activity — whether you had sex, whether protection was used
• Symptoms — cramps, headaches, bloating, breast tenderness, mood changes
• Mood and mental health — anxiety, depression, irritability
• Pregnancy-related data — pregnancy tests, miscarriage, termination
• Account information — email, name, age, location

Taken together, this is an extraordinarily detailed picture of someone's reproductive health and sexual behaviour. The question is: where does all of this data go?

The Difference Between "We Don't Sell Your Data" and "We Don't Have Your Data"

This distinction is the most important thing to understand about app privacy, and it applies far beyond period trackers.

"We don't sell your data" means the company stores your data on their servers but promises not to sell it to third parties. This is a policy decision that can change at any time. It also doesn't protect you from data breaches, government subpoenas, or acquisitions (when a company is bought, its data assets are part of the deal).

"We don't have your data" means the app stores everything locally on your device. There are no servers. There is nothing to subpoena, nothing to breach, nothing to sell. Even if the company wanted to hand over your data, they couldn't — they literally don't possess it.

This is the difference between a policy guarantee and an architectural guarantee. Policies can change. Architecture can't be retroactively altered to expose data that was never collected.

On-Device vs Cloud Storage: What It Means Technically

When an app stores data "on-device," it means your information lives in a local database file on your iPhone or Android phone. On iOS, this data is protected by the device's hardware encryption — if your phone is locked with a passcode or Face ID, the database file is encrypted at rest. No one can read it without unlocking your phone.

When an app stores data "in the cloud," your information is transmitted over the internet to the company's servers (or, more commonly, to Amazon Web Services, Google Cloud, or Microsoft Azure). The company can access this data. Their employees may be able to access it. Law enforcement can request it with a warrant. Hackers can target it.

Some apps offer a hybrid model: local storage with optional cloud sync for backup or multi-device access. This is more private than cloud-only, but the moment your data touches a server, the architectural guarantee is gone.

Red Flags in Privacy Policies

If you do read a period tracker's privacy policy (and you should), here are the warning signs:

• "We may share anonymised data with partners" — Research has repeatedly shown that anonymised health data can often be re-identified, especially when combined with other datasets. A 2019 study in Nature Communications found that 99.98% of Americans could be re-identified in any dataset using just 15 demographic attributes.
• "We use third-party analytics" — This means your usage data (and potentially health data) flows through services like Google Analytics, Facebook SDK, or Amplitude. These companies build advertising profiles.
• "We may disclose information to comply with legal obligations" — Every company has to comply with the law. But the key question is whether they have the data to disclose in the first place.
• Requiring an account or email to use the app — If the app needs your email address before you can track your period, your data is almost certainly being stored on their servers.
• Vague language about data retention — If the policy doesn't say how long they keep your data or how to delete it permanently, assume it's kept indefinitely.

What to Look for in a Private Period Tracker

If privacy is a priority (and given the nature of the data, it should be), look for these characteristics:

• No account required. You should be able to open the app and start tracking immediately without providing an email, name, or any identifying information.
• No cloud storage. All data should be stored locally on your device. Check whether the app works in airplane mode — if it does, that's a good sign.
• No third-party analytics SDKs. Check the app's privacy nutrition label on the App Store (scroll down on any app's page to see "App Privacy"). Look for apps that report "Data Not Collected" or "Data Not Linked to You."
• Open about their architecture. The best apps clearly explain how they protect your data, not just that they do.
• Data export. You should be able to export your data in a standard format so you're never locked in.

Cyla is one example of this on-device approach — it stores all cycle data locally on the phone with no account, no cloud, and no analytics. But regardless of which app you choose, the architecture matters more than the brand name.

How to Check Any App's Privacy Nutrition Label

Apple introduced App Privacy labels (often called "nutrition labels") in December 2020. They're not perfect — they're self-reported by developers — but they're a useful first-pass filter.

To check them:

• Open the App Store and find the app
• Scroll down to the "App Privacy" section
• Look at what's listed under "Data Linked to You" and "Data Used to Track You"
• The gold standard is "Data Not Collected" — this means the developer claims the app collects no data at all

For context: Flo's App Privacy label lists Health & Fitness data, Contact Info, Identifiers, Usage Data, and Diagnostics as "Data Linked to You." An on-device-only app should show significantly fewer categories, or none at all.

Beyond Period Trackers

The principles in this article apply to every health app on your phone — sleep trackers, mood journals, fertility monitors, medication reminders. Any app that handles sensitive health data should be evaluated on the same criteria: does the company have your data, or don't they?

The fundamental question isn't "do I trust this company?" It's "does this app's architecture require me to trust the company at all?" When the answer is no — when your data physically cannot leave your device — that's when privacy stops being a promise and becomes a fact.