Are Menopause Apps Safe? What Happens to Your Health Data

Data broker: A company that aggregates personal data from multiple sources and sells or licenses it to third parties including advertisers, insurers, researchers, and marketers. Health apps frequently share data with data brokers even when their privacy policy states they do not sell personal data — because sharing under certain contractual frameworks may not legally constitute a sale.

On-device storage: An approach where health data is processed and stored on the user's phone rather than transmitted to external servers. On-device storage reduces the surface area for data sharing with third parties, but does not eliminate all privacy risk — apps can still send data to analytics SDKs or advertising frameworks even when primary data is stored locally.

HIPAA (Health Insurance Portability and Accountability Act): US federal law that governs the privacy of health information held by covered entities (doctors, hospitals, insurers). Most consumer health apps are NOT HIPAA-covered entities — meaning the law does not restrict how they use, share, or sell health data you enter. Consumer-facing apps operate under their own privacy policies and relevant FTC regulations, not HIPAA.

How Free Apps Generate Revenue From Health Data

The business model of free consumer apps is generally advertising or data monetisation. This is not hidden — it is disclosed in privacy policies, which most users do not read before entering sensitive health information.

Health data is particularly valuable because it predicts behavior. A woman tracking perimenopause symptoms is likely in a specific demographic, experiencing specific health events, and making purchases related to those events. Advertisers pay premium rates to reach her at this moment. Fertility data, symptom data, and medication data are among the highest-value categories for targeted advertising.

The mechanism is typically not direct data sales to advertisers. Instead, apps embed advertising SDKs (software development kits) from companies like Meta and Google. These SDKs send device identifiers and event data — including health events — back to the advertising company’s servers, where it is matched against other data to build user profiles. This is the mechanism at the center of the Flo FTC settlement: health events were transmitted to Facebook and Google via their respective advertising SDKs.

The Flo FTC Settlement: What Actually Happened

In January 2021, the Federal Trade Commission announced a settlement with Flo Health, Inc. The FTC’s complaint alleged that Flo shared user health data with third parties including Facebook and Google’s Firebase Analytics platform, despite Flo’s privacy policy stating that personally identifiable information would not be shared with third parties for advertising purposes.

The data shared included health-specific events such as when a user indicated they were pregnant, trying to conceive, or experiencing particular menstrual symptoms. This data was transmitted through advertising and analytics SDKs that Flo had embedded in its app.

As part of the settlement, Flo was required to: obtain affirmative express consent from users before sharing health information with third parties; notify users whose health data had been shared; and require those third parties to delete the data. Flo denied wrongdoing as part of the consent agreement.

This settlement is notable not because Flo was uniquely bad, but because it established a documented public record of the practice. Similar data-sharing practices are likely common across the consumer health app space.

{/* InlineSignup */}

What “On-Device Storage” Actually Means

Some apps advertise on-device storage as a privacy feature. This means that your primary health data — cycle dates, symptoms, notes — is processed and stored on your phone rather than transmitted to the company’s servers.

This is a genuine privacy improvement over apps that store all data in the cloud. On-device storage means the company cannot access your data if it is breached, cannot hand it to law enforcement without physical device access, and cannot sell or share the primary dataset.

However, on-device storage does not eliminate all privacy risk. Apps can still transmit data through embedded SDKs — analytics tools, crash reporting services, or advertising frameworks — even when the main data store is local. Evaluating an app’s SDK list (which requires reading privacy disclosures or using technical tools to inspect network traffic) provides a more complete picture than the on-device storage claim alone.

Questions to Ask Before You Download

Rather than relying on app store ratings or feature lists, privacy-relevant questions include:

Business model. Is the app free, subscription-based, or freemium (free with premium tier)? A subscription-only model removes the financial incentive to monetise data through advertising. This does not guarantee strong privacy practices, but it removes the structural conflict of interest.

Third-party SDKs. Does the app’s privacy policy list advertising SDKs, analytics tools, or data partners? This is usually in a section titled “Third-Party Services,” “Analytics,” or “Advertising Partners.” A long list of third-party SDKs in a health app warrants scrutiny.

Data residency. Where are servers located? EU-based servers on EU-based companies operate under GDPR, which provides stronger individual rights than US law.

Security certifications. SOC 2 Type II certification means an independent auditor has assessed the company’s data security controls. Its presence does not guarantee privacy, but its absence removes one layer of external accountability.

Company history. Has the company had regulatory actions, data breaches, or significant policy changes? This requires a brief search beyond the app store.

How Horiva Approaches Data

Horiva is subscription-only — there is no free tier, no advertising, and no advertising SDKs. Symptom data is stored on your device and synced to our servers only for backup and cross-device access. We do not share health data with third parties for any purpose. Our full privacy policy explains what data we collect, how it is stored, and the limited circumstances under which it could be disclosed (e.g., legal requirements). We do not embed advertising or analytics SDKs that transmit health event data.

We built Horiva in part because the data practices in free period and menopause tracking apps are, in our view, incompatible with the sensitivity of the information being tracked. The health events women log during perimenopause deserve better than being processed through advertising infrastructure.

Q&A

Did Flo Health actually share user data with Facebook and Google?

Yes. In January 2021, the FTC settled charges against Flo Health, Inc. alleging that the app shared user health data — including when users reported being pregnant, trying to conceive, or experiencing symptoms — with Facebook (Meta) and Google, despite stating in its privacy policy that it would not share such information with third parties. As part of the settlement, Flo agreed to obtain affirmative consent from users before sharing their data and to notify users whose data had been shared. Flo denied wrongdoing as part of the settlement.

Q&A

Is my health data protected when I use a menopause app?

Generally, not by law. HIPAA applies to healthcare providers and insurers — not to consumer apps. The primary legal framework for consumer apps is FTC Act Section 5, which prohibits unfair or deceptive practices. This means an app can legally collect extensive health data if its privacy policy discloses that it does so. The protections depend almost entirely on the app's actual data practices, which must be evaluated individually.

Q&A

What does 'we do not sell your data' actually mean in an app's privacy policy?

The phrase is often technically accurate while still permitting extensive data sharing. 'Selling' data has a specific legal definition; sharing data with advertising partners, analytics providers, or data partners under data processing agreements may not constitute a 'sale' under that definition. A more meaningful question to ask is: does the app share any health data with third parties, including advertising SDKs, analytics providers, or business partners? This is often disclosed further down in the privacy policy, under sections describing data sharing or third-party services.

Q&A

What is the safest type of menopause tracking app from a privacy standpoint?

Apps that store data locally on your device, do not include advertising SDKs, and have clearly auditable or open-source code provide the strongest privacy profile. A subscription-only business model removes the financial incentive to monetise data, since revenue comes from users directly. Apps with SOC 2 Type II certification or independent security audits have undergone external scrutiny of their data handling. No app is zero-risk, but these features meaningfully reduce exposure.

Like what you're reading?

Try Horiva free — no credit card required.

Could my symptom data affect my health insurance?

The Affordable Care Act prohibits health insurers from using health status to deny coverage or set premiums for individual and small group plans. However, life insurance, disability insurance, and long-term care insurance are not subject to the same restrictions. Data brokers who aggregate health app data could, in theory, provide information to these insurers. The practical risk is difficult to quantify, but the theoretical pathway exists. For women tracking sensitive conditions, the risk profile differs from tracking general fitness.

Are apps based outside the US subject to different data laws?

Yes. Apps based in the EU are subject to GDPR, which provides stronger individual rights including the right to access, correct, and delete personal data. However, GDPR applies to companies processing data of EU residents — US users may not have the same protections even from EU-based apps. Apps based in countries with weaker data protection frameworks may provide fewer protections than US-based alternatives.

What questions should I ask before downloading a menopause app?

Useful questions include: Does the app include advertising SDKs? (Check the privacy policy's third-party services section.) Is data stored on my device or on company servers? What is the business model — is it free, subscription, or freemium? Has the company ever settled data-related legal actions? Is the app's code audited or open source? Does the company have a published security policy or certifications? You will not get answers to all of these from the app store listing — you need to read the actual privacy policy.

Still have questions?

Start tracking free for 14 days

Keep reading

Best Menopause Apps for Privacy in 2026

Ranked menopause and perimenopause tracking apps by how they handle your health data — where it is stored, who can access it, and what the company's track record looks like.

5 Best Perimenopause Tracker Apps in 2026

Ranked perimenopause tracker apps compared by symptom depth, privacy model, doctor report export, and price. Honest assessment of what each does well and where each falls short.

Best Flo Alternative for Perimenopause — Horiva vs Flo

Looking for a Flo alternative that doesn't sell your health data? Horiva tracks 40+ perimenopause symptoms with on-device storage and doctor-ready reports.

Horiva vs Flo for Perimenopause: Privacy-First vs FTC Settlement

Horiva stores all data on-device and was built for perimenopause. Flo settled FTC charges in 2021 for sharing health data with advertisers. Here's the comparison.

Horiva vs Clue for Perimenopause: On-Device Privacy vs Ad-Supported

Horiva is privacy-first with on-device storage. Clue runs an ad-supported model that monetizes health data. Here's how they compare for perimenopause tracking.

How to Track Perimenopause Symptoms: A Practical Guide

Tracking perimenopause symptoms gives you data you can actually use — both to understand your own patterns and to communicate effectively with a doctor.