What do our 2025 findings mean for users’ privacy and reproductive health data in a post-roe world?

First, it’s important to acknowledge that our 2025 research did reveal improvements compared to our findings in 2019 and 2020. For instance, most apps we tested this time now allow users to use the service without creating an account or providing personal information (unless they choose to do so). We also observed the introduction of privacy-conscious features, such as anonymous sign-in methods that keep account data separate from period tracking data, thereby enhancing user privacy.

However, these improvements must be understood in the context we explained before, where the risk that law enforcement could seize data from period tracking apps to prosecute individuals seeking abortion is no longer hypothetical. In jurisdictions where abortion is criminalised or heavily restricted, this data could be used as evidence. It’s important to stress that if a firm that runs an app receives a request by law enforcement, it may have no legal choice but to comply and hand over the data it holds.

It is within this increasingly hostile context that we must assess the key features, functionalities, and privacy safeguards of period tracking apps. While our investigation did not uncover any serious technical failings at this time, the broader risks posed by today’s legal and political landscape highlight areas of concern that warrant closer scrutiny. Is it enough for apps to meet the minimum legal standards, or should they take active steps to resist harmful data practices and safeguard users in this new landscape?

Take this common feature as an example: most apps process data off-device for development or functionality purposes. This was also the case for most of the period tracking apps we examined. In practice, this means users’ inputted data, such as information about their periods and symptoms, is processed on the app provider’s servers or third-party servers, rather than staying only on the user’s device.

When we consider the sensitive nature of health data and the current environment, this widespread practice places users in a more vulnerable position. Off-device storage introduces an additional risk: the possibility that such data could be seized and used against individuals (and without their knowledge), particularly in jurisdictions where reproductive care is criminalised or restricted.

But things don’t have to be this way. One feature we found in some apps that stands out from a privacy perspective is the option to store data locally on the user’s device. This means that menstrual cycle information inputted by the user remains on their device and is not automatically transmitted to the app developer or stored in a cloud. This approach potentially enhances user privacy and control, as only the user (i.e., their device) is processing and storing their input data.

We acknowledge that this feature also comes with trade-offs. For users who rely on backup options for convenience or to ensure they don’t lose their data, local-only storage can pose challenges; data stored exclusively on a device cannot be recovered if the device is lost, stolen, or damaged. And importantly, while local storage may reduce the risk of remote access by third parties, it does not protect against device searches or seizures—scenarios that are increasingly relevant in jurisdictions hostile to reproductive rights.

Still, when weighed against the very real risk of law enforcement agencies attempting to obtain reproductive health data from app providers, local storage offers a clear protective advantage. If the app provider does not hold the user’s data in the first place, there is nothing to hand over, for example, in response to a subpoena. In such cases, such as default local storage setting where inputted cycle data never leaves the user’s device can offer a vital layer of protection.

Another area of potential concern lies in the integration of third-parties. In our analysis of web traffic generated by several apps, we observed the presence of a wide range of third parties, primarily for advertising and functionality purposes. These entities were receiving data related to the user’s device. While this kind of data sharing is relatively common across apps and platforms, the picture is still complex.

Although device data is not typically considered sensitive, the granularity of information shared in some cases could, when combined, create privacy risks. For instance, data points such as phone model, IP address, location, and the precise time a user opens the app could potentially be stitched together to uniquely identify an individual, or at the very least, profile them as someone who menstruates. In today’s climate, this type of inference could carry significant consequences.

It’s important to consider what users reasonably expect when using a period tracking app. Most would not anticipate that simply opening the app could trigger the sharing of device-level data with multiple third parties. Nor might they foresee that logging their period and symptoms over several months could result in that data being stored on a server managed by the app provider that, under certain conditions, could be compelled to comply with a law enforcement request.

In a hostile legal environment, it is not unreasonable to ask: what might happen if a user simply forgets to log a cycle? Could this absence of data be misinterpreted as a missed period, and, in turn, raise suspicion in jurisdictions where abortion is criminalised or tightly restricted? These are not abstract questions, but real concerns.

These examples are just a few takeaways from our full research, but they offer important lessons about what we should be asking of period tracking apps, and how these apps must be designed and governed to truly uphold our right to privacy, among other fundamental rights.

Privacy by design

These examples are also a call to reconsider what responsibility truly looks like in this space. While some developers may argue that the issues we uncovered reflect industry-common practices, and that their apps have indeed improved since our earlier research, this cannot be the end of the conversation. The question remains: are we holding these apps to a standard that matches the realities users now face?

We argue that period tracking apps must be held to a higher standard, not only because they handle deeply personal and sensitive data, but also because that data exists in an increasingly hostile legal and political environment regarding reproductive rights. Within this context compliance with data protection laws should be seen as a baseline, not the benchmark.

Reproductive health data, including cycle dates, symptoms, sexual activity, and more, deserves robust protection by design and by default. This means minimising data collection, ensuring transparency about how data is processed and by whom, offering meaningful user control, and favouring local over cloud-based storage where possible, among others. It also means recognising that privacy protections are not just technical features, they are essential safeguards for human rights. These protections must be understood in the context of people’s lived realities, particularly for those who may be in vulnerable situations.

In light of the rollback of reproductive rights, we acknowledge that some apps appear to have publicly taken a stance agaisnt the criminalisation of abortion and law enforcement overreach, in the post-Roe world. We welcome these commitments and remain optimistic that some app providers, too, believe that people who menstruate should be able to use technology to improve their lives, without putting themselves at risk. But when politics shifts so dangerously in a certain direction, strong public statements are not enough. Regulatory frameworks must evolve to ensure that protections are embedded by default and not left to chance.

Users should be able to trust that the apps they rely on are not putting their reproductive health data at risk, and that privacy is built in from the start, not treated as an afterthought. No one should need to be a privacy expert to use a period tracking app safely, and no one should be exposed to a tool that can be weaponised against them, rather than used to support their health and autonomy.

To explore our research conclusions and recommendations for app developers, regulators, and users, please see here.

If you want to learn more about coping with and helping others to cope with pregnancy loss, we’ve found the resources at the UK charity Sands to be helpful.