
A Mozilla privacy investigation into six popular period-tracking apps found that some services expose device identifiers, usage details, or sensitive logs to analytics and advertising systems.
Euki earned the study’s only perfect score because it stores health information locally and requires no account, while the astrology-themed tracker Stardust ranked last due to its extensive third-party data sharing.
The investigation combined hands-on testing with network traffic analysis of Euki, Clue, Flo, Period Calendar, Planned Parenthood’s Spot On, and Stardust to examine what information each device left behind during setup, symptom logging, cycle tracking, and use of other features.
Mozilla partnered with the Transparency Hub at Harvard University’s Berkman Klein Center to review historical changes to the apps’ privacy policies, while researchers from the University of Illinois' Siebel School of Computing and Data Science contributed Android testing.
The results revealed significant differences between apps designed to minimize data collection and those that rely on advertising, behavioral analytics, or cloud-based user profiles. Euki scored 10 out of 10, followed by Clue (8), Flo (7), Period Calendar (6), Spot On (5), and Stardust (2).
Period-tracking apps often collect far more than menstrual dates. Depending on the service, users may record pregnancy status, fertility goals, contraceptive use, miscarriages, sexual activity, pain levels, cravings, emotional changes, medication use, and other highly sensitive health information. Even if those records are not shared directly with advertisers, Mozilla warns that simply using a reproductive-health app can become part of a persistent advertising profile.
Mozilla said these concerns remain particularly important in the post-Dobbs legal landscape, where reproductive-health data may carry increased legal and privacy risks.
Euki keeps health data on the device
Euki, an open-source tracker managed by the Euki nonprofit, received Mozilla's highest rating because its core features did not transmit health information outside the device during testing.
The app requires no account and stores cycle data, symptoms, and notes locally instead of on company servers. It also avoids requesting access to unnecessary device permissions such as location or contacts.
Mozilla praised additional privacy features, including PIN protection, automatic data deletion, and a decoy screen designed for situations in which someone is forced to unlock their phone. The primary tradeoff is that locally stored data cannot be recovered if the device is lost or the PIN is forgotten.
Researchers identified one exception involving educational resources opened through Euki's in-app browser. Some external websites loaded analytics and advertising services from Google, Meta, and Microsoft. While the browser assigned a fresh identifier for each visit, reducing long-term tracking, users who entered identifying information into website forms could still be identified. Euki co-founder Ana Ramirez told Mozilla the issue would be reviewed.
Clue and Flo balance privacy with extensive data collection
Germany-based Clue earned the second-highest score. Mozilla praised its granular privacy controls, which separate consent for research, analytics, recommendations, and advertising and allow users to modify those choices after signup.
Although Mozilla did not observe reproductive-health records being broadly shared with third parties, Clue still builds detailed long-term profiles containing cycle information, symptoms, lifestyle habits, moods, and other health data needed to power its predictions.
Flo, which reports 81 million monthly active users, similarly collects extensive health information through cycle tracking and its AI symptom assistant.
Mozilla found that declining Flo's optional advertising and analytics settings significantly reduced communications with services including AppsFlyer, Moloco, and Google Firebase. Researchers did not observe symptom logs, fertility data, or pregnancy information being sent to those partners.
Flo's Anonymous Mode also stopped observed AppsFlyer traffic and routed connections through a Cloudflare relay to hide users' IP addresses from Flo. However, Mozilla noted that AppsFlyer had already received the device's Apple Identifier for Vendor (IDFV) before Anonymous Mode was enabled.
Mozilla also highlighted Flo's history of privacy controversies, including the FTC's 2021 settlement over allegations of health data sharing and an $8 million settlement reached in 2025. Flo said it has significantly strengthened its privacy and security practices since 2019.
Advertising and web tracking
Period Calendar, the only advertising-supported app in the review, did not appear to share cycle logs or symptom data with advertisers. However, Mozilla found that it immediately transmitted device details, including phone model, screen dimensions, time zone, and the app's name, to Google advertising services such as AdMob and DoubleClick, as well as to InMobi.
Because the app's name clearly identifies it as a period tracker, those persistent identifiers can reveal that someone uses a reproductive-health app, even without exposing their actual health records.
Planned Parenthood's Spot On performed well when users remained within its core tracking features, with Mozilla finding no evidence that those functions shared sensitive information externally. Privacy concerns arose when users accessed Planned Parenthood web services through the app's built-in browser.
Mozilla observed provider searches sending information, such as a user's city and requested care type, to the analytics company AB Tasty. Searches for abortion providers also transmitted the user's age and last menstrual period. Additional trackers from Google, Microsoft, TikTok, and Pinterest were detected when using Planned Parenthood's Roo chatbot, although Mozilla did not find users' questions being disclosed.
Stardust at the bottom
Stardust ranked last because Mozilla observed third-party tracking beginning immediately after launch and continuing as users logged reproductive-health information.
The researchers found data relating to birth dates, birth control methods, reproductive goals, and symptoms being transmitted through external services. Detailed health information was sent to the analytics platform RudderStack, along with persistent user identifiers.
Stardust told Mozilla that RudderStack routes data only to the company's analytics systems and does not receive information that can identify individual users. Mozilla also observed device and usage data being shared with AppsFlyer and Facebook, including advertising identifiers that could link activity inside Stardust to existing user profiles.
Mozilla also referenced previous reporting that challenged Stardust's marketing claims around encryption. After reports found the company used standard transport and server-side encryption rather than true end-to-end encryption, Stardust removed those claims from its privacy policy.
Overall, Mozilla concluded that period-tracking apps vary widely in how they collect, retain, and share reproductive-health data. While several apps avoided transmitting sensitive health records to advertisers, the researchers found that device identifiers, analytics services, and in-app web browsers can still expose information users may reasonably expect to remain private.







Leave a Reply