Is Balance safe?

Scorecard updated 2026-04-13

C Built by a UK menopause clinic and better-positioned than most consumer trackers, but still routes data through standard advertising and analytics SDKs. Mid-table — not harmful, not private.

Category	Menopause symptom tracker
Company	Balance Menopause Ltd (UK) — linked to the Newson Health clinic group
Approx. users	~1M downloads, heavily UK-weighted
HIPAA covered?	No — consumer app, not a US covered entity.
GDPR applies?	Yes. UK GDPR + Data Protection Act 2018 apply by default.
NHS / clinical integration?	Generates a "Health Report" PDF the user can share with their GP — data is not auto-shared with NHS systems.

1. What data does Balance collect?

Symptom tracking (hot flushes, sleep, mood, libido, brain fog, and ~30 others), HRT type and dose if the user chooses to log it, weight, and notes. The app also collects account information, device identifiers, and usage analytics. Symptom data can be exported as a PDF "Health Report" for the user to take to a clinician.

2. Who does Balance share data with?

The privacy policy discloses use of third-party analytics and advertising infrastructure typical of UK consumer apps — this category of sharing is the main reason Balance does not score higher. It also references sharing with Newson Health clinical services where the user has opted into a clinic pathway.

As a UK-based processor, Balance operates under UK GDPR. Data-subject rights (access, deletion, portability) are available on request, and in practice are handled in reasonable timeframes.

3. What does the privacy policy actually say?

The policy is reasonably specific by consumer-app standards and names processors rather than hiding them behind generic categories. It is clearer than Flo's on the boundary between "Balance app data" and "Newson Health clinic records," which operate under separate legal bases.

The weakest language is around "service improvement" and "aggregated research," where the definitions leave room for data use that most users would not anticipate.

4. HIPAA status

Not applicable — Balance is a UK consumer app. Even for US users, HIPAA would not apply because Balance is not a US "covered entity."

5. GDPR status

UK GDPR applies and gives users meaningful rights: a lawful basis must be stated for every processing purpose, consent must be specific and revocable, and data-subject requests must be answered within one month. This is a substantial upgrade over the baseline US consumer-app environment.

6. Security & history

No public breaches known at time of writing. Balance uses standard TLS for transport and platform-managed encryption at rest. We have not identified an independent third-party security audit in public disclosures — a gap relative to the clinically-integrated framing.

7. Deletion & retention

Accounts can be deleted through the app settings and on request by email. Under UK GDPR, users may also request erasure directly. Retention durations for backups and derived analytics are not as specific as we'd like to see.

Grade rationale

Collection scope: moderate and category-appropriate.
Third-party sharing: advertising and analytics SDKs present — the main drag on the grade.
Regulatory: UK GDPR gives genuine teeth.
Policy clarity: above average; names processors.
Security: no known breaches; no public third-party audit.
Deletion: workable; retention windows underspecified.

Weighted score ≈ 68 → C.

What would move this to a B

Publishing a specific list of advertising and analytics SDKs and which events each receives.
A publicly-linked third-party security audit.
Concrete retention numbers (days, not "as long as necessary").

Sources: Balance Menopause Ltd privacy policy; UK Information Commissioner's Office guidance on health apps; app store listings. This page is editorial analysis, not legal advice.