Is Flo safe?

Scorecard updated 2026-04-13

D Enormous user base, a history of regulator action, and a business model that still depends on broad data flows. Caution strongly advised — particularly post-Dobbs.

Category	Period, fertility & menopause tracking
Company	Flo Health, Inc. (UK/US)
Approx. users	~380M registered globally (company-reported)
HIPAA covered?	No — Flo is a direct-to-consumer app, not a covered entity.
GDPR applies?	Yes, for EU/UK users.
Anonymous Mode?	Yes, introduced 2022. Opt-in, not default.

1. What data does Flo collect?

Flo collects period dates, cycle length, symptoms, mood, sexual activity, contraception use, pregnancy and pregnancy-loss status, menopause symptoms, weight, sleep, and (for paid users) lab results uploaded by the user. It also collects device identifiers, IP address, approximate location, and usage analytics.

The app infers additional attributes — for example, a user logging specific symptom clusters may be categorised as "likely pregnant" or "perimenopausal" for content personalisation, even without explicitly selecting that status.

2. Who does Flo share data with?

Flo's current privacy policy lists categories of recipients including analytics providers, advertising partners, "research partners," and service providers. Historically, third-party SDK analyses have identified integrations with Facebook, Google, AppsFlyer, and Flurry, with ongoing scrutiny from privacy researchers about whether health-domain events are transmitted.

Flo's Anonymous Mode, added in 2022, lets users operate the app without an account and prevents Flo from linking inputs to a verified identity. It is a meaningful control but it must be manually enabled, and it does not retroactively apply to historical data.

3. What does the privacy policy actually say?

"We may share your personal data with… advertising partners… research partners…"

The policy is clearer than it was pre-2021, but it still relies heavily on broad category language. The marketing framing ("your data stays private") is stronger than the policy supports. Users should read the sections on "Processing for advertising" and "Data shared with research partners" carefully.

4. HIPAA status

Flo is not covered by HIPAA. HIPAA applies to healthcare providers, health plans, clearinghouses, and their business associates. A consumer app downloaded from the App Store is none of these. This is the single most-misunderstood fact about health apps, and it is true for essentially every app in this category.

5. GDPR & state-law status

GDPR applies for EU and UK users; Flo provides data-subject request mechanisms. In the US, Washington's My Health My Data Act and similar laws in other states now impose explicit consent requirements for sharing of "consumer health data", which meaningfully constrains data sale even absent HIPAA coverage. Enforcement is early and uneven.

6. Security & enforcement history

In 2021 the US Federal Trade Commission settled with Flo over allegations that the app had shared health data with Facebook, Google, and other third parties despite promising users their information would stay private. The settlement required Flo to notify users, obtain consent for future sharing, and submit to independent privacy audits.

There have been no public breaches of Flo's own systems since that settlement, and Anonymous Mode is a direct response to post-Dobbs concerns about period data being used as evidence in US prosecutions. Security posture appears to have meaningfully improved; the concern is structural, not technical.

7. Deletion & retention

Accounts can be deleted from within the app. Flo states that deletion removes personal data, subject to legal-retention carve-outs. Historical data shared with third parties before deletion cannot be recalled.

Grade rationale

Collection scope: very broad, including inferred pregnancy/menopause status.
Third-party sharing: improved, but ad and research partner categories remain broad. Biggest drag on the grade.
Regulatory: not HIPAA; GDPR and MHMDA provide partial cover.
Policy clarity: better than it was, still hedged.
Security & history: 2021 FTC settlement is a material downgrade; post-settlement behaviour has improved.
Deletion: reasonable in-app.

Weighted score ≈ 48 → D.

What we'd watch next

Whether Anonymous Mode becomes the default, not an opt-in.
Further US state-law enforcement actions involving consumer health data.
Any change of ownership or Series-stage pressure that would shift the business model.

Sources: Flo Health privacy policy; FTC press release and complaint, In the Matter of Flo Health, Inc. (2021); independent app-traffic analyses by Mozilla Foundation and academic privacy researchers. This page is editorial analysis, not legal advice.