The femtech industry has seen exponential growth in the past decade, with the industry market estimated to hit $1.15 billion this year. Coined by Ida Tin, co-founder and CEO of the menstrual tracker app Clue, the term “femtech” refers to technology-based products and services focused on women’s health. Period and fertility tracking apps like Clue and Flo Health are among the most commonly used femtech developments today. In 2024, Flo reported over 70 million active users and became the first app in this space to achieve unicorn status, with a valuation beyond $1 billion.
Although period and fertility tracking apps are lauded for enabling users to better understand their body and take agency over their health, the apps necessarily collect sensitive data. This can include a user’s name, gender, and location, in addition to details on the regularity of a user’s menstruation cycle, related symptoms, fertility concerns, and pregnancy planning. Following the Supreme Court’s June 2022 decision in Dobbs v. Jackson Women’s Health Organization, which overturned the federal constitutional right to an abortion,1 these apps are facing renewed scrutiny. In a digital landscape with increased surveillance and dubious privacy laws, Dobbs exacerbated the risks inherent to entrusting corporations with individuals’ reproductive health data.
Privacy in the United States, especially as it relates to reproductive rights, is historically tenuous. The constitutional right to privacy underpinning Roe v. Wade can be traced back to the Supreme Court’s decision in Griswold v. Connecticut, where the court held that a Connecticut statute prohibiting the use of contraceptives was unconstitutional because it violated an unenumerated right to privacy found in the “penumbras, formed by emanations” of various enumerated rights.2 This conception of privacy was critiqued in the aftermath of Roe as vulnerable and ultimately formed much of the basis for the majority’s reasoning in Dobbs.3
The Health Insurance Portability and Accountability Act (HIPAA), established in 1996, partially fills the constitutional privacy gap by establishing federal standards to protect sensitive health information from disclosure without a patient's consent, yet mobile health apps are not covered by HIPAA. Numerous states have passed their own digital privacy laws, but the varying standards have created a fragmented legal framework that largely relies on consumer-driven privacy self-management through notice and choice requirements.
Set against this backdrop, users of period and fertility tracking apps have expressed fear that their personal health data may be mischaracterized or used against them. While this specific scenario has not yet played out, there is precedent for authorities leveraging personal digital data in investigations against individuals in states where abortion is criminalized. Search engine data has been introduced by prosecutors to prove criminal intent in multiple cases where abortion has been tried as murder. With this concern in mind, some experts have advised individuals to delete their sensitive health data from, and cease use of, period and fertility tracking apps.
Period and fertility tracking apps have been under fire in the past for data security concerns, even prior to the renewed privacy discussions triggered by Dobbs. In 2021, for example, Flo reached a settlement with the Federal Trade Commission following allegations that the app shared user data with Facebook and other data analytics companies without user knowledge or consent. Flo did not admit wrongdoing as part of the settlement, though the company did later introduce an anonymous mode aimed at making it more difficult to connect individual users to their health data.
In the absence of widespread reform, users can still take measures to better safeguard their sensitive health data—for example, users can read an app’s privacy policy before agreeing to its terms, opt for apps that store data locally rather than in the cloud, and avoid providing surplus personally identifiable information when it is not required. Period and fertility tracking apps do provide users with important health information and empowering tools for personal health management. However, without a clear constitutional right to privacy or more protective data privacy legislation, like the European Union’s General Data Protection Regulation (GDPR), personal data collected by digital platforms remains at risk. And without a federal constitutional right to an abortion, data related to reproductive health is especially precarious.
[1] Dobbs v. Jackson Women's Health Org., 597 U.S. 215, 222 (2022).
[2] Griswold v. Connecticut, 381 U.S. 479, 484 (1965).
[3] Dobbs at 235.