https://help.flo.health/hc/en-us/articles/4411278780564-What...
For instance, if you need to track your period, the built in iOS apps are secure, especially if you're using advanced icloud encryption.
If you use GrapheneOS, you can enable or disable internet access for each app.
There are almost certainly other apps in the space that don’t need a server, don’t phone home to Meta, and are lower priced, but they probably aren’t as good at marketing.
From my experience in the startup world, I would wager that this developer probably wanted to track marketing campaign installs (Meta library is required to close the loop on Facebook/Instagram ad conversions after app install) or wanted a feature from some Meta library they integrated but didn’t realize or care about the consequences.
because lots of people dont know what HIPPA is, and (naively to us more familiar with tech) assume that a medical-related app on a curated app store would be safe for medical-related stuff.
Ironically, it's HIPAA.
You're right, though; it's much more limited than people think. During COVID people claimed everything violated HIPAA (masks, vaccine requirements, testing), but it only applies in a very narrow subset of patient/provider relationships.
The situation with wellness apps is that they are a product that are designed specifically to exist outside of the regulatory regime that people associate with them.
If you put data onto a networked device it may be sent to some place else.
If you don't want your data being shared:
Use a device that does not have any networking capability (both hardware and software wise)
Use a pen and paper, you can shred and destroy as you see fit.
If you're using an application on a mobile device with mobile data/wifi, the chances are, your data is being uploaded.
Further, a view that ignores many real world digital data risks faced by those considered to be useful targets; eg: compromised supply chains delivering "pre hacked" hardware with discreet wifi chips or hidden out of band comms, etc.
Having said that, you're right to be suspicious of commercial services, even that you pay for. Someone can found a startup with a strong commitment to customer privacy and the best of intentions, but a few acquisitions or near bankruptcies later, those commitments will go out the window.
The small chance that they might go out of their way to not sell premium users data doesn't seem worth much.
And facebook doesn't care about people's rights when those people in power are able to block Facebook from acquiring some new startup they want to buy, so facebook is willing to share the information.
https://bloodyhealth.gitlab.io
A secure open source period tracking app.
“User privacy is important to Meta, which is why we do not want health or other sensitive information and why our terms prohibit developers from sending any.” Meta maintains that any transmission of sensitive health data is due to a failure to comply with its terms of use.
philipallstar•1h ago
It's not a medical requirement from a doctor, so just keep a diary if you want to. Not everything needs to be an app. All the money spent on regulations and regulators to cover increasingly niche opt-in services that are entirely unnecessary is a waste.
johnny22•1h ago
ceejayoz•1h ago
arijun•1h ago
The first seems like it could be resolved with an escalating fine schedule, and the second could be mitigated by requiring Apple/Google to remove it from the app store (one of the rare cases walled gardens are on consumers' side).
ceejayoz•57m ago
Malicious compliance. For example: https://en.wikipedia.org/wiki/Epic_Games_v._Apple
"While Apple implemented App Store policies to allow developers to link to alternative payment options, the policies still required the developer to provide a 27% revenue share back to Apple, and heavily restricted how they could be shown in apps. Epic filed complaints that these changes violated the ruling, and in April 2025 Rogers found for Epic that Apple had willfully violated her injunction, placing further restrictions on Apple including banning them from collecting revenue shares from non-Apple payment methods or imposing any restrictions on links to such alternative payment options. Though Apple is appealing this latest ruling, they approved the return of Fortnite with its third-party payment system to the App Store in May 2025."
Or https://developer.apple.com/support/dma-and-apps-in-the-eu/
"UPDATE: Previously, Apple announced plans to remove the Home Screen web apps capability in the EU as part of our efforts to comply with the DMA."
(This one resulted in enough fuss they backed down.)
arijun•35m ago
Zak•1h ago
kortex•45m ago
inetknght•24m ago
bombcar•18m ago
I've been for a "corporate death penalty" (if companies are people, they can be executed) which would result in the shareholders losing everything along with executives being perp-walked.
krystalgamer•1h ago
ceejayoz•25m ago
Just like banning drugs and murder did!
sdoering•1h ago
Also: Why blame the victims, not the perp?
kakacik•1h ago
Look at say zuckenberg - a typical sociopath lying again and again through his nose with big grin just to get what he wants (ie scandals how FB employees go to DB to spy on their exes or enemies is popping up for 10 years at least and there is no stop, every time there is another assurance how it can't be done now blablabla... and thats just specific meta employees).
Nobody likes that, but just sitting and waiting for almighty regulators while blindly trusting apps in good faith to do their jobs is... not working much, is it. Be smart, adapt to real environment out there, not some wishful thinking. In parallel push for change as much as you can, vote with wallet and your time. Once sought-for paradise comes then feel free to use anything anyhow. At least that seems like smarter approach to me.
ndriscoll•1h ago
So add liability for the buyers of the data or any services derived from the data (e.g. targeted ads). Make it so large advertisers demand audits showing privacy laws are being followed. Also have personal criminal liability for people building and maintaining systems that collect, store, or process data for illegal purposes. Executives, PMs, engineers, the whole lot. Put them in prison if they continue.
ksenzee•32m ago
walthamstow•31m ago
justonceokay•28m ago
SlinkyOnStairs•25m ago
That isn't what's happening. The regulations don't get little niche cases added to them, they're writen to be generally applicable to all niches.
> It's not a medical requirement from a doctor, so just keep a diary if you want to.
"Just don't use the computer if you don't want companies to rat you out to the fascist government that'll imprison or kill you for having a miscarriage" is a ridiculous victim-blaming position.
It's the practical reality of a fascist government that they won't enact privacy laws. And yes, women really shouldn't be using period tracking apps in the US, or made by the US. But that doesn't mean privacy laws are some "silly waste of my tax money".
It's not a "medical requirement" except for the many many many cases where it is. Similarly, this position extends to literally everything. Nothing "needs to be an app". But unless we want to pack up and discard the entire software industry, it really ought to be better about privacy like this.