Apps that help people track their menstrual cycle are data “gold mines” for advertisers, a new report warns. Advertisers use this highly valuable data for customer profiling, allowing them to tailor marketing campaigns to specific groups of consumers.

The report, published by the University of Cambridge’s Minderoo Centre for Technology and Democracy on Tuesday, June 10, explains that the risks to app users go far beyond just targeted ads. When this data falls into the wrong hands, it can affect users’ job prospects and lead to workplace surveillance, health insurance discrimination, and cyberstalking. It has even been used to limit access to abortion in the U.S., the study warns.

Hundreds of millions of people use period tracking apps. A 2024 study estimated that the number of global downloads for the three most popular apps exceeds 250 million. These platforms are run by companies that profit from the mountain of user data they collect—particularly pregnancy data. According to the University of Cambridge report, data on pregnancy is 200 times more valuable to advertisers than data on age, gender, or location.

Investigations conducted in 2019 and 2020 by Privacy International, a U.K.-based nonprofit, found that multiple apps directly shared personal data with advertisers. A follow-up study published on May 28 found that while major menstrual app companies have improved their approach to data privacy, they still collect device data from users in the U.K. and U.S. with “no meaningful consent.”

Stefanie Felsberger, sociologist and lead author of the University of Cambridge report, interviewed period tracking app users in Austria to understand why they use them and what they track. She was surprised to find that many people she spoke with didn’t think of their menstrual data as personal or intimate and were unaware of its incredible commercial value.

“Period tracking apps collect a vast number of different kinds of information,” Felsberger told Gizmodo. “They don’t just collect information about the menstrual cycle as such, they also collect information about people’s reproductive choices, sexual activities, their wellbeing, health, [and] medication intake,” she said. These apps also gather background information about users, including their age, gender, IP addresses, app behavior, and device information, she added.

“We have limited and also changing knowledge about how and where this data has been shared and who has access to it,” Felsberger said.

In the U.S., menstrual tracking apps are regulated as general wellness devices, so the data they collect don’t get any special legal protections, she explained. Advertisers aren’t the only ones who can exploit this lack of safeguarding to access menstrual data. Government officials can also get their hands on this information and use it to restrict abortion access.

Felsberger’s report highlights two such cases, though in these instances, menstrual data did not come specifically from period tracking apps. Still, they illustrate how governments can use this information to limit access to abortion at both state and federal levels.

In 2019, Missouri’s state health department used menstrual tracking data to investigate failed abortions. They also tracked patients’ medical ID numbers, the gestational age of fetuses, and the dates of medical procedures. As a result of this investigation, the state attempted to withhold the license of St. Louis’ Planned Parenthood clinic—the only abortion provider in the state at that time. This led to a year-long legal battle that ultimately restored the clinic’s license.

During President Donald Trump’s first administration, the federal Office of Refugee Resettlement tracked the menstrual cycles of unaccompanied minors seeking asylum in the U.S. They aimed to prevent these minors from obtaining abortions even in cases of rape. A freedom of information request by MSNBC uncovered a spreadsheet containing dates of the minors’ menstrual cycles, lengths of their pregnancies, whether the sex had been consensual, and whether they had requested an abortion. 

These cases underscore the dangers of failing to protect users’ period tracking data, especially in a post-Dobbs world. Since Roe v. Wade was overturned in 2022, abortion access has become deeply fragmented across the U.S. This procedure is currently banned in 13 states and access is significantly limited in an additional 11 states.

In the European Union and the U.K., period tracking apps have more legal protections. “But they are not often implemented very well,” Felsberger said. Their privacy policies tend to be “very vague,” which makes it difficult for users to understand who can access their data.

“App developers and companies have a very large responsibility, because they do present themselves as providing people with this opportunity to learn about their menstrual cycles,” she said. “I think they should also do their utmost to keep people’s data safe and be transparent about the way that they use data.” There is also a need for stronger federal regulations, especially in the U.S., she added.

Given that these apps offer valuable health insights, it’s unrealistic to expect users to stop using them entirely. But Felsberger recommends switching to non-commercial period tracking apps that provide more data privacy. These platforms are run by non-profit organizations or research institutions that won’t share your information with third parties.

As the landscape of reproductive health becomes increasingly treacherous in the U.S., understanding how third parties may exploit your menstrual data has never been more important.

“Menstrual tracking data is being used to control people’s reproductive lives,” Felsberger said in a University statement. “It should not be left in the hands of private companies.”