This Period Tracker Promised Privacy. Researchers Say It Shared Users’ Health Data Anyway

Mozilla researchers found the app shared users' reproductive health information with a third-party analytics company despite marketing itself as a privacy-first option.
We receive compensation from the products and services mentioned in this story, but the opinions are the author's own. Compensation may impact where offers appear. We have not included all available products or offers. Learn more about how we make money and our editorial policies.

Researchers have raised new privacy concerns about the popular period-tracking app Stardust after finding it shared users' sensitive reproductive health information with a third-party analytics company — despite its promise that "Your data is private. Period."[1]

“We take your privacy seriously and protect your personal data by anonymizing and encrypting it,” Stardust has written in its data page overview.

According to new research from Mozilla, that’s not exactly the case. Stardust transmitted data including users' birthdates, birth control methods, reproductive goals, and logged symptoms to analytics platform RudderStack.[2]

RudderStack is an agentic, “warehouse native” Customer Data Platform (CDP) designed to make it easy for data engineers and developers to collect, unify, and activate customer data.[3]

While the records did not include users' names, they were linked to unique identifiers that privacy experts say can still be used to identify individuals.

In this article
Researchers say Stardust shared users' reproductive health data
Why this matters
Stardust says the data isn't being sold
Not all period trackers performed the same
How to better protect your health data

Researchers say Stardust shared users' reproductive health data

Mozilla's latest privacy research examined six popular period-tracking apps by analyzing their network traffic to see what information was leaving users' devices.

Of the six apps tested, Stardust was the only one found to be transmitting sensitive reproductive health information to another company.

According to Mozilla, the shared information included:

  • Birthdate
  • Birth control method
  • Reproductive goals
  • Specific symptoms entered into the app

While the records did not include users' names, they were associated with a persistent unique identifier instead.

Removing someone's name does not necessarily make health data anonymous. The Federal Trade Commission has previously cautioned that so-called "de-identified" data can often be linked back to individuals when combined with other information.

Why this matters

Many health and wellness apps rely on third-party services to provide analytics, cloud infrastructure, crash reporting, or payment processing. Users often never see these background data transfers happening.

While these services can help developers improve their apps, they also introduce additional privacy risks. Every additional company that receives sensitive information creates another potential point of exposure through security incidents, legal requests or internal misuse.

Those concerns have become especially significant for reproductive health apps since the U.S. Supreme Court overturned Roe v. Wade in 2022.

"We're very concerned in a lot of advocacy spaces about what happens when private corporations or the government can gain access to deeply sensitive data about people's lives and activities," Lydia X. Z. Brown, a policy counsel with the Privacy and Data Project at the Center for Democracy and Technology, told NPR. “That data could put people in vulnerable and marginalized communities at risk for actual harm.”

At the time, millions of people turned to period-tracking apps like Stardust because of their privacy-focused marketing. TechCrunch previously investigated the app in 2022 after it claimed to use end-to-end encryption and reported that those claims did not match the app's actual behavior.

Mozilla's latest findings add fresh scrutiny to how reproductive health information is handled behind the scenes.

Stardust says the data isn't being sold

According to BBC News, a Stardust spokesperson said RudderStack is "contractually prohibited from selling or using it for its own purposes."

However, researchers note that both companies are based in the United States. That means data stored on their servers could still be subject to lawful requests from government agencies or law enforcement.

TechCrunch reported that Stardust founder Rachel Moranis did not respond to questions about Mozilla's findings or whether the company has ever received requests for users' health data.

Not all period trackers performed the same

Mozilla tested six different period-tracking apps as part of its research. The organization singled out Euki as its top privacy recommendation, describing it as "squeaky clean."

Researchers found that Euki did not share users' reproductive health data with third parties during its core functions, and that users' health information remained stored on their devices rather than transmitted elsewhere.

It also happens to be among our favorite period-tracking apps in the market.

How to better protect your health data

We recommend taking a few minutes to review an app's privacy policy and permissions before entering sensitive health information. It's also worth checking whether the app shares data with third parties for analytics, advertising or other purposes.

If you use a period-tracking or other health app, there are a few ways to reduce your privacy risks:

  • Review the app's privacy policy before entering sensitive information.
  • Check whether the app shares data with third parties for analytics or advertising.
  • Disable optional analytics or data-sharing settings if they're available.
  • Consider apps that store health information locally on your device instead of transmitting it to external servers.
  • Keep your apps updated to receive the latest security improvements.

If you find yourself at the receiving end of a data leak, you could use a data removal service to hunt down and delete your personal information shared to third parties across the internet.

No app can eliminate every privacy risk, but understanding how your health information is collected, stored and shared can help you make a more informed choice.

Take Control of Your Online Privacy
5.0
Editorial Rating
Get Deal
On Incogni's website
2026 Editors’ Choice
Best Overall Data Removal Service
Privacy Protection
Incogni
PROMOTION: Save 55% with code COOKIE
  • Top-rated data removal service that scrubs your info from 420+ data broker sites automatically
  • Independently verified by Deloitte, meaning removals are actually sent, confirmed, and not just claimed
  • The Unlimited plan extends coverage to 2,000+ additional sites with human-assisted custom removals

Author Details
Thomas Kent is a multi-disciplined reporter with over a decade of experience covering online platforms, digital trends, and consumer-facing tech. Tom focuses on digital privacy, data tracking, and user behavior, with a particular interest in how cookies, online surveillance, and platform design shape the modern internet experience. His reporting takes a research-driven, news-focused approach, translating complex technical topics into clear, accessible insights.

Citations

[1] Your Data

[2] Your Period Data Should Be Private

[3] What is Rudderstack?