Health apps have become a staple in many of our lives. Whether you’re tracking your period, logging your workouts, or looking for support with mental health, these tools promise to make managing your well-being easier. But behind the convenience is a reality that’s rarely discussed: your most personal health data is often quietly shared with advertisers, data brokers, and even companies you’ve never heard of. This isn’t just about targeted ads. When your menstrual cycles, moods, or fitness routines are shared without your clear consent, it can lead to discrimination, embarrassment, and even legal trouble. The consequences reach far beyond your phone—and most people have no idea it’s happening.
So, what exactly is being shared? Who’s collecting it? And what can you actually do to protect yourself? Let’s break down what’s really going on with period trackers, mental health apps, and fitness apps, and what you need to know to keep your private life, well, private.
What Your Health Apps Are Really Collecting—and Sharing
It’s easy to assume that health apps only use your data to help you. After all, you’re entering information about your cycle, your moods, or your exercise routines to get insights about yourself, not to help advertisers. Unfortunately, the reality is much messier.
Let’s look at what’s actually happening:
- Period trackers often collect data on menstrual cycles, sexual activity, symptoms, and even pregnancy intentions. This isn’t just about helping you predict your next period—it’s a goldmine for marketers and data brokers.
- Mental health apps may ask for your mood, stress levels, therapy notes, and medication details. Some even collect location data and device information.
- Fitness apps like Strava and Fitbit track your workouts, heart rate, sleep patterns, and sometimes your exact GPS location.
According to a 2022 study by the Organisation for the Review of Care and Health Apps (ORCHA), 84% of 25 period-tracking apps shared user data with third parties. Even more concerning, 68% did so specifically for marketing. And it’s not just period apps: a 2026 report found that Strava and Fitbit collect more data points than almost any other health or fitness apps—21 and 20, respectively.
Some apps have been caught red-handed. The FTC charged Flo, a popular period tracker, for sharing sensitive health data with Facebook and Google despite promising users it wouldn’t. Premom, another fertility app, was fined $100,000 in 2023 for misleading users and sharing reproductive health and location data with third parties, including Google and Alibaba’s Umeng.
Why Millions of Users Never Realize Their Data Was Exposed
Most people assume that health data is private by default. After all, isn’t health information protected by law? Here’s the catch: the Health Insurance Portability and Accountability Act (HIPAA) only applies to healthcare providers, insurers, and their partners—not to most health apps you download from the app store. This means your period, mental health, or fitness data can be collected and shared without the same legal protections you’d expect at your doctor’s office.
Even when apps claim to anonymize your data, that doesn’t mean you’re safe. Data brokers can often piece together information from different sources to re-identify individuals. For example, your cycle data from one app, combined with location data from another, can be enough to pinpoint you.
And it’s not just about being targeted with ads. Sensitive health data has been used to make insurance decisions, influence credit scores, or even as evidence in legal proceedings. In a world where reproductive rights and mental health are hot-button issues, the risks are more than theoretical.
Common Myths: What Most People Get Wrong About Health App Privacy
- "HIPAA covers all health apps": This is a widespread misconception. Most health apps are not covered by HIPAA, leaving your data unprotected by these federal rules.
- "My data is always anonymous": Many apps say they anonymize data, but research shows it’s often possible to re-identify users, especially when multiple data sources are combined.
- "If I don’t create an account, my data is private": Some apps still collect and share device IDs, location, and usage patterns, even if you use them without signing up.
- "Apps only share data with my permission": Permissions are often buried in lengthy privacy policies or vague consent forms. Many users give broad consent without realizing what they’re agreeing to.
Don’t blame yourself if you’ve believed any of these myths. App makers have a responsibility to be clear and honest, and too many fall short.
Real-World Consequences: From Embarrassment to Legal Trouble
Let’s talk about what can actually happen when your health data is shared or exposed. These aren’t just abstract risks—they can have very real effects on your life.
- Embarrassment and stigma: Imagine seeing ads about pregnancy or fertility on your social media feed, even though you never shared that information with those platforms. Or picture a family member using your device and seeing targeted ads based on your mental health status.
- Discrimination: Employers, insurers, or schools could potentially access or purchase data about your health from data brokers. This information could be used to make decisions about hiring, coverage, or admission.
- Legal consequences: In some regions, reproductive health data could be used in legal investigations or court cases. After the overturning of Roe v. Wade in the U.S., there’s increased concern that period or pregnancy data could be subpoenaed.
- Data breaches: A 2026 security analysis found that 10 Android mental health apps with over 14 million downloads had more than 1,500 vulnerabilities. Sensitive information like therapy notes or medication lists could be exposed in a breach.
- Loss of trust: Discovering that an app you trusted has sold or leaked your data can lead to anxiety, stress, and a reluctance to seek help in the future.
These consequences aren’t just possible—they’ve already happened to millions. And while companies may face fines, the burden usually falls on the user to pick up the pieces.
How to Tell If Your Health App Is Sharing Your Data
Most apps don’t make it easy to see what’s being shared. Still, there are steps you can take to get a clearer picture:
- Read the privacy policy: Look for language about third-party sharing. If the policy mentions advertisers, analytics partners, or data brokers, your data is almost certainly being shared.
- Check your phone’s permissions: On both Android and iOS, you can see which apps have access to your location, contacts, or other sensitive data. Revoke permissions that don’t make sense.
- Monitor the ads you see: If you start getting ads related to your health data on other apps or websites, that’s a red flag your information is being shared.
- Look for transparency reports: Some privacy-focused apps publish reports about what data they collect and share. If your app doesn’t, that’s worth noting.
- Search for news or reviews: A quick online search for your app’s name plus "privacy" or "data sharing" can reveal any past scandals or issues.
It shouldn’t be this hard to find out, but for now, a little detective work goes a long way.
Five Steps That Actually Reduce Your Risk
You can’t control what every company does, but you do have options. Here are practical, effective steps you can take today:
- Limit what you share: Only enter the information you absolutely need to get value from the app. Skip optional questions about sexual activity, detailed symptoms, or location unless it’s essential for you.
- Choose privacy-focused apps: Look for apps that store data locally (on your device, not the cloud), don’t require an account, and offer end-to-end encryption (meaning only you can access your data). There are a handful of period and mental health apps that advertise strong privacy features—do some research before downloading.
- Regularly delete your data: Many apps let you erase your data or export and remove it. Make this a habit, especially if you’re switching apps or no longer need the service.
- Review app permissions: Go through your device settings and revoke permissions that aren’t necessary. For example, a period tracker doesn’t need access to your contacts or microphone.
- Stay informed: Privacy policies and app practices can change. Set a reminder to review your most-used health apps every few months, and keep an eye on privacy news for any major incidents.
None of these steps guarantee perfect privacy, but together, they make it much harder for your sensitive health data to be misused.
What Companies and Regulators Should Be Doing—But Aren’t
Let’s be honest: the responsibility for protecting health data shouldn’t fall entirely on users. Too many companies bury important details in legal jargon or make privacy settings confusing on purpose. Regulators have started to take action—the FTC fines against Flo and Premom are a start—but most health apps still operate with minimal oversight.
There’s a desperate need for clearer rules and real enforcement. Until that happens, companies should be required to:
- Obtain clear, informed consent before collecting or sharing sensitive health data.
- Offer easy-to-use privacy controls and the ability to delete your data at any time.
- Be transparent about who gets access to your information and why.
- Use strong security measures to protect user data from breaches and leaks.
Until these changes are made, users are left to fend for themselves in a system that too often puts profits over privacy.
Broader Implications: Why This Isn’t Just About Health Apps
What’s happening with health apps is part of a bigger pattern. As more parts of our lives move online, companies are collecting and monetizing data in ways most people never agreed to. Health data is especially sensitive, but the same tactics are used by everything from shopping apps to smart TVs.
If we don’t demand better protections now, the risks will only grow. Today it’s your period or mental health status; tomorrow it could be your genetic information or family history. The choices you make about privacy today set the tone for what’s possible in the future.
Final Thoughts: Protecting Yourself in a World That Won’t
It’s frustrating—and frankly, unfair—that the burden of privacy falls on users. But until companies and regulators step up, your best defense is awareness and action. By understanding what’s at stake and taking a few practical steps, you can reclaim some control over your most sensitive information.
Remember: your health data belongs to you. Don’t let anyone convince you otherwise. Stay skeptical of any app that asks for more than it needs, and don’t hesitate to walk away if you don’t trust how your data will be handled. You deserve tools that help you—not ones that sell you out.

