Privacy × femtech · 7 min
Anonymous accounts in femtech: what's behind the label
Most period-tracking apps advertise an "anonymous account" as a privacy guarantee. In practice it's a marketing term, not a technical one — and it rarely means what users assume it means.
Why cycle data is unusually sensitive
Menstrual cycle, pregnancy, miscarriage, attempts to conceive, libido, medications, mental symptoms — it's one of the densest health datasets a person can record about themselves. In several jurisdictions (the US after Dobbs, countries with restrictive abortion laws) this data can be subject to law-enforcement requests. Independently of that — it is unusually valuable to advertisers, because it predicts purchasing behaviour better than almost any other category.
What "anonymous account" usually means
Usually: "we don't require an email at signup." That's it. The account is still linked to:
- A device identifier (advertising ID, IDFA on iOS, GAID on Android) — a stable or semi-stable number tied to the phone.
- The IP address on every server request — enough to associate the account with a location and often with a specific person.
- A device fingerprint — combination of phone model, OS version, language settings, time zone, list of installed fonts. In practice unique.
- Ad SDKs (Facebook, Google, AppsFlyer, Adjust) — embedded in the app, sending events to third parties regardless of whether you have an account.
In other words: the absence of an email does not make the data unidentifiable. The identifier is just different.
What happens during a breach
If the database leaks or is sold, "anonymous" accounts can usually be de-anonymised by matching the device identifier against other databases in which the same identifier appears alongside an email or phone number. The technique is well-known and used commercially by data brokers.
AI in health apps
More and more apps add AI: a chatbot, "smart insights", personalised recommendations. Three things worth knowing:
- If the app sends your data to an external model (OpenAI, Anthropic, Google), it is processed on someone else's servers, under that company's terms — not the app's.
- Some model providers reserve the right to train on user data unless the customer pays for a tier with explicit opt-out.
- Data you paste directly into the public ChatGPT, Gemini or Claude is not anonymous — it is linked to your account with the AI provider, regardless of what the app you copied the text from promises.
What to actually check in a privacy policy
Privacy policies are long and deliberately vague, but a few specific phrases tell you more than the rest:
- "We may share data with advertising partners" — data goes to third parties, regardless of "anonymity".
- "Aggregated and de-identified data" — selling data in "aggregated" form is standard practice. "De-identified" rarely means irreversibly.
- The list of "third-party processors" — if you see Facebook, Google Ads, AppsFlyer, Adjust, Mixpanel, Amplitude — your in-app events are sent there.
- No mention of "end-to-end encryption" for note contents — by default assume a company employee can read them.
- "We may disclose data in response to legal process" — a standard clause, but for cycle and pregnancy data it has real consequences in some jurisdictions.
What local data (on-device) gives you
An app that keeps data locally on the phone and does not send it to a server has a fundamentally different risk profile. There's no server-side database that can leak. No events streamed to advertisers. No log a support employee can open after logging into an admin panel. This is not "a better privacy policy" — it is a different architecture, in which some risks simply do not exist.
Trade-off: no cross-device sync without an explicit user decision. Some people don't want that — and it's a sensible choice if it's a conscious one.
Questions worth asking the app
- Does my data leave the phone? If so — when, where to, in what form.
- Can I use the app without an account? If yes — does data still go to the server without an account?
- Are there tracking SDKs in the app (Facebook, Google, AppsFlyer, Adjust)? The privacy policy must disclose this.
- Can I export all my data and delete it? How long are backups retained after account deletion?
- Do you use AI? If yes — whose, under what terms, does it train on my data.
A practical heuristic
If an app is free and looks polished — running it costs money. The question isn't "do you pay with data", it's "to whom and how much". An app on a subscription model with no ads and no tracking SDKs has a clearer business model. None of this is a privacy guarantee, but it gives you a starting point for judgement.