Menstrual tracker Stardust shares users’ health data with the analytics company, according to Mozilla research


“Your data is private. Period,” says menstrual tracker Stardust on its website. As new research by Mozilla has discovered, some users may find this claim exaggerated.

according to Latest findings from Mozilla When examining the privacy practices of menstrual tracking apps, it was found that Stardust shares users’ sensitive health information with third-party analytics company RudderStack. This data included the user’s date of birth, type of birth control, reproductive goals, and specific symptoms the user was experiencing, and linked this record to a unique identifier rather than a person’s name. (The Federal Trade Commission has Long warned This does not anonymize the data or prevent it from being linked back to a person.)

Mozilla research underscores the security and privacy risks with menstrual tracking and other health apps that share data with third parties. This often occurs as background activity within the app, and is not visible to the user. It’s not uncommon for apps to share data with other services for storage, analytics, and payments, but sharing user information with third parties inherently carries risks, such as potential security vulnerabilities, data breaches, or data acquisition sought by law enforcement.

TechCrunch previously wrote about Stardust in 2022 after app downloads increased following the repeal of the constitutional right to seek an abortion in the United States. Stardust claimed it was end-to-end encrypted, meaning even the company couldn’t access its users’ data, but TechCrunch discovered this by analyzing the app’s network traffic. That the company’s claim was false.

Mozilla security researcher Shoshana Wodinsky used a similar technique to analyze network traffic for several menstrual trackers, including Stardust, to understand how apps collect and share data (if at all) with third parties. Wodinsky found that Stardust was the only one of the six apps tested that shared a user’s sensitive health data with another company.

As quoted BBC Newsa Stardust spokesperson said that RudderStack is “contractually prohibited from selling it or using it for its own purposes.” As US-based companies, both Stardust and RudderStack may still receive requests for user information from law enforcement regarding users’ health information stored on their servers.

Stardust founder Rachel Moranis did not respond to TechCrunch’s request for comment on Thursday, or questions about whether the company has received requests for its users’ data. A company spokesperson acknowledged receipt of the email but did not provide comment.

Of the six apps Wodinsky tested, Mozilla recommended Euki as “completely clean,” as the app was not seen to share any data with third parties with its basic features, and the user’s health data did not leave their devices.

When you make a purchase through the links in our articles, We may earn a small commission. This does not affect our editorial independence.

Leave a Reply

Your email address will not be published. Required fields are marked *