Flo, a widely used period and fertility-tracking app, has reached a settlement with the Federal Trade Commission over allegations the company shared users' health data it had promised to keep private.
The FTC alleges that Flo disclosed health information as sensitive as a user's pregnancy to third parties -- including Google and Facebook's analytics units, and mobile analytics services AppsFlyer and Flurry -- and did not limit how the third parties could use the health data.
The app had told users that their data would only be used to help provide the app's services to them, according to the FTC.
As part of the settlement, announced Wednesday, Flo Health, the developer of the app, is prohibited from misleading users about its data-handling practices and must obtain an independent review of its privacy practices.
Flo must also "notify affected users about the disclosure of their personal information and instruct any third party that received users' health information to destroy that data," according to the FTC.
"Apps that collect, use, and share sensitive health information can provide valuable services, but consumers need to be able to trust these apps," Andrew Smith, director of the FTC's Bureau of Consumer Protection, said in a statement. "We are looking closely at whether developers of health apps are keeping their promises and handling sensitive health information responsibly."
MORE: Single mom-to-be designing app to improve the fertility process for other single womenThe Flo app is used by more than 100 million consumers, according to the FTC.
In addition to period and ovulation tracking, the app also offers its users health articles and insight, tools to track babies' development and connections with other women around the world, according to its website.
The app says it has 36 million monthly active users.
MORE: Want to get pregnant? There's an app for that, but will it help?In its settlement with the FTC, Flo did not admit to any wrongdoing, saying in a statement, in part, "We did not at any time share users' names, addresses, or birthdays with anyone. We do not currently, and will not, share any information about our users' health with any company unless we get their permission."
At Flo our highest priority is protecting our users' data which is why we have cooperated fully throughout the FTC's review of our privacy policy and procedures. See our full statement here: https://t.co/CPQadt0iUX
— Flo Period Tracker (@flotracker) January 13, 2021
"We are glad to have reached an agreement with the FTC and resolved the matter," Flo added in its statement. "We will be conducting a compliance review into our policies and procedures as requested as part of the Consent Agreement and providing the FTC with regular updates. We are committed to ensuring that the privacy of our users' personal health data is absolutely paramount."
The FTC shared tips this week for consumers using health apps.
Using a health app? Here are some ways to protect your privacy and reduce the chance of identity theft and other fraud:
— FTC (@FTC) January 13, 2021
1. Compare options on privacy. When you're considering a health app, ask some key ?s: Why does the app collect your info? How does the app share info? /4 pic.twitter.com/r40YzgT2qc
3. Know the risks. Are the health app's services worth risking your personal information getting into the wrong hands? /6 pic.twitter.com/0zorrHNgF7
— FTC (@FTC) January 13, 2021
When using apps like Flo, the FTC recommends users compare options on privacy, make sure the app is up to date and has settings that let you control your health information and know the risks of your personal information "getting into the wrong hands."