Flo

Our Findings

• Security infrastructure is strong — dual ISO 27001 and ISO 27701 certification, AES-256 encryption, and a genuinely innovative Anonymous Mode that makes re-identification structurally difficult. The current privacy policy is specific and lists 20+ third-party processors, each with a linked privacy policy. These are real credentials. They exist, however, alongside the worst privacy track record in our reviewed set: an FTC settlement for fraudulent misrepresentation about health data sharing affecting tens of millions of users, a class action settlement for unlawfully transmitting intimate health data to Meta and Google for advertising purposes, and a new California class action filed in August 2024 — three years after the FTC settlement — alleging substantially similar conduct. Regulatory oversight and ISO certification are meaningful deterrents, but they do not erase documented harm or resolve active litigation.

Strengths

• Dual ISO 27001 (security) and ISO 27701 (privacy) certification — the only period tracker with both; strongest security certification profile reviewed to date
• AES-256 encryption at rest, TLS 1.2/1.3 in transit, documented on security page
• Anonymous Mode: technically innovative feature separating health data from personal identifiers using Oblivious HTTP; recognized by TIME Best Inventions 2023 and Fast Company World Changing Ideas 2023; first period tracker to offer this level of structural privacy protection
• Privacy policy names 20+ third-party processors with specific purposes and linked privacy policies
• Multiple user control mechanisms: in-app account deletion, data export, dedicated DPO contact (dpo@flo.health), GDPR rights documented
• Explicit no-sell commitment stated in Privacy Policy and prominently on Anonymous Mode page
• GDPR and UK GDPR compliance with specific legal references; FTC settlement requires affirmative consent before any advertising data sharing going forward

Weaknesses

• FTC settlement (2021) for fraudulent misrepresentation: Flo explicitly promised not to share health data with third parties, then transmitted intimate health app events — pregnancy status, period dates, symptoms — to Facebook, Google, Flurry, and AppsFlyer via SDKs without user knowledge or consent
• Class action settlement (Frasco v. Flo Health) for unlawfully sharing users' intimate health data with Meta and Google for targeted advertising; affected 38M+ active monthly users over multiple years
• New California class action filed August 2024 alleging substantially similar conduct, filed three years after the FTC settlement — active litigation, outcome pending
• Current privacy policy still permits data sharing with AppsFlyer and Firebase for advertising analytics, with consent — the same platforms implicated in the original violations
• Google Play Data Safety label understates third-party data relationships, creating a materially different impression for users who don't read the full privacy policy
• Violations were systematic rather than isolated: hidden SDKs enabling undisclosed health data transmission were an architectural feature of the app, not an accidental breach

What We Couldn't Find

• Results or findings from the independent privacy audit completed March 2022 per FTC settlement requirements
• Confirmation that the August 2024 California class action has been resolved
• Documentation of what specific changes were made to SDK data transmission practices post-FTC settlement
• Named ad network partners beyond AppsFlyer and Firebase

Our Findings

• Accuracy profile shows extensive research infrastructure - 140+ doctors reviewing all content, a dedicated team of 20 research scientists, published peer-reviewed studies including a randomized controlled trial, and substantive partnerships with Mayo Clinic, Johns Hopkins, Yale, and Northwestern. The company is transparent about what its predictions can and cannot do — explicitly disclaiming that period and ovulation predictions should not be used for birth control or conception planning. The core gap is the same one we've seen across the category: no independent, externally-funded validation of period or ovulation prediction accuracy against a clinical gold standard. User satisfaction is high, but self-reported satisfaction is not clinical validation. Regulatory status is appropriately N/A for a wellness product making no diagnostic claims.

Strengths

• Dedicated internal science team of 20 research scientists with PhDs in bioengineering, reproductive biology, genetics, and health economics — the largest internal research team reviewed to date
• Published RCT evaluating app impact on health literacy and wellbeing (JMIR mHealth and uHealth, 2023) — one of the few femtech products with randomized controlled trial evidence
• Peer-reviewed publications in BMJ Public Health, Nature journals, Archives of Women's Mental Health, and Reproductive Biology and Endocrinology
• Substantive institutional partnerships with Mayo Clinic (800,000+ cycles studied), Johns Hopkins, Yale, Northwestern, and University of Virginia
• Symptom checker (endometriosis, fibroids, PCOS) validated in clinical vignettes study with published sensitivity and specificity data — the most specific algorithm validation found across all reviewed products
• 140+ doctors and health experts reviewing all content against current clinical guidelines; AWS MACROS system for AI-assisted medical content accuracy at scale
• FSA/HSA eligible — implies meaningful level of clinical credibility recognized by benefits administrators
• Explicit, prominent transparency about prediction limitations: ovulation cannot be predicted with 100% accuracy; predictions should not be used for birth control or conception; accuracy improves with consistent logging

Weaknesses

• No independent, externally-funded validation of core period or ovulation prediction accuracy against a clinical gold standard found across all sources reviewed
• Published research measures health literacy and knowledge improvements, symptom patterns, and population-level cycle characteristics — not prediction algorithm accuracy
• Clinical validation studies are company-funded or conducted by Flo's internal science team; no third-party algorithm audits identified
• Website claim that "90% of users said Flo accurately predicts the start of their period" is sourced to AppFollow (a review aggregator) — user self-report, not clinical validation, presented in a context that implies accuracy evidence
• Marketing emphasizes fertility tracking and conception support, while Terms of Service disclaims that predictions should not be used for conception planning — the same marketing/disclaimer tension identified in Clue
• No regulatory clearance for any feature; appropriate for wellness classification, but means no external accuracy verification has been required or completed

What We Couldn't Find

• Independent third-party validation studies of period or ovulation prediction accuracy
• Algorithm transparency documentation or technical methodology for core prediction features
• Externally-funded accuracy studies not involving Flo's internal science team
• Source documentation for the "90% accuracy" user satisfaction claim beyond AppFollow aggregation

Our Findings

• Organizational foundation has a large and highly credentialed medical advisory structure — 140+ named experts from institutions including Yale, Johns Hopkins, and the University of Virginia — and a mission that is specific, measurable, and backed by named partnerships and quantified outcomes. Leadership includes a practicing MD as CMO and a founder-CEO with relevant scientific training. Thought leadership is active and institutionally credible. The meaningful deduction is on marketing alignment: Flo's core brand promise for years was data protection, and the FTC found that promise was fraudulently made. The Google Play Data Safety label discrepancy suggests this tension between stated values and actual practice is not entirely historical. Current disclosures are more transparent, which matters, but doesn't erase a documented pattern.

Strengths

• 140+ named medical experts spanning women's health, research, and bioethics from Yale, Johns Hopkins, University of Virginia, Texas Christian University, and others — the largest and most credentialed advisory structure reviewed to date
• CMO Anna Klepchukova is a practicing MD with anesthesiology and clinical trials background; brings direct clinical credibility to product and content decisions
• CEO Dmitry Gurski has pharmaceutical chemistry training and Stanford executive education; co-founded Flo after identifying a specific, documented gap in women's health services
• Mission is specific and measurable: Mayo Clinic partnership studying 800,000+ cycles, Pass It On Project reaching 28M+ women in 58 countries, explicit commitment to evidence-based content
• Active thought leadership with peer-reviewed publications and conference presence at FIGO and the European Board and College of OB-GYN — medical team engagement is substantive, not performative
• Inclusive content design: 19+ LGBTQ+-specific health articles, trans and non-binary resources, Anonymous Mode as a structural privacy commitment

Weaknesses

• Core brand promise — data protection — was found by the FTC to have been fraudulently stated; Flo explicitly promised not to share health data while systematically doing so via hidden SDKs for multiple years; this is a direct contradiction between stated values and documented practice
• Class action settlements for unlawfully sharing intimate health data with Meta and Google for advertising purposes further document the gap between brand values and behavior
• Google Play Data Safety label currently states no third-party data sharing while Privacy Policy explicitly lists 20+ processors — suggests inadequate monitoring of public-facing brand claims, three years after the FTC settlement
• Founders are tech entrepreneurs who built into women's health rather than practitioners who came from it — relevant context for evaluating mission authenticity alongside the privacy history

What We Couldn't Find

• Public statement from CEO or leadership specifically addressing the Google Play Data Safety label discrepancy
• Evidence of internal governance changes made post-FTC settlement to prevent future marketing misrepresentation
• Named bioethics advisors on the advisory board despite bioethics listed as a specialty area

Our Findings

• Flo's equity profile is strongest where it has invested most visibly: global reach and economic access in underserved markets. The Pass It On Project — providing free Premium access to 28M+ women in 58 countries, with documented knowledge-improvement outcomes — is the most substantive economic-accessibility initiative we've reviewed in this category. UNFPA partnership, 20+ language support, and cross-cultural research across 52+ countries add further credibility. Where Flo underperforms is in representation and domestic economic accessibility: no documented visual diversity in marketing, no income-based assistance for low-income users in developed markets, and no published research validating efficacy across racial, disability, or body-diversity populations, despite having one of the largest user bases in consumer health tech.

Strengths

• Pass It On Project providing free Premium to 28M+ women in 58 underserved countries, with published evidence of 19% menstrual health knowledge improvement — the strongest economic accessibility initiative reviewed to date
• UNFPA partnership for global reproductive health education — substantive institutional relationship, not a marketing affiliation
• 20+ language support with app and website localization across global markets
• Comprehensive LGBTQ+ content: 19 dedicated articles, explicit trans and non-binary resources, design support for diverse reproductive scenarios
• Cross-cultural research validation drawing on 19M+ users across 52+ countries, with peer-reviewed publications in BMJ Public Health (2025) and Nature
• Support for diverse reproductive life stages: irregular periods, perimenopause, pregnancy, and conception tracking — not a single default user model
• FSA/HSA eligibility since October 2024, providing a tax-advantaged pathway for US users
• Dedicated accessibility manager and partial WCAG 2.2 AA compliance — more documented accessibility infrastructure than most reviewed products

Weaknesses

• No documented visual diversity in app imagery, marketing materials, or testimonials — cannot verify race, body size, age, or disability representation despite 400M+ user base
• Pass It On Project is geography-based, not income-based: low-income users in developed markets (US, UK, EU) receive no equivalent benefit; no sliding scale, no Medicaid coverage, no income-based assistance documented for these users
• Specific NGO and community health organization partnerships not named on the prosocial initiative page beyond UNFPA — implementing partner transparency is limited
• WCAG 2.2 AA compliance is partial, with no documented remediation timeline for outstanding gaps
• No published research specifically validating prediction accuracy or app efficacy across racial, disability, or body diversity populations despite global scale
• User satisfaction not broken down by demographic group — cannot verify equitable experience across diverse user populations

What We Couldn't Find

• Named NGO or community health implementing partners for the Pass It On Project beyond UNFPA
• Visual diversity documentation for app imagery and marketing materials
• Income-based pricing assistance for users in developed markets
• Research validating efficacy specifically across racial, disability, or body diversity populations
• WCAG remediation timeline or specific accessibility gap documentation