Does Flo sell your data?

Flo says it does not sell personal data. In 2021 it settled allegations by the U.S. Federal Trade Commission that it had shared sensitive health information with third parties — named in the FTC's complaint as Facebook, Google and others — despite telling users it would keep that data private. The settlement included no fine and no admission of wrongdoing; Flo agreed to obtain consent and an independent privacy review, and says it has changed its practices. So the honest answer is: not sold per its current policy, but with a settled regulatory matter in its past.

What is Flo's Anonymous Mode and does it make Flo private?

Anonymous Mode lets you use Flo without linking your name, email, or device identifiers to your health data. It's a genuine improvement and unusual among big trackers. But your cycle data still lives on Flo's servers — Anonymous Mode reduces who can connect that data to you, it doesn't move the data off Flo's infrastructure. It's privacy by policy and de-identification, not privacy by architecture.

Is Flo safe to use after Dobbs?

Flo is UK-based and added Anonymous Mode partly in response to post-Roe concerns. For most users in most situations it's reasonably safe. The residual risk is that any company holding readable health data on a server can, in principle, be compelled to produce it, or suffer a breach. If that worst-case matters to you, an on-device tracker that holds no copy of your data removes the risk entirely rather than mitigating it.

What's the most private alternative to Flo?

On-device trackers that keep no server copy — Dew, Euki, or Drip — are structurally more private than Flo, because there's nothing for the company to share, sell, or surrender. Apple Health is also private but is more of a vault than a full tracker. See our roundup of private alternatives to Flo for the trade-offs of each.

Is Flo safe? An honest 2026 privacy review

Flo is the most-used period app in the world, and the one with the most complicated privacy history. Here's the honest, sourced version — what's true in 2026, and what to weigh.

Short answer: Flo today is more careful than it used to be — it says it doesn’t sell your data, it’s certified against recognised privacy standards, and it offers an Anonymous Mode that few rivals match. But Flo also settled an FTC matter in 2021 over allegations it shared health data it had promised to keep private, and your cycle still lives on Flo’s servers. Whether that’s “safe enough” depends on what you’re protecting against.

Let’s go through it without the marketing gloss on either side.

The thing you need to know first: the 2021 FTC case

In 2021, the U.S. Federal Trade Commission alleged that Flo had shared users’ sensitive health information — including when someone was trying to conceive — with third parties named in its complaint as Facebook, Google and others, despite promising users it would keep that information private. Flo settled the matter — with no fine and no admission of wrongdoing — and agreed to obtain user consent and submit to an independent privacy review. (Source: the FTC’s public case record.)

This matters not because Flo is uniquely bad — data sharing was, and still is, common across the category (we cover the wider picture in are period tracker apps safe?). It matters because it shows the gap a privacy promise can open up: a promise can be broken, disputed, or quietly changed. That’s the core reason we think architecture beats policy — more on that below.

What Flo says it does in 2026

Flo’s current public position is, broadly:

It does not sell your personal data.
It’s based in the UK and operates under GDPR, a relatively strict privacy regime.
It encrypts data and holds external privacy/security certifications.
It offers Anonymous Mode for users who want to de-link their identity.

Taken at face value, that’s a meaningfully better posture than the 2019-era Flo that the FTC investigated. Credit where due: of the big mainstream trackers, Flo has invested the most visibly in privacy features.

What Anonymous Mode actually does (and doesn’t)

Flo introduced Anonymous Mode in 2022, in the wake of the U.S. Supreme Court’s Dobbs decision and the surge of concern about period data being used in legal contexts. It lets you use the app without connecting your name, email address, or technical identifiers to your health data.

That’s real and useful. But be precise about what it changes:

It de-identifies, it doesn’t relocate. Your cycle data still sits on Flo’s servers. Anonymous Mode reduces how easily that data can be tied back to you — it doesn’t mean the data isn’t there.
It depends on Flo’s implementation. You’re trusting that the de-identification is robust and that it stays that way. That’s a reasonable trust to extend; it’s still trust, not a guarantee baked into where the data physically lives.

Compare that with an on-device model, where there is no server copy to identify in the first place. We explain that distinction in what makes a period tracker private.

So — is Flo safe? It depends on the threat you care about

Be honest with yourself about what “safe” means for you:

“I don’t want ads following me around.” Flo’s current no-sell policy plus Anonymous Mode makes this low-risk today.
“I don’t want my data tied to my identity.” Anonymous Mode addresses this directly, better than most competitors.
“I never want a company to hold readable data about my cycle at all.” Flo can’t satisfy this — its model keeps your data on its servers. No amount of policy changes the fact that a copy exists somewhere a company controls. For this threat model, you want a tracker that holds no copy.

The honest comparison

We build a competing app, Dew, so weigh this knowing our bias. Our view is simple: Flo is a polished, increasingly privacy-conscious app that has earned some of its improved reputation — and it still asks you to keep your cycle on its servers. If that trade is fine for you, Flo is a reasonable choice. If it isn’t, the alternative isn’t a worse app; it’s a different architecture.

For the side-by-side, see Flo, Clue, Stardust, Dew compared and our list of private alternatives to Flo. If you decide to leave, we wrote a clean exit guide: how to switch from Flo to a private period tracker.

The bottom line

Flo in 2026 is safer than its reputation suggests, and less private than its marketing implies. It’s not selling your data, it gives you real tools to protect your identity, and it operates under GDPR. But its safety rests on Flo continuing to keep its promises — and history shows those can change. If you want safety that doesn’t depend on a promise, choose a tracker where the company simply never has your data.