The App That Knows You Better Than Your Doctor
Open your period tracker. Scroll through the last few months.
It knows when your period started and ended. How heavy the flow was. What symptoms you had โ the cramps, the headaches, the mood shifts. Whether you were intimate, and when. What medications you took. Maybe even what your temperature was each morning.
Now ask yourself: who else has access to this?
If your app required an account to set up โ an email address, a password, maybe a phone number โ then all of that data is sitting on a server somewhere. Linked to your name. Stored by a company. Governed by a privacy policy that can change at any time.
For most of the history of period tracking apps, people didn't think much about this. It was just a convenient tool. Log your cycle, get predictions, move on.
Then the legal landscape changed.
When Period Data Became Evidence
In June 2022, the U.S. Supreme Court overturned Roe v. Wade, removing the federal right to abortion and returning regulation to individual states. Within months, several states enacted strict restrictions or outright bans.
Almost immediately, a question surfaced that most people had never considered: could period tracking data be used as evidence?
The answer, it turned out, was yes. Not theoretically โ actually. Law enforcement agencies began issuing subpoenas and warrants for digital data, including health app records. Prosecutors started looking at search histories, location data, and โ in at least one widely reported case โ period tracking app data to establish timelines around suspected pregnancies.
The data you logged to understand your own body could now potentially be used against you in a courtroom.
This isn't a hypothetical worst-case scenario. It's the current legal reality in parts of the United States, and similar legislative shifts are being debated in other countries.
The reaction was immediate. Flo Health โ the most popular period tracker at the time โ rushed to introduce an "Anonymous Mode" after facing backlash and a previous FTC settlement over sharing user data with Facebook and Google. Stardust saw its downloads spike as users searched for alternatives. Millions of people deleted their period trackers entirely. But here's the part most people missed: deleting an app doesn't delete data that's already been synced to a company's servers. The data was already gone โ just not in the way they hoped.
The Account Problem
Here's what most people miss: the risk isn't just that a company might share your data voluntarily. It's that they can be compelled to hand it over.
When you create an account with a period tracking app, you create a chain:
Your name โ your email โ your account โ your cycle data โ a company's serverEvery link in that chain is a point of vulnerability. The company can be subpoenaed. The server can be breached. An employee can access records. A policy can change. An acquisition can transfer your data to a new owner with different values.
And unlike a conversation with your doctor โ which is protected by medical privilege in most jurisdictions โ data stored by a commercial app typically has far weaker legal protection.
The company doesn't need to be malicious. They don't even need to be careless. They just need to exist as a third party holding your data. That alone creates the vulnerability.
What a Period Tracker No Account Means in Practice
A period tracker with no account isn't just about skipping a sign-up screen. It fundamentally changes what's possible โ and what isn't.
With an account:- Data is stored on the company's servers
- Data is linked to your identity (email, phone number, name)
- Company can be legally compelled to produce records
- Data survives app deletion (it's still on their servers)
- Breaches expose your information
- You need to trust the company's policies, and every future policy change
- Data exists only on your physical device
- No identity link โ the company doesn't know who you are
- Nothing to subpoena โ the company doesn't have your data
- Delete the app, data is permanently gone
- No server means no breach
- Trust is irrelevant โ architecture replaces policy
This is the difference between "we choose not to share your data" and "we can't share your data because we don't have it."
The first is a business decision. The second is a technical fact.
Why Encryption Matters as Much as Architecture
Local storage is the foundation, but it's not the whole picture. If your data lives on your device but isn't encrypted, anyone with physical access to your phone could potentially extract it.
Real privacy for period data requires both:
1. No cloud, no account โ the data never leaves your device 2. Strong encryption โ even if someone gets your phone, the data is unreadable without your authentication
This is particularly relevant in scenarios where devices might be seized or examined. Unencrypted local data is better than cloud data, but encrypted local data is what actual protection looks like.
How sCycle Was Built for This Reality
We didn't build sCycle and then add privacy features later. Privacy was the first architectural decision, and everything else was built on top of it.
Here's what that looks like in practice:
- No account, no identity โ open sCycle and start tracking. No email. No phone number. No name. We don't know who you are, and we have no way to find out.
- AES-256 encryption โ your cycle data is encrypted on your device. In practical terms: even if your phone were seized and the storage physically imaged, the data can't be read without your biometric authentication. It's not a padlock โ it's a wall.
- Biometric app lock โ optional Face ID, Touch ID, or fingerprint protection. If someone picks up your phone, they can't open sCycle without your face or fingerprint.
- 100% offline โ sCycle never connects to our servers. There is no server. The app works entirely without internet.
- No analytics, no tracking โ we don't know how often you open the app, what you log, or when your period starts. We know nothing about you.
- On-device AI โ cycle predictions, fertile window estimates, and pattern recognition all run locally. Your data never touches an external service.
Full-Featured, Fully Private
None of this comes at the cost of functionality. sCycle does everything you'd expect:
- AI-powered cycle predictions that improve over time
- Symptom and mood logging
- Flow intensity tracking
- Cycle analytics and trend insights
- Fertile window estimates
- Customizable reminders
- Data export in CSV and JSON formats
The difference isn't what sCycle does. It's what it doesn't do โ collect your identity, store your data on servers, or create any link between you and your most intimate health information.
The Export Question
If data only lives on your device, what about backups?
sCycle lets you export your data in standard formats โ CSV and JSON โ so you can store it wherever you trust. An encrypted drive, a password-protected folder, wherever feels right to you.
We can't restore your data because we never had it. If your phone is lost without a backup, the data is gone. That's a real trade-off, and we think it's the right one for data this sensitive.
Beyond the U.S. โ A Global Concern
While the post-Dobbs conversation has been loudest in the United States, the underlying issue isn't uniquely American.
Reproductive rights are contested in many countries. Legislation changes. Governments change. What's legal today might not be tomorrow, and data collected under one legal framework can be accessed under a different one.
Building a period tracker that doesn't collect identifying data isn't about responding to one country's politics. It's about recognizing that intimate health data deserves structural protection โ the kind that doesn't depend on which party is in power or what a court decides next year.
The Simplest Privacy Test
Here's a quick way to evaluate any period tracker's privacy claims:
1. Does it require an account? If yes, your data is on their servers, linked to your identity. 2. Does it work offline? If no, it's sending data somewhere. 3. Can the company see your data? If yes, so can a subpoena. 4. What happens when you delete the app? If your data persists on their servers, you haven't really deleted anything.
A period tracker no account requirement passes the first test. But real privacy requires passing all four.
Your Cycle, Your Business
You shouldn't need to think about legal implications when logging your period. You shouldn't need to weigh the risks of tracking your own body. This is basic health awareness โ the kind of information that helps you understand yourself, notice changes, and have informed conversations with your doctor.
The fact that it's become a legal risk for some people is a failure of policy, not a reason to stop tracking. The answer isn't less information about your own health. It's better tools that keep that information where it belongs.
Track your cycle because understanding your body matters. Keep it private because it's nobody else's business.
Your cycle. Your device. Your right.
