When the menstrual tracking app Flo went to trial for allegedly sharing intimate health data with Meta and Google, the company's defense raised eyebrows:
\"Is Flo a provider of health care? No. Are Flo's users its patients? No. Did Plaintiffs file their claims on time? No. Did Plaintiffs agree to Flo's privacy policy? Yes.\"
That defense may have been legally sound, but it sidesteps a deeper issue: in wellness tech—especially where women's health is concerned—users aren't just customers. They're people entrusting you with their bodies, routines, and vulnerabilities. Saying \"they agreed to the privacy policy\" doesn't absolve companies of the obligation to design with care.
The market delivered its verdict on that defense strategy. Just days after a federal judge approved Flo's settlement and dismissed the remaining class action claims, a San Francisco jury found Meta Platforms liable under California's Invasion of Privacy Act, ruling that it had intentionally intercepted sensitive menstrual health data from millions of Flo users via embedded SDKs. With penalties of up to $5,000 per violation, Meta now faces potential liabilities in the billions—roughly half of Fitbit's total acquisition price.
This wasn't an isolated case. The Flo litigation involved multiple defendants: Flurry Analytics (now defunct) settled for $3.5 million, Google settled for an undisclosed sum, and Flo itself had previously settled with the FTC in 2021, agreeing to clearer disclosures and independent privacy oversight (FTC Press Release). The pattern reveals how embedded technologies that developers don't fully control can create massive liability exposure.
Meta's loss establishes a new precedent: even when companies believe they're legally protected, juries may hold them to a higher standard when intimate health data is involved.
The Meta verdict highlights a critical flaw in how the tech industry interprets user consent. The idea that someone clicked \"agree\" doesn't mean they understood—especially when the average privacy policy requires a graduate-level education to comprehend. Most privacy policies are legal labyrinths designed to protect the company, not inform the user. Consent in this context isn't trust—it's compliance. The Meta case underscores that a policy on paper, no matter how carefully worded, won't shield a company from accountability if its design choices ignore the spirit of meaningful consent and data minimalism.
In femtech, that gap matters. Because even when data sharing is technically allowed, it may still feel like a betrayal.
Many apps use third-party software development kits (SDKs)—bundles of prewritten code from companies like Google and Meta. These SDKs are often added for analytics, crash reporting, or marketing—but they can also transmit sensitive user data back to external platforms.
Flo's app included such SDKs, and data about menstrual cycles, sexual activity, and fertility intentions may have been exposed as a result (Courthouse News). Even if that data wasn't abused, its unintended transmission is a trust issue—not just a legal one. And often, it's not even intentional—just embedded in the tools apps rely on by default. Defaults shape outcomes.
What many users don't realize is that even when an app doesn't share the content of what you input—like a note or a symptom—you can still be identified through metadata. Metadata is the data about your data: when you opened the app, how often you used certain features, which buttons you clicked, what time of day you logged something. When combined, these behavioral patterns can closely mimic or even predict the real information you entered. This is why even 'anonymized' health data isn't truly anonymous—behavioral fingerprints are often more revealing than the raw data itself.
A third party might never see your exact entry—\"cramps on day 24.\" But they could easily infer your cycle, sleep, stress, or activity patterns based on how and when you use the app. For example, if a user logs in daily and opens the symptom tracker around the same time each month, that behavior alone can signal where they are in their cycle. And if that metadata is collected through a third-party SDK, it often leaves your device whether you know it or not.
This is how systems built for analytics can quietly become systems of exposure—revealing more than users ever intended to share.
A growing number of companies are rejecting the surveillance model entirely—designing systems where intimate body data never touches centralized servers. Companies like Cirdia process data locally, on the user's device, with users maintaining complete control over what they choose to share.
This approach requires rejecting the standard toolkit. No Meta or Google SDKs embedded in products. Privacy-first analytics that never track individuals. Clear boundaries between advertising channels and product experiences. These choices require tradeoffs: more infrastructure, fewer shortcuts, and a fundamentally different product roadmap. But they also build real trust—not just legal defensibility.
This isn't just about one app. It's about the entire ecosystem of wellness tech—especially tools that collect deeply personal data related to women's health, fertility, and sleep. In a post-Roe legal landscape, even inadvertent data exposure can have real-world consequences. The Meta case is a clear signal to femtech and wellness product leaders: meeting the letter of the law isn't enough. We must build systems that make bodily autonomy and digital trust non-negotiable.
Public awareness is growing: most wellness apps aren't protected under HIPAA. When users feel exposed, they don't just stop using your product—they stop engaging with tools that could help them.
For founders, this represents both risk and opportunity. While users readily trade social media posts or shopping habits for free apps, intimate body data triggers a fundamentally different response. Companies that fail to recognize this distinction face mounting legal exposure and user backlash. Meanwhile, those who understand that biometric privacy isn't just another data category can build defensible differentiation in a market where trust has become the scarcest commodity.
The playbook is emerging: audit your SDKs, minimize data collection, build opt-in pathways, and default to protection. But more fundamentally, it's about recognizing that in wellness tech, trust isn't just a nice-to-have—it's the entire foundation of sustainable growth.
When we build tech that touches people's bodies and private lives, we're not just writing code—we're making a promise. Not simply to follow the law, but to build systems that respect the boundaries of the people who use them.
Trust begins not with a privacy policy, but with the decision to collect only what's necessary—and to build with care when the data is deeply personal.
Because at the end of the day, a body isn't a business model. And once that trust is broken, no court ruling can restore what was lost.
","content_text":"When the menstrual tracking app Flo went to trial for allegedly sharing intimate\nhealth data with Meta and Google, the company's defense raised eyebrows:\n\n> \"Is Flo a provider of health care? No. Are Flo's users its patients? No. Did\n> Plaintiffs file their claims on time? No. Did Plaintiffs agree to Flo's\n> privacy policy? Yes.\"\n\nThat defense may have been legally sound, but it sidesteps a deeper issue: in\nwellness tech—especially where women's health is concerned—users aren't just\ncustomers. They're people entrusting you with their bodies, routines, and\nvulnerabilities. Saying \"they agreed to the privacy policy\" doesn't absolve\ncompanies of the obligation to design with care.\n\nThe market delivered its verdict on that defense strategy. Just days after a\nfederal judge approved Flo's settlement and dismissed the remaining class action\nclaims, a San Francisco jury found Meta Platforms liable under California's\nInvasion of Privacy Act, ruling that it had intentionally intercepted sensitive\nmenstrual health data from millions of Flo users via embedded SDKs. With\npenalties of up to $5,000 per violation, Meta now faces potential liabilities in\nthe billions—roughly half of Fitbit's total acquisition price.\n\nThis wasn't an isolated case. The Flo litigation involved multiple defendants:\nFlurry Analytics (now defunct) settled for $3.5 million, Google settled for an\nundisclosed sum, and Flo itself had previously settled with the FTC in 2021,\nagreeing to clearer disclosures and independent privacy oversight (FTC Press\nRelease). The pattern reveals how embedded technologies that developers don't\nfully control can create massive liability exposure.\n\nMeta's loss establishes a new precedent: even when companies believe they're\nlegally protected, juries may hold them to a higher standard when intimate\nhealth data is involved.\n\n\nTHE ILLUSION OF CONSENT\n\nThe Meta verdict highlights a critical flaw in how the tech industry interprets\nuser consent. The idea that someone clicked \"agree\" doesn't mean they\nunderstood—especially when the average privacy policy requires a graduate-level\neducation to comprehend. Most privacy policies are legal labyrinths designed to\nprotect the company, not inform the user. Consent in this context isn't\ntrust—it's compliance. The Meta case underscores that a policy on paper, no\nmatter how carefully worded, won't shield a company from accountability if its\ndesign choices ignore the spirit of meaningful consent and data minimalism.\n\nIn femtech, that gap matters. Because even when data sharing is technically\nallowed, it may still feel like a betrayal.\n\n\nHOW THIS HAPPENS: THE INVISIBLE LEAK\n\nMany apps use third-party software development kits (SDKs)—bundles of prewritten\ncode from companies like Google and Meta. These SDKs are often added for\nanalytics, crash reporting, or marketing—but they can also transmit sensitive\nuser data back to external platforms.\n\nFlo's app included such SDKs, and data about menstrual cycles, sexual activity,\nand fertility intentions may have been exposed as a result (Courthouse News).\nEven if that data wasn't abused, its unintended transmission is a trust\nissue—not just a legal one. And often, it's not even intentional—just embedded\nin the tools apps rely on by default. Defaults shape outcomes.\n\nWhat many users don't realize is that even when an app doesn't share the content\nof what you input—like a note or a symptom—you can still be identified through\nmetadata. Metadata is the data about your data: when you opened the app, how\noften you used certain features, which buttons you clicked, what time of day you\nlogged something. When combined, these behavioral patterns can closely mimic or\neven predict the real information you entered. This is why even 'anonymized'\nhealth data isn't truly anonymous—behavioral fingerprints are often more\nrevealing than the raw data itself.\n\nA third party might never see your exact entry—\"cramps on day 24.\" But they\ncould easily infer your cycle, sleep, stress, or activity patterns based on how\nand when you use the app. For example, if a user logs in daily and opens the\nsymptom tracker around the same time each month, that behavior alone can signal\nwhere they are in their cycle. And if that metadata is collected through a\nthird-party SDK, it often leaves your device whether you know it or not.\n\nThis is how systems built for analytics can quietly become systems of\nexposure—revealing more than users ever intended to share.\n\n\nBUILDING THE ALTERNATIVE\n\nA growing number of companies are rejecting the surveillance model\nentirely—designing systems where intimate body data never touches centralized\nservers. Companies like Cirdia process data locally, on the user's device, with\nusers maintaining complete control over what they choose to share.\n\nThis approach requires rejecting the standard toolkit. No Meta or Google SDKs\nembedded in products. Privacy-first analytics that never track individuals.\nClear boundaries between advertising channels and product experiences. These\nchoices require tradeoffs: more infrastructure, fewer shortcuts, and a\nfundamentally different product roadmap. But they also build real trust—not just\nlegal defensibility.\n\n\nWHY IT MATTERS MORE THAN EVER\n\nThis isn't just about one app. It's about the entire ecosystem of wellness\ntech—especially tools that collect deeply personal data related to women's\nhealth, fertility, and sleep. In a post-Roe legal landscape, even inadvertent\ndata exposure can have real-world consequences. The Meta case is a clear signal\nto femtech and wellness product leaders: meeting the letter of the law isn't\nenough. We must build systems that make bodily autonomy and digital trust\nnon-negotiable.\n\nPublic awareness is growing: most wellness apps aren't protected under HIPAA.\nWhen users feel exposed, they don't just stop using your product—they stop\nengaging with tools that could help them.\n\n\nTHE STRATEGIC IMPERATIVE\n\nFor founders, this represents both risk and opportunity. While users readily\ntrade social media posts or shopping habits for free apps, intimate body data\ntriggers a fundamentally different response. Companies that fail to recognize\nthis distinction face mounting legal exposure and user backlash. Meanwhile,\nthose who understand that biometric privacy isn't just another data category can\nbuild defensible differentiation in a market where trust has become the scarcest\ncommodity.\n\nThe playbook is emerging: audit your SDKs, minimize data collection, build\nopt-in pathways, and default to protection. But more fundamentally, it's about\nrecognizing that in wellness tech, trust isn't just a nice-to-have—it's the\nentire foundation of sustainable growth.\n\n\nTHE AGREEMENT THAT MATTERS MOST\n\nWhen we build tech that touches people's bodies and private lives, we're not\njust writing code—we're making a promise. Not simply to follow the law, but to\nbuild systems that respect the boundaries of the people who use them.\n\nTrust begins not with a privacy policy, but with the decision to collect only\nwhat's necessary—and to build with care when the data is deeply personal.\n\nBecause at the end of the day, a body isn't a business model. And once that\ntrust is broken, no court ruling can restore what was lost.","image":"https://media-cdn.cirdia.com/blog-cirdia-com/production/images/item-bfb29936e4a24d81b484c52807047b8e.jpg","banner_image":"https://media-cdn.cirdia.com/blog-cirdia-com/production/media/image-f110dc665d403b68aa10d5a99be2832f.jpg","date_published":"2025-08-12T17:00:00.000Z","_microfeed":{"is_audio":false,"is_document":false,"is_external_url":false,"is_video":false,"is_image":true,"web_url":"https://blog-cirdia-com.pages.dev/i/when-consent-isnt-trust-what-the-flo-and-meta-laws-mVhyQATEalg/","json_url":"https://blog-cirdia-com.pages.dev/i/mVhyQATEalg/json/","rss_url":"https://blog-cirdia-com.pages.dev/i/mVhyQATEalg/rss/","guid":"mVhyQATEalg","status":"published","itunes:title":"Mary Camacho","itunes:episodeType":"full","date_published_short":"Tue Aug 12 2025","date_published_ms":1755018000000}}],"_microfeed":{"microfeed_version":"0.1.2","base_url":"https://blog-cirdia-com.pages.dev","categories":[{"name":"Health & Fitness"},{"name":"Technology"}],"subscribe_methods":[{"name":"RSS","type":"rss","url":"https://blog-cirdia-com.pages.dev/rss/","image":"https://blog-cirdia-com.pages.dev/assets/brands/subscribe/rss.png","enabled":true,"editable":false,"id":"dBXR_fcmwxX"},{"name":"JSON","type":"json","url":"https://blog-cirdia-com.pages.dev/json/","image":"https://blog-cirdia-com.pages.dev/assets/brands/subscribe/json.png","enabled":true,"editable":false,"id":"LS9clj_DZDP"}],"description_text":"","copyright":"©2025 Cirdia™","itunes:type":"episodic","items_sort_order":"newest_first"}}