Bỏ qua đến nội dung chính
Back to home
Tech AI 2 min read

Period Tracker Stardust Accused of Sharing Sensitive User Health Data

New research by Mozilla reveals that period-tracker Stardust shares sensitive health data with third-party analytics firm RudderStack, contradicting its strict privacy claims.

Tier 1 · sources 82% confidence Auto-priority
Sources techcrunch.com

The period-tracking app Stardust has recently been found sharing users' sensitive health data with third-party analytics company RudderStack, according to a research report released by Mozilla on July 16, 2026. This discovery has immediately raised serious privacy concerns regarding personal health applications, especially since Stardust has continuously asserted on its website that user data remains strictly private.

Detailed Developments

According to Mozilla's latest investigation into privacy practices of period-tracking apps, Stardust shared personal user details with a third party, including birthdates, birth control methods, reproductive goals, and specific health symptoms. Notably, this is not the first time Stardust has faced security controversies. In 2022, following the overturning of abortion rights in the United States, the app experienced a surge in downloads by claiming it featured end-to-end encryption. However, subsequent network traffic analysis by TechCrunch proved that the company's encryption claim was entirely false.

Technical & Technology Analysis

Mozilla security researcher Shoshana Wodinsky conducted technical evaluations using network traffic analysis across six popular period-tracking apps to determine how they collect and share data. The findings revealed that Stardust was the only tested application that transmitted sensitive health data to a third-party server in the background without user awareness. Although Stardust used a unique identifier in place of actual names, the U.S. Federal Trade Commission (FTC) has repeatedly warned that such identifier-based masking is insufficient for true anonymization, and recipients can still link the records back to identify individuals.

Expert Opinions & Insights

Responding to the findings, a Stardust spokesperson told BBC News that their partner RudderStack is "contractually prohibited from selling or using it for its own purposes." Nonetheless, legal and security experts warn that since both are U.S.-based companies, they are still obligated to turn over stored user health data to law enforcement upon official demand. Stardust founder Rachel Moranis has not yet provided any official response to press inquiries regarding whether the company has previously received demands for user data from authorities.

Impact & Future Outlook

This incident once again underscores the critical privacy risks of relying on digital health services. For tech enthusiasts and users, it serves as a major lesson in maintaining skepticism toward vendor marketing claims. Instead of relying blindly on promotional claims, users are advised to seek safer alternatives. Mozilla highlighted Euki as an optimal choice, as tests demonstrated that the app stores all user health data locally on the device and does not share any data with third-party servers.