, , ,

Period Tracker Stardust Exposed Sharing Sensitive Health Data with Third-Party Analytics Firm

Despite marketing itself with the ironclad promise that user data remains strictly private, the popular period-tracking application Stardust has been found transmitting sensitive user health information to a third-party analytics firm, RudderStack. Recent technical investigations into the app’s network traffic revealed that Stardust shares highly personal details, including users’ birthdates, birth control methods, reproductive goals, and specific physical symptoms. Although this data is linked to a unique identifier rather than a user’s legal name, regulatory bodies like the Federal Trade Commission (FTC) have repeatedly warned that such identifiers do not guarantee anonymity and can easily be traced back to individuals.

This discovery highlights a broader, systemic issue within the digital health landscape, where background data sharing often occurs without the explicit awareness of the user. While many applications utilize third-party integrations for essential functions like cloud storage, payment processing, or performance analytics, transferring intimate health metrics introduces severe privacy vulnerabilities. These practices expose users to potential data breaches, security lapses, and the risk of having their personal health histories subpoenaed by law enforcement agencies.

Stardust previously experienced a massive surge in downloads in 2022 following the overturning of constitutional abortion rights in the United States, positioning itself as a secure haven for reproductive tracking. At the time, the company claimed to employ end-to-end encryption to ensure even its own staff could not access user logs. However, subsequent network traffic analyses debunked these security claims. In a comparative evaluation of six prominent period-tracking applications, Stardust was the sole platform identified as actively transmitting sensitive health data to an external company.

In response to these findings, representatives for Stardust stated that RudderStack is contractually barred from selling or repurposing the shared data. Nonetheless, because both entities operate within the United States, they remain legally obligated to comply with government and law enforcement data requests. Meanwhile, privacy advocates point to alternative applications like Euki, which processes and stores all health data locally on the user’s device, as the gold standard for reproductive privacy. Stardust founder Rachel Moranis has not provided further comment on the matter.

Key Takeaways

  • Stardust was caught sharing sensitive user information—including birth control types, reproductive goals, and symptoms—with third-party analytics firm RudderStack.
  • Despite using unique identifiers instead of names, the FTC warns that such data is not truly anonymous and can still be linked back to individual users.
  • Out of six period-tracking apps analyzed, Stardust was the only one found transmitting sensitive health data, while the app Euki was highlighted for keeping all data securely on-device.

Editor’s Analysis & Impact

The revelation surrounding Stardust’s data-sharing practices underscores a critical trust deficit in the femtech and digital health sectors. Following the rollback of federal abortion protections in the U.S., privacy in reproductive tracking transitioned from a consumer preference to a high-stakes legal concern. Stardust capitalized on this anxiety by marketing false encryption standards, only to be exposed for background data sharing. This discrepancy highlights the urgent need for stricter regulatory oversight and standardized definitions of ‘end-to-end encryption’ in consumer health tech. Moving forward, developers will face intense pressure to adopt decentralized, local-first data storage models—similar to Euki’s architecture—as consumers grow increasingly skeptical of cloud-based health platforms. Companies failing to prioritize genuine, verifiable privacy risk permanent brand damage and potential regulatory penalties from the FTC.

Frequently Asked Questions

Q: What specific data was Stardust sharing with third parties?
A: Stardust was found sharing sensitive user information including birthdates, birth control types, reproductive goals, and specific symptoms with the analytics firm RudderStack.

Q: Is the shared data anonymous if it doesn't use my name?
A: No. Although Stardust replaces names with unique identifiers, regulatory bodies like the FTC warn that this method does not make the data truly anonymous, as it can still be linked back to an individual.

Q: Are there safer alternatives for tracking reproductive health?
A: Yes. Privacy researchers recommend apps like Euki, which do not share data with third parties and store all health information locally on the user's device rather than on external servers.

AI Disclosure: This article is based on verified data and official reports. Our Team and AI have cross-referenced every financial detail with primary sources to ensure total accuracy.