Mozilla Research Finds Stardust Period Tracker Shared Sensitive Health Data

Mozilla researchers found that period-tracking app Stardust shared sensitive reproductive health data with analytics firm RudderStack, raising fresh privacy concerns.

Jul 17, 2026 - 04:51
 5
Mozilla Research Finds Stardust Period Tracker Shared Sensitive Health Data
Image Credit: Chatgpt

Mozilla has raised new concerns about the privacy practices of period-tracking apps after research found that Stardust shared users' sensitive reproductive health information with third-party analytics company RudderStack. The findings challenge Stardust's public messaging that users' data remains private and highlight broader risks associated with health apps that collect highly personal information.

According to Mozilla’s research, Stardust transmitted data including users’ birth dates, birth control methods, reproductive goals and reported symptoms to RudderStack. Although the information was linked to a unique identifier rather than a user’s name, the U.S. Federal Trade Commission has previously warned that such identifiers do not render personal data anonymous and may still allow individuals to be identified.

Mozilla security researcher Shoshana Wodinsky examined the network traffic of six popular period-tracking applications to understand how they handled user information. Among the apps tested, Stardust was the only one found to be sharing sensitive reproductive health data with a third-party analytics provider. Much of this activity occurred in the background and would not have been visible to users.

The findings add to ongoing concerns surrounding digital privacy in health applications. Many apps rely on third-party services for analytics, cloud storage or payment processing, but sharing sensitive health information with external companies can increase the risk of data breaches, security incidents or legal requests for user information.

Stardust attracted significant attention in 2022 following the U.S. Supreme Court’s decision to overturn the constitutional right to abortion, as many users sought privacy-focused alternatives for tracking reproductive health. At the time, the company promoted the app as offering end-to-end encryption. However, a previous independent analysis of the app’s network traffic called those claims into question, and Mozilla’s latest research has renewed scrutiny of the company’s privacy practices.

In a statement quoted by the BBC, a Stardust spokesperson said RudderStack is contractually prohibited from selling the information or using it for its own purposes. However, because both companies are based in the United States, data stored on their servers could still be subject to requests from law enforcement authorities where permitted by law.

Mozilla’s research also highlighted positive examples of stronger privacy protections. Of the six applications evaluated, the organisation recommended Euki as the strongest performer, stating that its core features did not share user data with third parties and that sensitive health information remained stored locally on the user’s device rather than being transmitted to external servers.

The report underscores the importance of carefully reviewing privacy practices before using health and wellness applications. As consumers increasingly rely on digital tools to manage personal health information, researchers continue to warn that data-sharing arrangements with third-party companies may expose sensitive information to risks that many users are unaware of.

What's Your Reaction?

Like Like 0
Dislike Dislike 0
Love Love 0
Funny Funny 0
Angry Angry 0
Sad Sad 0
Wow Wow 0
Shivangi Yadav Shivangi Yadav reports on startups, technology policy, and other significant technology-focused developments in India for TechAmerica.Ai. She previously worked as a research intern at ORF.