The journey of a single data point
What happens when you track your cycle.
Top things to know about your data at Clue:
We never have, and never will, sell your data
Your data is protected by European Union regulations and we use the latest safety measures to protect your data
We sometimes share de-identified data with carefully vetted scientists to improve research on menstrual and reproductive health
Do you ever wonder what happens after you tell your Clue app that you have a cramp, or had sex, or any of the many other things you can track?
What you track becomes a data point; a small piece of information that we keep for you, analyze for you, and potentially also share with carefully-selected health researchers—but of course only after we have made sure that the data point cannot be traced back to you.
It sounds simple. But in reality your data point has an adventurous journey, and it is our job to keep it safe along the way.
First, your data is analyzed in our backend and securely stored
Your data point might have tasks to do before it reaches its final destination. It travels from your Clue app, through a secure channel, straight to our backend, where it gets analyzed by our algorithms. Clue’s technology looks at the data point in context with the other data points you have tracked, so that we can help you with cycle predictions, pattern recognition and alert you when there are big changes that might be useful to talk to your healthcare provider about.
We treat all data with the utmost care and we never sell it. In addition, we have an even higher level of privacy for any sensitive health data you share with us. Access to this health data is strictly limited within Clue, and it is never shared with ad networks. Your data is also encrypted on its journey to us, making sure no one can get hold of it – not even your internet provider. Data that has been encrypted is essentially jumbled up, rendering it unreadable to anybody but us.
We are a company based in Germany, which is part of the European Union. There are strict regulations in the European Union on how organizations must handle data that is considered “sensitive,” this includes your cycle tracking data. We think that is a good thing. For instance, you have the right to have your data deleted and your data can only ever be used for the purposes you agree to, and nothing else. If you want to know more about how we handle your sensitive data, you can read our privacy policy here.
The other data you generate is called “usage data”
When you track you also generate another kind of data, which is about how you use the Clue app. This kind of data helps us understand what features you find helpful and use the most, or if there are things that you cannot easily use or find. We look at this kind of usage data and use other service providers and tools to help us understand it.
"Usage data" is less sensitive than the health-related private data that you track. You create a data trail every time you use any app, or visit any website. But it still matters. We follow best practices in data protection here too, carefully vetting our service providers for their level of data protection compliance.
We share de-identified data with carefully-selected researchers
I mentioned that your de-identified data might be shared with carefully-selected health researchers at a trusted research institution. Why do we do that?
We don’t make any money from this. We actually spend a lot of resources on these collaborations—data analysts, research coordinators, and so on. While we may charge a small administration fee, this is only to support us in setting the projects up and securely transferring your de-identified data.
The reason why we think this is so important is that we have data of what people with cycles really experience—one so large and rich that no individual researcher could collect it themselves. We are the trusted guardians of this data, and we believe that it can and should be used to further benefit our app users and all people with cycles.
As the scientific community learns more about menstrual cycles and reproductive health through our data set, that knowledge will eventually trickle down to healthcare providers and lead to better healthcare for all, hopefully including you. We think this is a good thing, and we are really happy and grateful that millions of people using Clue also feel that way.
This kind of research has been underfunded and overlooked, so we’re happy to help move things along. You can read more about our science collaborations here.
What about the data from my other apps? What about selling data?
Your data point rests safely on Clue’s servers. Data from other apps might not be as lucky. Many app companies choose to make money by selling your data to advertisers or data brokers. It’s unlikely that you as a user know this. The way you would know is by reading Terms of Service and Privacy Policies every time you install an app. In most cases, these are endless legal documents in small unreadable print that are written to not be understood.
At Clue we think selling data without real consent and hiding that process are both totally wrong. We have gone to great lengths to write these documents in a way that you can not only understand them, but also make an informed choice and learn how to navigate your data privacy. Here is our Privacy Policy and Terms of Service.
We don’t sell your data. Full stop.
And you can read more about how Clue makes money here.
Can people who work at Clue see what I track?
Only a small, select group of Clue employees have access to the tools we use to look into the database for the purpose of their defined roles. I, as founder, for instance, cannot have a look. As a precaution, we also have further restricted access to the tracked cycle data. Care for our users is a core value of Clue—anything that could jeopardize that would be against who we are and what we believe in.
What about being hacked? What if someone steals my phone?
Those are real dangers on this epic journey of your data point. It's unlikely for Clue to be hacked with intense security measures. Clue has strong security against hacking but every age has its villains. We do all the things we know of to keep data safe; your data is stored using the latest industry standards and we have taken precautions to prevent a hack. We will of course inform you if this ever happens.
I believe that the benefits of living in an age of data outweigh the risks.
When you collect data about your health, you have the possibility to take care of your body, be informed, and get care. Your biggest risk is not that your app company gets hacked, but rather that it was founded by people whose ethical choices you might not agree with. That’s why you must choose wisely who you share your data with.
A few final travel tips for you and your data
Keep a passcode on your phone, and create an account on the Clue app. You can even enable a PIN code in the Clue app itself, for an extra layer of protection.
Sometimes people think they have created an account at Clue, and that we keep their tracking data stored with it. But if you use Clue without an account and you lose your phone and haven’t backed it up, all your precious data will be lost and be gone forever. This is how most users lose their data. So either create an account, or do a backup of your phone, or best, do both.
If you are under 16 and live in the European Union, you may need your parents’ consent to create an account due to European data laws. If you are under 13 and live in the USA, the parental consent procedure is so complicated that unfortunately we are unable to technically support it, meaning that you cannot use Clue at all if you are under 13. While we generally applaud advances in data protection laws, and agree that this is particularly important for minors, we think it’s really unfortunate that an app like Clue requires parental oversight. It is the discrete tracker and information resource so many of us wished we had had during that confusing time of adolescence. We suspect that some of those most in need of support will forgo it rather than talking to their parents (who may be not much better equipped to distinguish between “good” apps and “bad” ones).
Oh, and one last bit of bonus advice. If you use an app that wants to collect data on all kinds of things—for instance your location—that seem irrelevant to the service it provides, it’s a reason to be concerned. An app should only ask for the kind of data that is reasonable to the purpose of the app. If it asks for more, the purpose might be to harvest and sell that data.
At Clue we view data privacy and safety as cornerstones of what needs to be done right. I hope this will help you understand how we together can keep your data point safe.
This article was originally published September 19, 2019.