Top things to know about your data at Clue:
We never have, and never will, sell your data
Your data is protected by European Union regulations and we use the latest safety measures to protect your data
We sometimes share de-identified data with carefully vetted scientists to improve research on menstrual and reproductive health
Do you ever wonder what happens after you tell your Clue app that you have a cramp, or had sex, or any of the many other things you can track?
What you track becomes a data point; a small piece of information that we keep for you, analyze for you, and potentially also share with carefully-selected health researchers—but of course only after we have made sure that the data point cannot be traced back to you.
It sounds simple. But in reality your data point has an adventurous journey, and it is our job to keep it safe along the way.
First, your data is analyzed in our backend and securely stored
Your data point might have tasks to do before it reaches its final destination. It travels from your Clue app, through a secure channel, straight to our backend, where it gets analyzed by our algorithms. Clue’s technology looks at the data point in context with the other data points you have tracked, so that we can help you with cycle predictions, pattern recognition and alert you when there are big changes that might be useful to talk to your healthcare provider about.
We do a number of things to make sure that the data doesn’t get lost or even stolen on its journey. We keep any data that can identify you in one place, and all the sensitive data from your cycle tracking in a separate database. We also encrypt your data point—a security measure which jumbles up the data, rendering it unreadable to anybody but us.
We are a company based in Germany, which is part of the European Union. There are strict regulations in the European Union on how organizations must handle data that is considered “sensitive,” like your cycle tracking data. We think that is a good thing. For instance, you have the right to have your data deleted. You can ask to get all your data exported, or change your data and take it with you someplace else. If you want to know more about how we handle your sensitive data, you can read about it here.
The other data you generate is called “usage data”
When you track you also generate another kind of data, which is about how you use the Clue app. This kind of data helps us understand what features you find helpful and use the most, or if there are things that you cannot easily use or find. We look at this kind of usage data and use other service providers and tools to help us understand it.
"Usage data" is less sensitive than the health-related private data that you track. You create a data trail every time you use any app, or visit any website. But it still matters. We follow best practices in data protection here too, carefully vetting our service providers for their level of data protection compliance.
We share anonymized data with carefully-selected researchers
I mentioned that your anonymized data might be shared with carefully-selected health researchers at a trusted research institution. Why do we do that?
We don’t make any money from this. We actually spend a lot of resources on these collaborations—data analysts, research coordinators, and so on. While we may charge a small administration fee, this is only to support us in setting the projects up and securely transferring your de-identified data.
The reason why we think this is so important is that we have data of what people with cycles really experience—one so large and rich that no individual researcher could collect it themselves. We are the trusted guardians of this data, and we believe that it can and should be used to further benefit our app users and all people with cycles.
As the scientific community learns more about menstrual cycles and reproductive health through our data set, that knowledge will eventually trickle down to healthcare providers and lead to better healthcare for all, hopefully including you. We think this is a good thing, and we are really happy and grateful that millions of people using Clue also feel that way.
This kind of research has been underfunded and overlooked, so we’re happy to help move things along. You can read more about our science collaborations here.
What about the data from my other apps? What about selling data?
Your data point rests safely on Clue’s servers. Data from other apps might not be as lucky. Many app companies choose to make money by selling your data to advertisers or data brokers. It’s unlikely that you as a user know this. The way you would know is by reading Terms of Service and Privacy Policies every time you install an app. In most cases, these are endless legal documents in small unreadable print that are written to not be understood.
We don’t sell your data. Full stop.
I have written about how we make money here.
Can people who work at Clue see what I track?
Only a few people have access to the tools we use to look into the database. I, as founder, for instance, cannot have a look. As a precaution, we also have restricted access to the tracked cycle data. Care for our users is a core value of Clue—it would be so against who we are and what we believe in to look at individual users' data.
What about being hacked? What if someone steals my phone?
Those are real dangers on this epic journey of your data point. It's unlikely for Clue to be hacked with intense security measures. Clue has strong security against hacking but every age has its villains. We do all the things we know of to keep data safe; your data is stored using the latest industry standards and we have taken precautions to prevent a hack. We will of course inform you if this ever happens.
I believe that the benefits of living in an age of data outweigh the risks.
When you collect data about your health, you have the possibility to take care of your body, be informed, and get care. Your biggest risk is not that your app company gets hacked, but rather that it was founded by people whose ethical choices you might not agree with. That’s why you must choose wisely who you share your data with.
A few final travel tips for you and your data
Keep a passcode on your phone, and create an account on the Clue app. You can even enable a PIN code in the Clue app itself, for an extra layer of protection.
Sometimes people think they have created an account at Clue, and that we keep their tracking data stored with it. But if you use Clue without an account and you lose your phone and haven’t backed it up, all your precious data will be lost and be gone forever. This is how most users lose their data. So either create an account, or do a backup of your phone, or best, do both.
If you are under 16 and live in the European Union, you may need your parents’ consent to create an account due to European data laws. If you are under 13 and live in the USA, the parental consent procedure is so complicated that unfortunately we are unable to technically support it, meaning that you cannot use Clue at all if you are under 13. While we generally applaud advances in data protection laws, and agree that this is particularly important for minors, we think it’s really unfortunate that an app like Clue requires parental oversight. It is the discrete tracker and information resource so many of us wished we had had during that confusing time of adolescence. We suspect that some of those most in need of support will forgo it rather than talking to their parents (who may be not much better equipped to distinguish between “good” apps and “bad” ones).
Oh, and one last bit of bonus advice. If you use an app that wants to collect data on all kinds of things—for instance your location—that seem irrelevant to the service it provides, it’s a reason to be concerned. An app should only ask for the kind of data that is reasonable to the purpose of the app. If it asks for more, the purpose might be to harvest and sell that data.
At Clue we view data privacy and safety as cornerstones of what needs to be done right. I hope this will help you understand how we together can keep your data point safe.
This article was originally published September 19, 2019.