The Journey of a Single Data Point, Part II: The Underworld of Digital Advertising
How Clue and other companies use your data to find new users.
(Last updated 4 February 2020)
At Clue, we believe that technology and data present a groundbreaking opportunity to empower people to take control of their health.
We also acknowledge that using any service embedded in the digital economy will increase your data footprint. At Clue, we fully accept the great responsibility that comes with safeguarding your sensitive data, such as information about your menstrual cycle. We are committed to achieving the highest standards of privacy and security.
We see it as our job to be so clear and transparent that you can truly understand what we do with your data, even though the digital ecosystem of an app is complex, and we interact with it when we rely on a number of other service providers as summarized below. Our CEO Ida Tin has written several blog posts on this, including an overview of what happens to your tracked data. We’d love it if you could take some time to read it, and let us know what you think.
How and why we process your personal data at Clue:
i. To provide our services, understand your needs and communicate with you, we collect certain data that allows us to contact you and to analyze how you interact with our app. We do use third party tools to help us with this. But we are careful to only share usage data and minimal personal data with third party tools, not data relating to your menstrual cycle or other health data. These third party services are not permitted to use the data we share for any other purpose than to help us provide our service to you.
ii. To deliver personalized insights as your trusted health companion, part of the service we provide is processing the health data that you choose to enter in the Clue app. Because this data is so sensitive, we do not share it even with our internal third party service providers.
iii. To advance scientific research on menstrual and reproductive health, we share data with carefully vetted researchers to advance female health studies. For that purpose we de-identify your personal data by removing or hashing personal identifiers so that neither the researchers nor any third parties can link it to you. You can read about our collaborations here. But if you are not comfortable with your de-identified data being shared for the purposes of menstrual and reproductive health research, you can contact us at firstname.lastname@example.org.
iv. To effectively reach new Clue users online, we do share a minimal amount of data about our users with advertising networks (but we never share the menstrual or other health data you track in the app). The reason is so that you do not see Clue ads if you’ve already downloaded or subscribe to Clue, and so that we can suggest Clue to people who are likely to be interested in it. If you are not comfortable with any data being shared for ad customization, you can contact us at email@example.com. You can read more about our approach to digital advertising in this blog post.
To be clear: we are very careful to give extra protection to your sensitive health data. We do not share any of the data you track with advertisers or other third parties, even our own service providers, nor do we allow others to advertise their products in our app. This is not our business model. For our principles and promises about how we make money, please see this blog post.
Data processing is at the center of everything we do at Clue, and whenever you use our services—e.g. when you use the Clue app or when you go on our website—some personal and non-personal data is collected, stored, and analyzed using internal and third-party tools.
Here are the purposes for which we process data and the type of data that is processed to fulfill each purpose:
When you use the Clue app or when you go on our website, Clue collects, stores, and uses some personal and non-personal data about how you interact with our services, such as Device Data, Event and usage data and IP-address, and transmits it to some third-party services. This data is not the health-related data you track in the app (this is covered under section 2.2. below).
The main reason why we collect this data and use third party tools is to provide our service to you, which may include sending occasional informational and promotional messages as well as reminders to your smartphone via in-app messages and push notifications. We are thoughtful about what we communicate and how often. You always remain in full control of your communication preferences with Clue. You can change the settings in the app or on your device at any time.
The other reason why we process this data is to help us understand your needs and your use of our products, to analyze bugs and fix issues, and to bring you more useful features. In a nutshell, we process this data to provide you with the best and most reliable experience of our services.
Here are the types of data we collect:
Device data This data informs us about the device you use to access our services, such as the model, name and identifiers, device settings, application identifier, and crash information. On our website, we collect information about your browser and browser settings, the operating system you use, and the system settings of your device. This information helps us to fix bugs, tailor our services to our users’ devices and improve our services.
Event and usage data When you use the app or when you go to our website, our servers (located in Europe) process data in order to understand your usage of our services—for example, which pages you visit or which tab in the app you open. We collect this information and use it as aggregate data to better understand which features are the most relevant or useful to our users as a whole, and to communicate with you about relevant and timely information and promotional content.
IP address We collect IP addresses provided by your browser or mobile device to deliver the service to your device. We also use the IP address to determine your approximate location for statistical and analytics purposes, and for regulatory compliance in different countries. To be clear, we do not collect your precise location.
All the data we collect at Clue is necessary for Clue to deliver the services you use. The amount we collect is minimized wherever possible to respect your privacy.
Legal basis The legal basis for processing the above data is Art 6 section 1(b) of the European General Data Protection Regulation (GDPR). Clue may use this data for the purpose of improving the Clue app, the services we provide to you, and to prevent abusive use of our service. In accordance with Art 6, section 1(f) GDPR, we consider that we have a legitimate interest to offer an error-free and functional service.
Here are the types of data we collect and store when you create an account:
Personal data used for account creation We need some of your personal data, such as a username and email address, in order to create your Clue account.
Health and sensitive data We store health data, such as your body measurements, dates of your past and current periods, and symptoms or events you choose to track in the app (e.g. sex, levels of productivity, good hair days, pain, or cravings).
See section 5.1 below with regard to the special data security measures we take to ensure your sensitive health data is protected.
The vision of our founder, Ida Tin, is for Clue to help advance female health globally. Female health has historically been underserved as a field of research—there has been very little long-term or large scale cycle health information available for academic and clinical purposes. Clue is on a mission to fill this gap by sharing user data, carefully de-identified to protect your privacy, for the purposes of scientific and medical research about menstrual and reproductive health. De-identification means that Clue will either delete such information from data sets that could identify you as an individual, such as your username or email address, or will replace this information with a random number, so information on your identity will not be shared with any research partner.
Since its inception, Clue has successfully collaborated with academic researchers. You can read about our past and ongoing research collaborations here.
We want to make it very clear that we personally select our scientific collaborators with the utmost care and, most importantly, that we only provide data for scientific research after it has been de-identified following a strict protocol that involves the removal or hashing of any information that could be used to identify any specific user.
Finally, because we believe that research should benefit everyone, Clue strives to publish the results of our academic, clinical, or internal research in ways that are easy to read for all our users.
Legal basis The legal basis for the usage of your personal data for scientific research purposes is § 27 BDSG (the German Data Protection Act) along with your consent in accordance with Art 9 GDPR. Once again, you can withdraw your consent to the use of your data for scientific purposes at any time by emailing firstname.lastname@example.org. If you do this, your data won’t be included in any future research partnerships.
If you are a participant in a scientific study that is run by a research facility using Clue as a tool to collect information for that study, then Clue will share your personal information with the research facility only under the terms of your consent as given to that research facility. When you use Clue as part of a scientific study, we will otherwise treat your personal data with the same care as we do all user data. The research facility will be solely responsible for the usage of your personal data in the context of their scientific study. We consider that Clue and our partnered research facilities have joint responsibility (“joint controllership”) in this case.
When you create an account with Clue, your personal data—including sensitive data and data related to your health—is stored on your device and is also stored and processed on Clue servers. This is done so we can offer you the option of backing up your data and to enable additional features.
By creating an account with Clue you explicitly consent that:
i. Clue may store and process personal data you provide through the usage of the Clue app and through the account creation process solely for the purpose of providing Clue services to you and to improve Clue’s service features. Such Clue services may include sending you information and reminders through the Clue app, e.g. via push notification or to the email address you provided to Clue.
ii. Such personal data you provide to Clue through the account creation process for the purpose of providing Clue’s service includes personal data you enter into the Clue app, such as your account data (e.g. your username and email address), and your health data which may include your cycle information (e.g. period length, pain, or spotting) and depending on the data you provide, it may also contain information about your general health (e.g. weight, body temperature, hair quality, and if/how you engage in sexual intercourse).
iii. Clue will not transmit any of your personal data to third parties, except if it is required to provide the Clue service to you (e.g. technical service providers), unless Clue has asked for your explicit consent.
iv. Clue may use your cycle data to create de-identified sets of data for academic and clinical research purposes. Clue’s collaborators are individually selected through an internal vetting process. This de-identified research data does not contain any information that would allow the research partner to identify you as an individual.
We believe that privacy—including data privacy—is a basic human right. At Clue we strive to ensure that your rights are respected.
Here are some key facts about your privacy that we would like you to know:
i. Our products and services have been designed to minimize the use of your personal data. We only collect and process your data for the purposes that have been previously outlined.
ii. The security of our servers is routinely verified by experts to protect your data from unauthorized access. You can contact us at email@example.com if you have any questions about the security of our services.
iii. We do not retain your data in an identifiable format for longer than necessary to deliver our services.
iv. Clue does not engage in any automated decision-making or profiling activities.
As a user of Clue’s services and website, you may exercise your user rights to:
i. Request information on your personal data processed by Clue. Upon your request, this information will be provided to you electronically. You can contact us to request your information at firstname.lastname@example.org.
ii. Gain access to your information by requesting a backup of your data (as explained in the next section) in a format that is readable by other companies or organizations (data portability).
iii. Correct your personal information and health data in the app settings and in the tracking categories available in the Clue app.
iv. Withdraw your consent from ongoing data processing at any time by deleting your account (as explained in the support section of the app), and/or unsubscribing from our newsletter or other email communications by clicking the link at bottom of the email.
v. Request the complete deletion of your data, including all past data sent to third-party services used for tracking and analysis, by reaching out to email@example.com. Your data will be deleted within 30 days.
vi. Lodge a complaint with the relevant supervising authority if you believe Clue is processing your personal data in violation of applicable data protection regulations.
We apply security measures to protect against misuse, loss, and/or alteration of personal information under our control. We follow industry best practices when transferring and storing your data. Though we cannot ensure or guarantee that misuse, loss or alteration of information will never occur, we use all reasonable efforts to prevent it.
When you create an account with Clue, your personal profile data is stored separately from your cycle tracking data and your service settings. This allows us to ensure the highest possible level of privacy for your cycle information. Your password is stored using one-way encryption ("hashing" plus “salting”) and it cannot be read by us.
Important: Clue uses servers located in the European Union to process and store your personal data.
Your data is transmitted between your device and Clue’s servers using the HTTPS protocol for encryption. HTTPS is the same technology used to create secure connections for your web browser and is indicated by a padlock icon in the URL bar of your browser.
We believe the biggest threat to the security and privacy of your data is if someone—probably someone you know—gains access to any of your devices without your consent. The data you enter into Clue is private and it should stay that way (unless you actively choose to share it - if you are using Clue Connect, for example, regularly review whether that still makes sense for you to share that information with the people you’ve connected). We have outlined some ways to keep your devices secure below.
Protect your Clue account: Activate a unique PIN code or activate TouchID (iPhone 5S-8) for the Clue app. If you share your device with others, activating a unique PIN code or TouchID will ensure you are the only person who can access your Clue data on the device.
Protect your device:
i. Activate either PIN, TouchID (iPhone 5S-8), or FaceID (iPhone X-11) authentication for your device. This automatically encrypts your Clue data and prevents any person from using your device without your permission.
ii. Set up a feature that will allow you to erase all the data from your device if it’s been lost or stolen. For iOS, activating this feature is a two-step process: first, you need to Activate “Find My iPhone” via iCloud (see instructions on Apple Support pages) and then enable “Erase your device” (see instructions on Apple Support pages).
Any personal data collected from you may only be transferred to countries outside the European Union / the European Economic Area (EEA) observing applicable privacy regulations and ensuring that your privacy rights remain protected.
Clue will not exchange any personal data with Apple’s Health app without your prior approval. Approval is given by you in the relevant settings of the Health app or within the Clue app during initial user profile setup or via app settings and can be revoked by you at any time. If you have given your approval, Clue may interact with the Health app on your iOS device and read and/or write information between the Clue app and Health. This may include a transfer of your personal data to Apple servers located outside the European Union.
You can choose if and to what extent your personal data is exchanged between Clue and Health by granting or revoking appropriate permissions in Health app settings. Please refer to the Privacy Information of Apple Health for further information.
Clue uses Facebook Connect to allow our users to create and log in to their Clue account with their Facebook credentials if this is how they prefer to log in. If you sign up for Clue using Facebook, you authorize us to collect your basic profile information from Facebook, such as your name, email address and profile picture.
Clue also allows the use of Apple Sign-In. If you choose to use this Apple service to sign in to Clue, Clue will exchange certain data with Apple, such as Device Data, your IP-address and information you provided to Apple when creating an account with Apple Inc. This may include a transfer of your personal data to Apple servers located outside the European Union. It is your choice if and to what extent you use the Apple Sign-In service and what information you provide to Apple. Absolutely no health data will be exchanged with Apple for the purpose of using the Apple Sign-In Service.
The Clue app and our website also use third-party analysis and tracking services to track the performance of our services, understand how you use our services, and offer you an improved and safer experience.
Information on your usage of our website or of the Clue app may be collected and processed by Clue, or a third party engaged by Clue using a unique identification number assigned to you. Information about your usage will be deleted when this information is no longer required for the purpose collected, and will always be de-identified before sharing with third parties besides those mentioned under Section 6.2 to 6.8.
You may withdraw your consent at any time. The easiest way to withdraw your consent is by disabling cookies on your device (which will also affect your other online activities). Alternatively, you can follow the instructions below for third party service providers that allow you to directly disable their products. Or you can email firstname.lastname@example.org.
For the purpose of tracking the performance of our services and to improve Clue, we use the following third party services:
Google analyzes this information to offer reports for Clue on website usage and online usage of associated services. Under the terms of Google’s analytics service, Google may also transfer this information to third parties, either when this is required by law or when third parties are contracted by Google to process this data. Google will not allow your IP address to be linked to any other personal data. You can prevent cookies from being stored on your computer by changing your browser settings; however, if you choose to do this, your experience when visiting our website or using some of our features may be altered.
By using Clue’s website, you consent to have non-personal data used and processed by Google as described above. You can withdraw consent for this use of your data at any time, but this withdrawal only applies to future activities.
Clue uses a suite of performance analysis and monitoring tools called Firebase, which is provided by Google Inc. Firebase allows us to monitor the overall performance and stability of our apps, identify bugs and prioritize fixes. For this purpose Firebase collects your IP address, device identifier as well as event and usage data related to your use of Clue. This data will be transferred to and stored on a server in the EU and operated by Google Inc.
By using our service, you explicitly consent to the use and processing of your data collected by Google as described above.
Clue uses a data analysis and app engagement service operated by Braze, a company based in the United States, which utilizes device identifiers that are stored on your mobile device and allow us to analyze your use of the Clue app, in order to improve our app features and to communicate with you via in-app messages, push notifications and email. Data concerning your use of the Clue app is stored on a server in the EU operated by Braze, Inc.
By using our service, you explicitly consent to the use and processing of your personal data collected by Braze, Inc. as described above.
Clue uses a data analysis service operated by Amplitude. Amplitude uses device identifiers that are stored on your mobile device and allows us to analyze your use of the Clue app in order to improve our app features. Data concerning your use of the Clue app will be transferred to and stored on a server in the USA operated by Amplitude.
By using our service, you explicitly consent to the use and processing of your data collected by Amplitude as described above. You can prevent your participation in Amplitude’s analysis by emailing us at email@example.com.
Clue uses a data analysis service operated by Apptimize, a company based in the United States, that uses device identifiers that are stored on your mobile device and allows us to analyze your use of the Clue app in order to improve our app features. Data concerning your use of the Clue app will be transferred to and stored on a server in the USA operated by Apptimize Inc.
By using our service, you explicitly consent to the use and processing of your data collected by Apptimize as described above. You can prevent your participation in Apptimize analysis by emailing us at firstname.lastname@example.org.
Clue uses an in-app performance and analysis service by Adjust, a Berlin-based company that helps us understand how our users are interacting with our app and optimize our ad campaigns. Adjust uses your advertising identifier (Apple IDFA on iOS and your Google Play Services ID on Android), and your IP- and MAC addresses modified in such a way that it is not possible to identify you or your mobile device individually to provide these insights to us.
By using our service, you explicitly consent to the use and processing of your data collected by Adjust as described above. You can prevent your participation in Adjust’s analysis by opting out of the tracking under https://www.adjust.com/opt-out/.
Clue uses an app store analysis and optimization service called SearchAdsHQ that is operated by Splitmetrics Inc., a company based in the United States that helps us improve the visibility and conversion of our Apple Search Ads campaigns. SearchAdsHQ uses your advertising identifier (Apple IDFA) in a way that does not make it possible to identify you or your mobile device when providing these insights to us. The data processed by SearchAdsHQ will be transferred to and stored on a server in the USA operated by Splitmetrics Inc.
By using our service, you explicitly consent to the use and processing of your data collected by SearchAdsHQ as described above. You can prevent your participation in SearchAdsHQ’s analysis by emailing us at email@example.com.
Clue uses an ad performance analysis service provided by Appsumer, a company based in the UK. Appsumer allows us to improve the performance of our ad campaigns based on our users' aggregated data. For this purpose, Appsumer uses a mix of device and advertising identifiers as well as event and usage data collected from your mobile device. This data will be transferred to and stored on a server in the EU and operated by Appsumer Ltd.
By using our service, you explicitly consent to the use and processing of your data collected by Appsumer as described above. You can prevent your participation in Appsumer analysis by emailing us at firstname.lastname@example.org.
Clue uses Facebook’s SDK in order to serve ads for Clue on Facebook and Facebook-owned applications such as Instagram and on other third-party websites and in order to better understand our users and optimize the performance of our marketing campaigns.
Clue never shares any data you are tracking in the app (e.g. when you get your period, what symptoms you experience) with Facebook.
By using our service, you explicitly consent to the use and processing of your data as described above. You can withdraw your consent from the use of the Facebook SDK by emailing us at email@example.com.
By using our service, you explicitly consent to the use and processing of your data collected by parse.ly as described above. You can prevent your participation in parse.ly’s analysis by opting out of the tracking under http://srv.config.parsely.com/optout.
Clue uses your personal information, such as your email address to contact you with messages, emails, and newsletters. These include push notifications, in-app messages and emails to deliver health content and occasional promotional materials that may be of interest to you.
You consent to push notifications when you activate Clue’s push notifications on your device settings. You can withdraw your consent at any time. You can unsubscribe from our newsletter by clicking the unsubscribe link at the bottom of the message, and you can disable notifications sent by Clue in your device settings.
Clue may communicate with you via email if you have contacted Clue for questions or support requests in connection with our services or the Clue app. For certain support requests, Clue will have to access and process your personal data, including your health data for the purpose of answering your request. You explicitly provide your consent for the processing of your personal data, including your health data for answering your support request.
In order to provide these services, Clue may forward information such as your email address to third-party providers in order to carry out such newsletter services, surveys or notifications. These providers are Braze Inc. (“Braze”), seated in New York, USA, which may process your email address, name, a user identifier and usage data to send you information and occasional commercial content via in-app message, push notifications and email; Message Systems Inc. (“SparkPost”) seated in San Francisco, USA, which processes names and email addresses as well as the personal information that may be included in transactional emails (e.g “I lost my password” or “verify your Clue account”); Typeform S.L. (“Typeform”), seated in Barcelona, Spain, which may process information from survey forms filled out by you; and WIDGIX LLC dba SurveyGizmo (“SurveyGizmo”), which may process information from science research surveys you participated in. For customer support and communication with you, Clue uses services provided by Slack Technologies Ltd (“Slack”), seated in Dublin, Ireland and Zendesk, Inc. (“Zendesk”) seated in San Francisco, USA.
Clue does not knowingly collect or use personal data from children under the age of 13. By registering to a Clue account you are required to confirm that you are at least 13 years old.
If Clue gains actual knowledge that information has been collected from children under the age of thirteen in the United States contrary to the Children’s Online Privacy Protection Act of 1998 and the regulation thereunder, Clue will not disclose this data and reserves the right to immediately delete the account and wipe all related information, including health and sensitive data of the user, from our servers.
If you are located in the EU, you can only use our services if you are over the relevant age at which you can provide explicit consent to the processing of your data under the laws of your country or if you have the consent of your parent or legal guardian. If you are a parent and learn that your child is using Clue without your permission or if you have any specific question about data privacy at Clue, do not hesitate to get in touch with us at firstname.lastname@example.org.
Clue is made in Berlin, Germany, and the way we handle data meets the high standards set by German and European legal requirements. Clue is made by BioWink GmbH, Adalbertstraße 7-8, 10999 Berlin. Further contact information can be found here. Clue has an appointed data protection officer. Please do not hesitate to reach out to email@example.com if you have any questions.
How Clue and other companies use your data to find new users.