Yes, the Flo Period Tracker settlement is real and significant. In August 2025, Flo Health agreed to pay $8 million as part of a $59.5 million settlement after a California jury found that Meta (Facebook) violated the state’s privacy laws by collecting sensitive health data from millions of women through the app without their explicit consent. Google is paying $48 million to settle the same claims.
For nearly a decade, women who used Flo to track their menstrual cycles, contraception use, and sexual activity had that intimate data shared with major tech companies—the very data Flo promised would remain private and never be sold to third parties. The case represents a landmark moment in digital privacy litigation. A California jury ruled in August 2025 that Meta’s collection of women’s health information violated the California Invasion of Privacy Act, even though that data came from the app itself. The settlement means potentially millions of Flo users may be eligible for compensation, though the actual payout per person remains unclear and typically falls far below the headline settlement amount.
Table of Contents
- HOW DID FLO SHARE YOUR PRIVATE HEALTH DATA WITH TECH GIANTS?
- THE HIDDEN REALITY BEHIND APP PRIVACY POLICIES
- WHO EXACTLY IS ELIGIBLE FOR THIS SETTLEMENT?
- HOW TO CHECK IF YOU’RE ELIGIBLE AND CLAIM YOUR MONEY
- WHAT THIS SETTLEMENT MEANS FOR APP PRIVACY GOING FORWARD
- THE CALIFORNIA INVASION OF PRIVACY ACT AND WHY FLOS SETTLEMENT WAS SO LARGE
- WHAT HAPPENS NEXT FOR FLO USERS AND THE BROADER PRIVACY LANDSCAPE
- Conclusion
HOW DID FLO SHARE YOUR PRIVATE HEALTH DATA WITH TECH GIANTS?
Flo Health embedded software development kits (SDKs)—essentially small programs from Meta, Google, and other companies—directly into its period tracking app. These SDKs collected detailed information about when women were menstruating, using contraception, engaging in sexual activity, and seeking fertility information. The data was transmitted to these tech companies in real time, often without users understanding what was happening behind the scenes.
The mechanism was technical but the impact was personal. When a woman opened the Flo app and logged her menstrual cycle or marked herself as trying to conceive, that information didn’t stay on her phone or even on Flo’s servers—it went to Meta and Google. Meanwhile, Flo’s privacy policy and marketing materials repeatedly assured users that their data was confidential and would never be shared with third parties without explicit consent. This disconnect between what Flo promised and what Flo actually did became the centerpiece of the lawsuit.
THE HIDDEN REALITY BEHIND APP PRIVACY POLICIES
What makes this case particularly troubling is that many people never realized their data was being shared at all. Privacy policies are notoriously dense, and even when SDKs are disclosed in the fine print, most users don’t understand what SDKs actually do. The average woman using Flo to track her period wasn’t expecting her intimate health information to become a data point in Meta’s or Google’s advertising profiles. A limitation of privacy litigation is that settlements rarely prevent the same practice from happening with other apps—dozens of period-tracking and health apps continue operating with similar data-sharing arrangements today.
The jury’s ruling against Meta was particularly significant because it established that receiving data from a third party (Flo) doesn’t excuse the tech company from privacy law violations when that data involves sensitive health information. Meta’s defense essentially argued that they weren’t collecting the data themselves, so California privacy laws didn’t apply. The jury disagreed. This sets a precedent that downstream tech companies can’t hide behind claims of innocence when they’re receiving streams of intimate data they know or should know is sensitive.
WHO EXACTLY IS ELIGIBLE FOR THIS SETTLEMENT?
The settlement applies to anyone who used the Flo app at any time during the class period covered by the lawsuit. This means millions of women globally, though the lawsuit was filed in California and primarily involves U.S. users. The exact membership of the settlement class will be determined through the claims process—users had to file claims to receive a share of the settlement money.
The challenge is that proving you used the app requires finding evidence, such as old app store receipts, email confirmations, or account records. For Flo users who saved their data or have account information, claiming should be straightforward. For those who deleted the app long ago and can’t access old emails, the process becomes harder. Some settlement claims are still being processed, and the average payout per claimant has historically been modest—often in the range of $5 to $50 per person for settlements this large. A woman who used Flo daily for years to track reproductive health would receive the same payout as someone who tried the app once, which is a notable limitation of how class-action settlements distribute funds.
HOW TO CHECK IF YOU’RE ELIGIBLE AND CLAIM YOUR MONEY
If you used the Flo app between the class period dates specified in the settlement (typically covering several years prior to the lawsuit filing), you’re likely eligible. The first step is to visit the official settlement website to check your eligibility and file a claim form. You’ll need to provide evidence of use, such as an email address associated with the app, app store purchase history, or account information. The claims process typically remains open for 6 to 12 months after the settlement is finalized, though deadlines vary.
One important distinction: this settlement compensates those affected by the data sharing that already occurred. It’s not a refund for app purchase fees or subscription charges, but rather compensation for the privacy violation itself. The real tradeoff of settling is that Flo and Meta agreed to this payment while avoiding admission of guilt or ongoing liability. Once the settlement is finalized and people collect their claims, the legal matter concludes, and future privacy complaints about these companies would require separate lawsuits.
WHAT THIS SETTLEMENT MEANS FOR APP PRIVACY GOING FORWARD
The Flo settlement doesn’t fundamentally change how most health apps operate, which is an important limitation to understand. The settlement penalizes these specific companies for these specific practices, but similar data-sharing arrangements continue with other period-tracking apps, fertility apps, and health apps. Privacy advocates have criticized class-action settlements as too lenient because they typically allow companies to pay money without changing their underlying business practices—a company can afford to pay $8 million once as a cost of doing business if it profits far more from selling advertising access.
The bigger warning for app users is that many applications operate with business models that depend on harvesting and monetizing user data. If an app is free, its revenue often comes from selling your data or selling access to your profile to advertisers. This is particularly concerning in health apps, where the information is sensitive and could be used for discrimination (insurance companies charging more, employers making hiring decisions, advertisers targeting vulnerable populations). The Flo case is one of relatively few that resulted in significant financial consequences for the tech company receiving the data.
THE CALIFORNIA INVASION OF PRIVACY ACT AND WHY FLOS SETTLEMENT WAS SO LARGE
The jury verdict was made possible partly because the case proceeded under California’s Invasion of Privacy Act (CIPA), which allows for damages of up to $100 per violation per user per day. With millions of users and data shared repeatedly over years, the potential liability quickly becomes enormous. This is why the settlement reached $59.5 million—it reflects the scale of potential damages under California law, not what Meta and Flo expected to pay in a typical privacy settlement.
Other states have weaker privacy laws, which is why most privacy violations affecting Americans don’t result in major settlements. Someone in Texas or Florida using the same app might have less legal recourse. This creates a perverse incentive where tech companies pay attention primarily to California-based privacy violations while continuing practices in other states.
WHAT HAPPENS NEXT FOR FLO USERS AND THE BROADER PRIVACY LANDSCAPE
The settlement was reached in August 2025, but the full resolution took time as the claims process unfolded. Users who haven’t yet filed claims should do so before deadlines pass, as unclaimed settlement money doesn’t return to affected users—it typically goes to charities or cy pres recipients designated by the court. The Flo case will likely be cited in future privacy litigation as evidence that health-related data sharing violates consumer privacy expectations, even when disclosed in dense privacy policies.
Looking ahead, the landscape for app privacy remains fragmented. Stronger federal privacy legislation could establish baseline protections across all states, but the tech industry has lobbied successfully against broad federal privacy laws. Until that changes, privacy protections depend largely on state laws and class-action litigation, which means California-based companies and California residents will continue to have stronger protections than those elsewhere.
Conclusion
The Flo Period Tracker settlement demonstrates that women’s intimate health information was collected and shared with major tech companies in ways that contradicted Flo’s privacy promises. The $59.5 million settlement—with Google paying $48 million and Flo Health paying $8 million—compensates affected users, though individual payouts are typically modest. If you used Flo at any point, checking your eligibility and filing a claim is worthwhile, but the process requires action on your part.
This case matters beyond Flo because it establishes that tech companies face real consequences for violating privacy laws when handling sensitive health data. However, it also reveals the limitations of class-action settlements in forcing meaningful change across the app industry. Many similar apps continue operating with comparable data-sharing arrangements, and stronger privacy protections depend on either stricter regulations or continued litigation holding companies accountable.