SAN FRANCISCO (CN) — Period tracking app Flo announced its settlement Thursday in a class action over claims the company shared users’ private health information with third parties, including Meta, without permission.
The plaintiffs sought billions of dollars in damages for legal fees and invasion of privacy claims, as well as punitive damages.
In a statement, Flo Health, which operates the app, said the settlement includes no admission of wrongdoing and that the terms are subject to final court approval.
“We have always maintained that the claims lacked merit, and as the case progressed, the lack of evidence to support these allegations became increasingly clear in court,” it wrote in the statement. “… We can now put the matter behind us so we can continue to focus on serving our customers and delivering our mission to advance the future of women’s health.”
Attorneys for the plaintiffs could not immediately be reached for comment. The trial continues Friday with plaintiffs and Meta delivering closing arguments.
A class of app users sued the company in 2021, claiming it improperly shared personal identifying information and private health data with third parties, including fellow defendants Facebook (now known as Meta), Google, ad analytics company AppsFlyer and defunct analytics company Flurry.
Earlier this month, Google said it had reached a settlement in principle with the class. Flurry settled with the users in March, and the class voluntarily dismissed its claims against AppsFlyer in 2022.
Flo launched its app in 2016 to help users track their periods, ovulation and pregnancy. Users interested in tracking their menstrual cycle or fertility can download the app and answer a series of questions about their cycle, including date and length of their last period.
The app also helps users document multiple factors that may influence their menstrual cycle or fertility, including their mood, symptoms and sexual activity.
The plaintiffs argued that Flo shared sensitive health data and misled users about sharing data with third parties, and that Meta violated the California Invasion of Privacy Act. They also argued that Flo should be considered a health application and should therefore be found to have violated the California Confidentiality of Medical Information Act.
On Wednesday, U.S. District Judge James Donato said he would likely throw out the California Confidentiality of Medical Information Act claim, calling the lack of evidence an “insurmountable problem.”
“I see virtually no evidence, zero evidence, to go forward,” the Barack Obama appointee said.
The jury will now have to decide if Meta violated the California Invasion of Privacy Act.
Meta says it never received the plaintiffs’ confidential communications, let alone eavesdropped or recorded them.
The plaintiffs focused on Flo’s use of software development kits (SDKs), which are prewritten bits of code developers use to build apps and track analytics offered by third parties such as Meta and Google.
They claim Meta received sensitive health information through 12 “custom app events” used in the SDK with names such as “R_SELECT_LAST_PERIOD_DATE” and “R_SELECT_CYCLE_LENGTH.”
Meta denies it received users’ sensitive health information through SDKs, claiming that when users interacted with the app, Meta only received the custom app event and the value “known” or “unknown.”
Subscribe to our free newsletters
Our weekly newsletter Closing Arguments offers the latest about ongoing trials, major litigation and rulings in courthouses around the U.S. and the world, while the monthly Under the Lights dishes the legal dirt from Hollywood, sports, Big Tech and the arts.


