Flo App Lawsuit, Meta Guilty in $59.5M Privacy Case After Period Tracker Shared Intimate Data — File Your Settlement Claim Now

ByAll About Lawyer Reading Time: 15 minutes

A California federal jury found Meta guilty on August 1, 2025, of violating the California Invasion of Privacy Act by intentionally intercepting intimate reproductive health data from Flo Period & Ovulation Tracker app users without consent—including period dates, sexual activity, pregnancy status, and masturbation habits. Flo Health, Google, and Flurry settled for $59.5 million in September 2025 after promising users their data would remain “private and confidential” while secretly embedding software development kits (SDKs) that transmitted sensitive information to Meta and other tech giants for targeted advertising. Meta chose to fight the allegations in court and lost, facing potential damages of up to $5,000 per violation under California law.

How Do You File a Claim for the Flo Settlement?

Settlement Website: www.PeriodTrackerDataPrivacyLitigation.com

Notice Administrator Contact:

Users should visit the settlement website or contact the Notice Administrator to determine eligibility and obtain claim forms. Additional information about the class action lawsuit and settlement can be found by downloading Notice forms available on the settlement website.

What Is the Flo App Lawsuit About?

The Flo app lawsuit—formally Frasco v. Flo Health, Inc., Case No. 21-CV-00757-JD filed in U.S. District Court for the Northern District of California—alleges that Flo Health, the developer of the #1 women’s health app downloaded over 180 million times with 38 million active monthly users, violated user privacy by collecting and sharing intimate reproductive health data with Meta (Facebook), Google, and analytics companies through hidden tracking tools embedded in the app.

Lead plaintiff Erica Frasco filed the class action in 2021 after The Wall Street Journal’s 2019 exposé revealed Flo was transmitting users’ most sensitive health information to Facebook for advertising purposes despite explicit privacy promises. The lawsuit consolidated multiple complaints and alleged fourteen claims including breach of contract, invasion of privacy, violation of California’s Confidentiality of Medical Information Act (CMIA), and wiretapping under California Invasion of Privacy Act Section 632.

Flo App Lawsuit, Meta Guilty in $59.5M Privacy Case After Period Tracker Shared Intimate Data — File Your Settlement Claim Now

Is There a Settlement and How Much?

Yes. Flo Health, Google, and Flurry settled for $59.5 million in September 2025.

Before the jury reached its verdict against Meta, three defendants chose to settle:

  • Google settled before trial began
  • Flurry (analytics company) settled before trial began
  • Flo Health settled on July 31, 2025, amidst the trial—one day before the jury verdict against Meta

In September 2025, details of the combined settlement were provided to the court showing the total settlement amount of $59.5 million covers Flo Health, Google, and Flurry’s alleged privacy violations.

Meta chose not to settle and instead fought the allegations in court, losing the jury trial. Meta now faces potential damages of up to $5,000 per violation under California Invasion of Privacy Act provisions—potentially exposing the company to substantial financial liability given the millions of Flo users affected.

Who Is Eligible for the Flo App Settlement?

You may be eligible for compensation if you:

  • Used the Flo Period & Ovulation Tracker app between November 1, 2016, and February 28, 2019
  • Entered menstruation and/or pregnancy information into the app during that timeframe
  • Resided in the United States (for the nationwide class) or California (for additional claims)

The certified classes potentially include millions of Flo app users who had their intimate reproductive health data shared with Meta, Google, and other third parties without consent.

What Is the Timeline of the Flo App Privacy Scandal?

2015: Flo Health app developed in Belarus to track menstrual cycles.

November 1, 2016: Data sharing period begins—Flo embeds Meta, Google, and Flurry SDKs into app, secretly transmitting user health data.

2017: Lead plaintiff Erica Frasco downloads Flo app and begins entering intimate health information.

February 28, 2019: Data sharing period covered by lawsuit ends.

2019: The Wall Street Journal exposes Flo’s data sharing practices with Facebook, revealing the app was transmitting intimate reproductive health data to the tech giant.

2021: Federal Trade Commission (FTC) investigates Flo Health. Flo settles with FTC by agreeing to obtain users’ affirmative consent before sharing health data and to notify users of past disclosures.

January 29, 2021: Class action lawsuit Frasco v. Flo Health, Inc., et al. officially filed in U.S. District Court for the Northern District of California.

October 12, 2021: Judge James Donato appoints Labaton Keller Sucharow as co-lead counsel, consolidating multiple lawsuits against Flo Health, Meta, Google, and analytics firms.

May 19, 2025: Court certifies nationwide class and California subclass. Court also denies summary judgment motions filed by Flo Health, Meta, and Google.

July 21, 2025: Trial begins in San Francisco federal courthouse.

July 31, 2025: Flo Health settles claims against them under CMIA, one day before jury verdict.

August 1, 2025: Jury finds Meta liable for violating California Invasion of Privacy Act, ruling Meta intentionally eavesdropped on users without consent.

August 7, 2025: Verdict form officially filed in court. Meta announces it will appeal.

September 2025: Settlement details revealed—Flo Health, Google, and Flurry agree to pay $59.5 million combined to resolve all claims.

October 2025: Case continues with damages phase against Meta pending, as Meta petitions court to overturn jury verdict.

What Privacy Violations Occurred?

Flo Health made “repeated assurances that the information provided would remain private and confidential and would not be shared with any third parties, unless the user provided explicit consent,” according to court documents. However, Flo embedded software development kits (SDKs) from Meta, Google, and Flurry—bundles of code that automatically transmit data back to third parties when users download the app.

What Data Was Collected Without Consent:

  • Menstrual cycle dates and symptoms
  • Pregnancy status and plans to conceive
  • Sexual activity timing and frequency
  • Masturbation habits
  • Birth control methods and satisfaction
  • Mood swings and emotional states
  • Gynecological health details
  • General health and wellbeing information

The lawsuit alleges this data sharing violated users’ reasonable expectation of privacy, as ordinary users would not expect intimate health information entered into a medical tracking app to be shared with advertising companies.

How Did Flo Share User Data with Meta?

Flo Health incorporated Meta’s SDK directly into the Flo app code. When users downloaded the app and answered personal health questions, the SDK automatically transmitted this information to Meta’s servers through what plaintiffs argued was illegal interception of private communications between users and Flo’s servers.

According to court filings, the data was sent via “custom app events” through the embedded SDKs—a standard practice in websites and apps to track individuals for marketing purposes. While Meta claimed any health data transmission violated their developer terms prohibiting sensitive information, the jury found Meta intentionally eavesdropped on and recorded users’ confidential communications.

The sharing occurred between November 1, 2016, and February 28, 2019—a period during which Flo repeatedly assured users their data would remain confidential.

What Personal Health Data Was Compromised?

The scope of compromised data reveals shocking intimacy. When users download Flo, they are asked to enter personal data and answer a series of personal questions about their sexual health, gynecological health, general health and well-being, and menstruation cycles. As they continue using the app, they provide further sensitive information including:

  • When they have their period
  • If they have had sex
  • Whether they masturbated
  • Birth control preferences
  • Pregnancy attempts and outcomes
  • Mood fluctuations tied to menstrual cycles
  • Physical symptoms and discomfort levels
  • Sexual satisfaction and romantic relationship details

Plaintiffs presented evidence that this data contained device identifiers or app-instance identifiers that could be re-linked to individual users, despite defendants’ claims the information was “de-identified” and thus not personal.

Who Is Suing Flo Health and Why?

Lead plaintiff Erica Frasco, who downloaded the Flo app in 2017, filed the class action lawsuit representing millions of Flo users who had their intimate health data shared without consent. The lawsuit consolidated multiple complaints filed by Flo users across the United States.

Labaton Keller Sucharow was appointed as co-lead counsel on October 12, 2021, by Judge James Donato. Lead trial lawyers Michael Canty and Carol Villegas stated after the verdict: “This verdict sends a clear message about the protection of digital health data and the responsibilities of Big Tech. Companies like Meta that covertly profit from users’ most intimate information must be held accountable.”

Flo App Lawsuit, Meta Guilty in $59.5M Privacy Case After Period Tracker Shared Intimate Data — File Your Settlement Claim Now

What Is the Class Action Status?

On May 19, 2025, the Court certified two classes:

Nationwide Class (CMIA, breach of contract, and intrusion upon seclusion claims against Flo): All Flo App users in the United States who entered menstruation and/or pregnancy information into the Flo Health App between November 1, 2016 and February 28, 2019, inclusive.

California Subclass (California Constitutional invasion of privacy claim against Flo, and CIPA Section 632 claim against Meta and Google): All Flo App users in California who entered menstruation and/or pregnancy information into the Flo Health App while residing in California between November 1, 2016, and February 28, 2019, inclusive.

Excluded from the classes are judges, magistrates, defendants, defendants’ subsidiaries, parents, successors, predecessors, and any entity in which defendants or their parents have a controlling interest.

What Was the Flo Meta Verdict?

The jury trial began July 21, 2025, in the United States District Court, Northern District of California, San Francisco Courthouse. On August 1, 2025, the jury reached a unanimous verdict finding Meta liable for violating the California Invasion of Privacy Act.

The jury answered three critical questions:

Question 1: Did plaintiffs prove, by a preponderance of the evidence and in accordance with the instructions given to you, that Meta intentionally eavesdropped on and/or recorded their conversation by using an electronic device? Answer: YES

Question 2: Did plaintiffs prove, by a preponderance of the evidence and in accordance with the instructions given to you, that they had a reasonable expectation that the conversation was not being overheard and/or recorded? Answer: YES

Question 3: Did Meta have the consent of all parties to intercept the communications? Answer: NO

This marked one of the first instances of a wiretap claim making it all the way to a jury decision against a Big Tech firm, setting a potentially precedential example for how courts will handle similar privacy violations.

What Evidence Was Presented About Meta’s Data Collection?

Software Development Kits (SDKs): Plaintiffs presented technical evidence showing Meta’s SDK was embedded directly into the Flo app code, automatically transmitting user data to Meta’s servers when users entered health information.

Custom App Events: Documentation showed Flo sent “custom app events” through Meta’s SDK containing sensitive reproductive health data tied to device advertising identifiers.

Lack of Disclosure: Evidence demonstrated Flo’s privacy policy and user communications repeatedly promised data would remain “private and confidential” and would not be shared with third parties without explicit consent, yet the SDKs operated invisibly to users.

Device Identifiers: Plaintiffs proved the supposedly “de-identified” data contained device or app-instance identifiers that could reasonably be re-linked to individual users, making the information personal and sensitive under California law.

FTC Settlement: The 2021 FTC settlement against Flo Health served as evidence that even regulators found Flo’s data sharing practices violated user trust and required corrective action.

How Did Meta Defend Against the Allegations?

Meta maintained throughout the trial that “The plaintiffs’ claims against Meta are simply false. User privacy is important to Meta, which is why we do not want health or other sensitive information and why our terms prohibit developers from sending any.”

Meta’s Three Main Defenses:

Developer Terms Violation: Meta argued that if sensitive health data was transmitted, it was due to Flo acting outside of Meta’s rules, not intentional interception by Meta. Meta’s developer terms do indeed forbid app makers from sending health or sensitive data, and Flo’s transmission would have violated those terms.

User Consent: Meta claimed users consented to any data collection that occurred. The company pointed out that Flo users, like all Facebook users, agree to Meta’s terms of service and privacy policy, which says Meta may receive data about users’ activities in third-party apps. By this logic, users were aware their Flo app interactions could be shared with Meta for analytics or ads.

De-identified Data: Meta contended the data sent was pseudonymized—tied to device advertising IDs rather than names—downplaying the privacy intrusion and arguing it wasn’t truly personal information.

The jury rejected all three defenses, finding Meta intentionally eavesdropped on confidential communications without user consent.

What Is the Current Status of the Lawsuit?

Against Meta: The jury verdict finding Meta liable was filed August 7, 2025. Damages have not yet been determined. Meta has announced it will appeal the verdict and has petitioned the court to overturn the jury’s decision. Under CIPA, Meta faces potential damages of up to $5,000 per violation, which could result in substantial financial liability given millions of affected Flo users.

Against Flo, Google, and Flurry: All three defendants settled for a combined $59.5 million in September 2025. The settlement is in the claims administration phase, with the Notice Administrator accepting inquiries and claim forms from eligible class members.

Settlement Distribution: The timeline for settlement payments and final approval has not been publicly disclosed, but eligible class members can contact the Notice Administrator for updates.

What Do Privacy and Legal Experts Say?

Lead Trial Lawyers Michael Canty and Carol Villegas (Labaton Keller Sucharow): “This verdict sends a clear message about the protection of digital health data and the responsibilities of Big Tech. Companies like Meta that covertly profit from users’ most intimate information must be held accountable.”

Consumer Reports: “Reproductive healthcare data is some of the most sensitive data that exists, revealing intimate details about an individual’s health and lifestyle. Allowing tech giants to target ads based on it is a particularly upsetting violation of user trust. It’s as compelling a reason as any to delete your data.”

Privacy Law Experts: Legal analysts note this case represents one of the first successful wiretap claims against a major tech company, potentially setting precedent for how courts handle SDK-based data collection. The verdict validates that users have a reasonable expectation of privacy for health data entered into medical tracking apps, even when those apps are free.

Almeida Law Group: “The period tracker privacy case may be the tip of the iceberg when it comes to future violations in consumer data sharing. Cases like the Flo Health lawsuit make it plain that additional pressure is mounting for legislative reform and stronger consumer protections.”

What Are Similar Cases Against Period Tracking Apps?

The Flo lawsuit is part of a broader wave of privacy litigation against health apps:

Hundreds of Class Action Lawsuits: Class action suits have been filed over the use of tracking tools on websites and health apps, with a flurry of settlements in recent weeks. Most defendants opt to settle rather than risk jury verdicts like the Meta ruling.

Post-Roe Privacy Concerns: After the U.S. Supreme Court removed the constitutional right to abortion in June 2022, women’s menstrual health tracking became an area of particular contention. In 2022, Meta came under scrutiny for providing police with private message data between a mother and daughter planning medication to abort a pregnancy.

Wearable Device Concerns: A recent National Heart, Lung, and Blood Institute study shows almost 1 in 3 Americans now use wearable devices like smartwatches or rings for health monitoring, creating additional risks for sensitive data sharing beyond period tracking apps.

SDK-Based Tracking Epidemic: The Flo case highlights widespread practices of embedding third-party SDKs, pixels, analytics, or advertising tools that transmit sensitive data to external parties, exposing both app developers and third-party recipients to liability.

What Are the Broader Privacy Implications?

Health App Data Not Protected by HIPAA: Most consumer health apps like Flo are not covered by HIPAA (Health Insurance Portability and Accountability Act) because they are not healthcare providers, health plans, or healthcare clearinghouses. This leaves users vulnerable to data sharing practices that would be illegal for doctors or hospitals.

Implicit Consent Insufficient for Sensitive Data: The verdict establishes that for sensitive health data, implicit consent through general terms of service is insufficient under California law. Affirmative user consent—such as requiring users to actively check a box before proceeding—is now highly recommended for health apps.

Device-Linked Data Remains Personal: Even without names or email addresses, health data tied to device identifiers may still be considered personal and sensitive if such data could reasonably be re-linked to an individual.

SDK Liability Risk: Embedding software development kits, pixels, or analytics/advertising tools that transmit sensitive data to external parties can expose both the app developer and the third party to liability, even if the third party’s terms prohibit such data transmission.

Legislative Reform Pressure: Legal experts note mounting pressure for legislative reform and stronger consumer protections, especially as intrusive health tracking technology expands and surveillance potential grows.

How Can You Protect Your Health Data?

Delete Your Data from Flo:

  • Send email to [email protected] requesting Flo delete your account and all associated data
  • Include the email address you used to sign up
  • Deactivate or delete your account via settings in the app
  • Send separate email as a legal data deletion request (different from account deactivation)

Opt Out of Data Sharing:

  • Email Flo requesting they stop sharing or selling your data immediately
  • Specifically mention the recent lawsuit in your request
  • Use Consumer Reports’ Permission Slip app to send data deletion or opt-out requests for free

Review Privacy Policies:

  • Check if health apps explicitly state they will not share data with third parties
  • Look for affirmative consent requirements before data sharing
  • Avoid apps with vague privacy policies or those that require broad consent

Consider Alternative Tracking Methods:

  • Use offline period tracking methods (paper calendars, journals)
  • Choose apps with strong privacy commitments and no SDK integrations
  • Research apps’ data sharing history before downloading

Report Privacy Violations:

  • File complaints with the FTC if you suspect health data misuse
  • Contact privacy advocacy organizations like Consumer Reports
  • Consider joining class action lawsuits when they arise

Related Legal Resources

For more information on privacy violations and data breach litigation:

Frequently Asked Questions About Flo App Lawsuit

What is the Flo app lawsuit about? 

The Flo app lawsuit (Frasco v. Flo Health, Inc.) is a class action filed in 2021 alleging that Flo Health secretly shared users’ intimate reproductive health data—including period dates, sexual activity, pregnancy status, and masturbation habits—with Meta (Facebook), Google, and analytics companies through hidden tracking tools embedded in the app, violating user privacy and California law despite promises that data would remain “private and confidential.”

How did Flo share my data with Meta? 

Flo embedded Meta’s software development kit (SDK) directly into the app code. When you downloaded Flo and entered health information, the SDK automatically transmitted this data to Meta’s servers through “custom app events”—invisible to users and operating without explicit consent. The jury found Meta intentionally eavesdropped on these confidential communications.

Is there a Flo app settlement and how much? 

Yes. Flo Health, Google, and Flurry settled for a combined $59.5 million in September 2025. Meta chose to fight the case in court and lost the jury trial on August 1, 2025, facing potential damages of up to $5,000 per violation under California law—potentially billions of dollars given millions of affected users.

Am I eligible for the Flo settlement compensation? 

You may be eligible if you used the Flo Period & Ovulation Tracker app between November 1, 2016, and February 28, 2019, and entered menstruation and/or pregnancy information during that period. Contact the Notice Administrator at [email protected] or call (866) 778-9626, or visit www.PeriodTrackerDataPrivacyLitigation.com for claim forms.

What was the verdict in the Flo Meta lawsuit? 

On August 1, 2025, a California federal jury unanimously found Meta violated the California Invasion of Privacy Act by intentionally eavesdropping on Flo users’ confidential health communications without consent. The jury ruled users had a reasonable expectation of privacy and that Meta lacked consent to intercept the communications—one of the first successful wiretap claims against a Big Tech firm.

What personal health data did Meta receive from Flo? 

Meta received intimate reproductive health data including menstrual cycle dates, pregnancy status and plans, sexual activity timing and frequency, masturbation habits, birth control methods, mood swings, gynecological health details, and general health information. This data was tied to device identifiers that could be re-linked to individual users.

How do I file a claim for the Flo app settlement? 

Visit www.PeriodTrackerDataPrivacyLitigation.com to access claim forms and determine eligibility, or contact the Notice Administrator at [email protected] or (866) 778-9626. Download the Notice forms from the settlement website and follow the instructions for filing your claim before any applicable deadlines.

Disclaimer: This article provides factual information about the Flo app lawsuit and privacy violations based on publicly available court documents and news reports. It is for educational purposes only and does not constitute legal advice. Case details are based on allegations, court filings, and jury verdicts. Meta denies the allegations and has announced it will appeal. For legal advice regarding your specific situation or settlement claim, please consult with a qualified attorney.

About the Author

Sarah Klein, JD

Sarah Klein, JD, is a licensed attorney and legal content strategist with over 12 years of experience across civil, criminal, family, and regulatory law. At All About Lawyer, she covers a wide range of legal topics — from high-profile lawsuits and courtroom stories to state traffic laws and everyday legal questions — all with a focus on accuracy, clarity, and public understanding.
Her writing blends real legal insight with plain-English explanations, helping readers stay informed and legally aware.
Read more about Sarah

Leave a Reply

Your email address will not be published. Required fields are marked *