After Roe was overturned, women panicked about period tracker data being used as evidence. Stardust surged — 200,000 downloads in days — promising privacy. Researchers found it sharing data with analytics companies, including device identifiers linkable to individuals. The app women downloaded to protect themselves was doing exactly what they feared. Stardust said they added encryption after being caught sharing data. Researchers found the encryption was incomplete — metadata still leaked. When you open a period tracker and how often still reveals whether you missed a period. The data you are trying to protect is betrayed by the pattern of protecting it.
What they claim: Stardust surged in popularity after Roe v. Wade was overturned, promoting itself as a privacy-focused period tracker
What we found: After the Dobbs decision, Stardust marketed itself as the private period tracker — gaining 200,000 downloads in days. Washington Post and Consumer Reports analyses found Stardust was sharing user data with third-party analytics, including a unique device identifier that could be linked to individual users. The app that promised safety in a post-Roe world was sharing intimate reproductive data.
What they claim: Stardust claimed end-to-end encryption after the Dobbs decision
What we found: After media exposed Stardust sharing data with analytics firms, the company claimed it had implemented end-to-end encryption. Security researchers found the implementation was incomplete — metadata including login times, session duration, and device identifiers were still transmitted to third-party services. The core cycle data may be encrypted, but the pattern of when you open a period tracker still reveals the information you are trying to protect.