Time and again, we have seen that some of the popular and useful apps we use regularly share our personal data with big companies or businesses out there, so that they can target us better when it comes to ads. And pretty much the same case happened with the Flo App, which was one of the most trusted health apps for women out there. But it all came crashing down, and now we’re seeing this Flo App lawsuit in action. And if you don’t know what the makers of this app are being accused of, then just keep on reading to find out some crucial details of this case.
What Is Flo Health?
Flo Health is an application for a mobile phone that assists its users in keeping records of their menstruation cycles, ovulation periods, fertility data, etc. With more than 165 million downloads, mainly in the United States, one can say that a substantial number of people have counted on it for their personal and private tracking.
The app purported to protect user information and remain confidential. Nevertheless, investigative disclosures indicated that Flo was secretly transmitting sensitive medical information to external, aka third-party businesses, for example, the dates of periods, the tracking of fertility, the recording of sexual activities, the release of mood-related inputs, besides some other data, to companies such as Meta (Facebook) and Google. Without their knowledge, the users were being exploited for ad targeting and data analysis, although their consent was not given.
Which Laws Were Involved?
Several privacy laws came into play when this lawsuit unfolded. Here are the key ones:
- Stored Communications Act (SCA): Protects digital communications and stored user data.
- California Confidentiality of Medical Information Act (CMIA): Safeguards medical data for California residents.
- California Invasion of Privacy Act (CIPA): Prevents unauthorized access or sharing of personal information.
The users, who sued Flo, are in the plaintiffs’ overall group, and they stated that Flo is the cause of these regulations being violated due to passing the data to third parties while assuring users that their private data would not be shared without their consent.
How Did It All Start?
Flo’s secret data-sharing practices were uncovered by a Wall Street Journal investigation in 2019. This led the U.S. Federal Trade Commission (FTC) to step in, conduct an inquiry, and subsequently reach an agreement in 2021 to be reached. The company promised to halt such operations but didn’t acknowledge any fault.
Not long after that, a class action lawsuit in California was initiated. The class action lawsuit was related to all users of the Flo application in the United States, from June 2016 to January 2021. What were the plaintiffs demanding in return? $1,000 for each user, that’s what! With approximately 13 million impacted users, this makes a total of $13 billion the case could go up to.
Over the years, some companies settled and exited the case quietly:
- Flurry settled in March 2025.
- Google followed in July 2025.
Just so you know, though, AppsFlyer was dismissed back in 2022. That left Meta as the last one still facing trial.
What Happened In Court?
Here’s how things played out:
August 1, 2025: Flo Health managed to agree to a settlement away from the court before the jury made its decision. They sent out a message that, while they did not confess to the breach of the law, they were glad that the truth was revealed and that they moved on.
Meta was found by the jury to have breached California privacy laws by acquiring sensitive user data from Flo without the user’s consent, in a verdict announced on August 7, 2025.
It was Meta that negated the accusations, asserting that they had never made a request and had not received sensitive health data knowingly. However, the judge was thinking differently, and as a result, Meta might be encountering major monetary penalties if they fail to proceed further.
