Case Study · Femtech Privacy & Brand · Health Apps · 2015-2024

Flo Health (2015-2024): the period-tracking app that built 100+ million users, settled an FTC privacy complaint, and faced sustained data-sharing scrutiny

Flo Health was founded in 2015 by Yuri and Dmitry Gurski with a thesis that period-and-fertility tracking was an under-served category for digital health-app development. By 2024 the Flo app had over 100 million users globally, making it one of the largest femtech apps in the world. A 2024 Series C funding round raised $200 million at an implied valuation above $1 billion. The commercial trajectory was complicated by sustained privacy-and-data-sharing scrutiny. A 2019 Wall Street Journal investigation revealed that Flo had been sharing sensitive health-and-fertility data with Facebook, Google, and other third-party marketing-and-analytics services despite explicit privacy promises to users. The FTC investigation that followed produced a January 2021 settlement requiring Flo to obtain user consent before sharing health data, conduct independent privacy reviews, and notify affected users. Subsequent class-action litigation has produced additional settlements. The case is the structural example in femtech and health-app categories of how privacy-and-data-handling can undermine commercial trajectories even when the underlying product has strong user engagement.

TL;DR — the quick read

Story: Flo Health was founded in 2015 and grew to 70M+ monthly active users by 2024 as the leading FemTech (women's health technology) platform. Flo faced a 2021 FTC settlement over alleged data-sharing with Facebook and Google. The 2022 Dobbs decision raised additional data-privacy concerns about FemTech apps. Flo raised $200M Series C in July 2024 at $1B+ valuation.
Why it matters: Flo Health is the defining FemTech category reference — demonstrating that consumer-health-data businesses can build category leadership while operating under sustained regulatory attention.
Takeaway: Consumer-health-data businesses operate under stricter expectations than general consumer technology — users share information they wouldn't share with general apps.
Takeaway: Standard mobile-app analytics integrations (Facebook SDK, Google Analytics) may share data with third parties in ways that contradict stated privacy commitments.
Takeaway: Regulatory attention can be sustained over years even with cooperation — ongoing privacy-program investment is required, not just one-time compliance.

STAR framework

Flo Health FemTech — the four-step story

Situation

Period and ovulation tracking apps emerged as a consumer-health category in the early-to-mid 2010s. Multiple apps competed including Flo, Clue, Glow, and others. Privacy practices across the category were not well-scrutinized at the time.

Task

Build a leading FemTech consumer platform while managing privacy practices and increasingly significant regulatory attention.

Action

Built product with clean interface, educational content, engagement features. Aggressive user acquisition. 2021 FTC settlement over data-sharing allegations. Post-2022 Dobbs decision launched 'Anonymous Mode' and additional privacy features. Raised $200M Series C in July 2024.

Result

70M+ monthly active users globally by 2024. Leading FemTech consumer platform. $1B+ valuation in July 2024. Continued category leadership despite sustained regulatory attention. Category-wide privacy practices evolution influenced by Flo case.

By the Numbers

Flo Health by the numbers

Flo founded

Belarus (now London)

Source: Flo company history

0M+

Monthly Active Users

2024 globally

Source: Flo disclosures

FTC settlement

Over alleged data-sharing

Source: FTC records

Dobbs decision

Increased FemTech privacy attention

Source: Court records

$0M

Series C funding

July 2024

Source: Flo announcement

$0B+

2024 valuation

Series C valuation

Source: Flo announcement

Quick facts

CompanyFlo Health, Inc.

FoundersYuri Gurski and Dmitry Gurski (brothers)

Founded2015 (in Belarus; subsequently incorporated internationally)

HeadquartersLondon, UK (current)

App users (2024)100+ million globally

Series C funding (2024)$200 million at implied valuation above $1 billion

Implied unicorn valuation milestone2024 with the Series C round

Product categoryPeriod-and-fertility tracking with broader women’s-health features (cycle prediction, pregnancy tracking, health-symptom logging)

Wall Street Journal investigationFebruary 2019 — revealed Flo was sharing sensitive health data with Facebook, Google, AppsFlyer, Flurry, and others

FTC complaintFiled January 2021 alleging Flo misled users about data-sharing

FTC settlementJanuary 2021 (proposed); June 2021 (finalized)

FTC settlement requirementsObtain user consent before sharing health data; independent privacy review; user notification of disclosure; instruction to third parties to destroy data

Class-action litigation~$3.5 million settlement (US-based class action); Canadian class action also proceeded; Meta-eavesdropping allegations continued through 2025

Honest note

User-count, valuation, and funding figures are from press reporting (TechCrunch, MobiHealthNews, Sky News). The FTC complaint and settlement details are from the FTC’s own published press releases and case documents. The Wall Street Journal investigation that triggered the FTC action is widely cited but the original article is behind a paywall; most subsequent coverage paraphrases the WSJ findings. The 100+ million user figure is from company communications and may include cumulative downloads rather than monthly-active users.

How Flo Health built the product

Flo Health was founded in 2015 in Belarus by Yuri and Dmitry Gurski. The company built a period-and-fertility tracking app with strong product-quality features: algorithmic cycle prediction, symptom logging, fertility-window estimation, pregnancy tracking, and a health-content library. The product was free-with-premium-features (freemium model), with the premium “Flo Premium” tier providing additional content and tools. Through 2015-2020 the product grew rapidly in user counts — from initial launch to tens of millions of users within several years — benefiting from the under-served femtech category and from organic word-of-mouth among users who found the tracking-and-prediction features valuable.

By 2024 Flo had reached over 100 million users globally, making it one of the largest femtech apps. The 2024 Series C funding round at $200 million reflected the strong user-base growth and the broader femtech-investor interest. Flo’s competitive position was strong relative to alternative period-tracking apps (Clue, Eve, Ovia, Glow) on a combination of user-experience quality, app-store ratings, and brand recognition.

The 2019 WSJ investigation and the privacy crisis

In February 2019 the Wall Street Journal published an investigation that revealed Flo (and several other popular health apps) had been sharing sensitive user health data with third-party analytics and marketing companies, including Facebook, Google, AppsFlyer, and Flurry. The data shared reportedly included specific tracked-data points (whether users were trying to get pregnant, fertility-window status, period dates) that users had explicitly logged with privacy expectations. Flo’s own privacy policy at the time had explicitly stated that user data would be kept private, making the data-sharing both a privacy violation and a misrepresentation issue.

The investigation produced immediate consumer backlash. Hundreds of complaints were filed with the FTC. Flo stopped sharing the most-sensitive data points within days of the WSJ article but the disclosure damage was done. The broader femtech industry faced similar scrutiny (similar privacy issues were identified at other apps). The episode became a defining moment in femtech privacy discussions and produced sustained regulatory and academic attention to health-app data practices.

The FTC settlement and continued litigation

In January 2021 the FTC announced a proposed settlement with Flo Health resolving allegations that Flo had misled users about data sharing. The settlement was finalized in June 2021. Key terms: Flo must obtain user consent before sharing health data with third parties; Flo must conduct independent privacy reviews; Flo must notify affected users about the prior data disclosures; Flo must instruct third parties that received the data to destroy that data. The settlement did not include monetary penalties from the FTC but did create ongoing compliance obligations.

Class-action litigation followed. A US class action was greenlit and produced approximately a $3.5 million settlement. A Canadian class action proceeded similarly. In 2025 reporting from The Bureau of Investigative Journalism revealed that Meta had been “eavesdropping” on Flo data through Facebook’s Software Development Kit even after Flo’s public commitments to stop sharing — producing renewed concerns about the technical complexity of preventing data sharing once apps are integrated with third-party SDKs. Flo has continued to operate and grow through 2021-2024 with privacy practices substantially revised, but the historical episode remains a defining context for the company’s brand position.

How RGM thinks about femtech and health-app privacy

When clients in femtech, health-app, or sensitive-data categories ask about how to think about privacy-and-data-handling as a brand-and-strategic asset, the Flo case is the structural cautionary example. Three structural lessons. First, sensitive-category apps face structurally higher privacy-handling requirements than general consumer apps. The combination of user-trust expectations, the actual sensitivity of the data, and the regulatory environment (FTC, EU GDPR, state-level laws like Illinois BIPA and Washington My Health My Data Act) produces high compliance burden. Companies in these categories cannot treat privacy-and-data-handling as a marketing-content topic; it has to be embedded in product development from the beginning. Second, third-party SDKs and analytics integrations create technical data-sharing exposure that is hard to fully control. Even Flo’s post-FTC privacy improvements have faced subsequent issues with Meta SDK data flows. Companies serious about privacy in sensitive categories should consider whether to use third-party SDKs at all rather than how to configure them. Third, the financial cost of privacy violations is not just the immediate regulatory settlement — the multi-year brand-trust damage, the sustained litigation exposure, and the ongoing compliance costs are typically larger than the headline settlement.

The pattern is generalizable to other sensitive-data categories (mental-health apps, telehealth, genomics-and-DNA services, financial-services apps, dating apps). The structural conditions in these categories require treating privacy-and-data-handling as a strategic priority rather than a feature. We tell clients in these categories to invest in privacy-and-data architecture as core product infrastructure, to minimize third-party data dependencies, and to plan for sustained regulatory and consumer scrutiny over multi-year horizons.

Frequently asked questions

Is Flo Health profitable?

Not publicly disclosed. As a privately-held company Flo has not disclosed revenue or profitability metrics. The $200M 2024 Series C funding suggests continued growth-investment rather than near-term profitability focus. The freemium model produces revenue through Flo Premium subscriptions; the conversion rates and revenue scale are not publicly disclosed.

Has Flo really fixed its privacy practices?

Substantively yes per the FTC settlement compliance, but the 2025 reporting on Meta SDK eavesdropping suggests technical complexity remains. The FTC settlement required explicit user-consent for health-data sharing, independent privacy reviews, and ongoing compliance documentation. Flo has invested in privacy infrastructure substantially since 2021. The continuing concerns reflect the inherent technical difficulty of preventing data sharing through third-party SDKs once the SDKs are integrated into the app codebase. The underlying architectural complexity is industry-wide rather than Flo-specific.

What were the post-Roe-v-Wade implications?

Substantial. After the June 2022 Dobbs decision overturning Roe v Wade, women’s-health-data privacy became a more material concern because of the legal exposure that period-and-fertility data could create in states where abortion access had become restricted. Multiple femtech apps including Flo announced expanded anonymous-mode features and enhanced privacy options in 2022. The political-legal context elevated privacy from a marketing-concern to a potential legal-exposure for users, which materially affected user choices about which apps to use and how to configure privacy settings.

How does Flo compare to Clue and other femtech competitors?

Flo has the largest US user base; Clue (Berlin-based, founded 2013) has been more vocal about privacy-first positioning. Other femtech apps (Ovia, Glow, Eve) have variable privacy practices and user-base sizes. The competitive dynamic in femtech has been particularly focused on privacy-positioning since 2019, with Clue and several smaller competitors gaining brand-equity at Flo’s expense among privacy-conscious users.

What is the single takeaway?

Privacy-and-data-handling in sensitive-category apps is a strategic priority that must be embedded in product architecture, not a marketing-content topic. Flo Health’s 2019 WSJ-exposed data sharing, 2021 FTC settlement, and continuing 2024-2025 privacy challenges illustrate how privacy failures produce multi-year brand and regulatory costs. Companies in sensitive-data categories should invest in privacy architecture as core infrastructure rather than as a feature.

Sources & references

Flo Health, Inc. (Federal Trade Commission case page) — FTC’s primary case page for the Flo Health investigation and settlement.
Developer of Popular Women’s Fertility-Tracking App Settles FTC Allegations (FTC press release) — FTC’s January 2021 announcement of the proposed settlement.
FTC Finalizes Order with Flo Health (FTC press release, June 2021) — FTC’s June 2021 announcement of the finalized order.
Fertility app Flo Health settles with FTC (MobiHealthNews) — Industry trade-press coverage of the FTC settlement.
Meta eavesdropping on Flo exposes how period apps are a data risk (The Bureau of Investigative Journalism) — Investigative reporting on continued data-sharing concerns after the FTC settlement.
Lawsuit claiming Flo Health app shared intimate data with Facebook greenlit as Canadian class action (CBC News) — CBC coverage of the Canadian class action proceeding.