For Clinicians
Manage subscription Try Flo today
Product
Product
    Product
  • Tracking cycle
  • Getting pregnant
  • Pregnancy
  • Help Center
  • Flo for Partners
  • Anonymous Mode
  • Flo app reviews
  • Flo Premium New
  • Secret Chats New
  • Symptom Checker New
Health Library
Health Library
    Health Library
  • Your cycle
  • Health 360°
  • Getting pregnant
  • Pregnancy
  • Being a mom
  • LGBTQ+
  • Quizzes
Calculators
Calculators
    Calculators
  • Ovulation calculator
  • hCG calculator
  • Pregnancy test calculator
  • Menstrual cycle calculator
  • Period calculator
  • Implantation calculator
  • Pregnancy weeks to months calculator
  • Pregnancy due date calculator
  • IVF and FET due date calculator
  • Due date calculator by ultrasound
About
About
    About
  • Medical Affairs
  • Science & Research
  • Pass It On Project New
  • Privacy Portal
  • Press Center
  • Flo Accuracy
  • Careers
  • Contact Us
For Clinicians
For Clinicians
Manage subscription

Can Law Enforcement Access My Flo Data? Here's What You Need to Know

By Tsimafei Savitski, Chief Legal & Compliance Officer

As Chief Legal & Compliance Officer at Flo, one of the questions I hear most often is about law enforcement access to reproductive health data. 

More than ever, education on this topic matters. Too often, companies lean on broad statements about where they’re located (for example, ‘we’re a period tracker in Europe where there are strict privacy laws, so we’re safe’), without clearly explaining what that actually means in practice. Some make sweeping promises that don’t fully account for the reality of operating across different global laws and regulatory frameworks. This can create confusion and false reassurance.

At Flo, we’re a UK-registered company operating in Europe. That means there are strong data protection laws and individual rights that apply to our operations. Respect for the rights and freedoms of individuals isn’t just a marketing point, it’s the law that governs Flo and reflected in how we design and run our practices.

But the location of a company  alone isn’t enough. What really matters is whether a company has strong legal, technical, and operational safeguards in place — and, on this issue specifically, whether it has clear processes and policies designed to carefully scrutinise, limit and challenge law enforcement requests, in order to protect your personal information to the fullest extent possible.

Let me walk you through exactly how this works at Flo and what protections we have in place.

The Short Answer

For people using Anonymous Mode: No. Even if Flo receives a legally valid request, we can't identify Anonymous Mode users and therefore can't fulfill any information requests.

For people using regular mode: These requests are extremely rare and handled individually, and to date, we have not received any requests from law enforcement relating to an investigation of a Flo user. But the possibility does exist. 

If this did happen, our commitment to your privacy rights comes first, and we would always seek your consent first if the law allows for this. We only respond to requests that are legally valid — and only after a thorough legal assessment. Any request would be carefully reviewed, challenged, and narrowed to only what is strictly necessary. We require a clear, specific purpose for each and every dataset before considering any disclosure. 

Understanding Legal Data Requests

Legal data requests are formal demands from law enforcement or government agencies seeking information as part of a legal matter. Talking about such requests can understandably cause concern. However, it is important to recognise that they are not solely used for enforcement against individuals. They are often made where someone has reported a matter affecting them to authorities, and additional information is needed to support and substantiate their claim.

Understanding the types of requests and how they work helps you to understand the process and its impact on your privacy. 

  • Subpoenas are legal documents requiring a company to provide specific information. A subpoena does not automatically mean it will be fulfilled, and it can be challenged or limited. 
  • Court orders are formal directives issued by a judge requiring disclosure of data. They are legally binding and carry consequences if not followed. Court orders are typically issued to parties directly involved in a legal matter (and not third parties like Flo), often after other legal steps or proceedings have already taken place.
  • Search warrants are court-issued authorizations that allow law enforcement to search and seize specific data. It is extremely unlikely that Flo would be subject to a search warrant because they are generally used when the party holding the data is involved in criminal activity, which would never be the case with Flo. 

Taking all of this into account, these types of requests are extremely rare. If one were ever received, it would most likely come in the form of a subpoena. That distinction matters. Subpoenas can be reviewed, challenged, and narrowed where appropriate — and we would always take those steps to protect our users’ data.

Flo's Process for Handling Requests

As I mentioned above, these demands are extremely uncommon and we have not received any requests from law enforcement relating to an investigation of a Flo user.  But if they were to arrive, we have a rigorous process in place. 

Before we consider complying with any request, we insist on several things:

First, requests must be submitted to Flo's Chief Legal & Compliance Officer (that’s me!). My office reviews all legal demands thoroughly. We don’t automate this review or delegate it to other departments, ensuring your data is handled with care and respect.

Second, requests must be legally valid. This means the request must follow the proper legal process. It has to be formally and correctly delivered to Flo, coming from an authority that has legal power over Flo (which is based in the United Kingdom).

Third, requests undergo full legal review. We carefully review any demand to ensure it's legally valid (as above) and thoroughly review each data point requested to ensure it has a genuine, legitimate and specific purpose. Where it does not, we will use all available legal means to challenge or refuse the request in order to protect our users’ data.

Fourth, you are notified when possible. We will contact you at your registered email address to inform you about the demand, except when we are legally prohibited from doing so.

Fifth, requests are challenged. Flo will always advocate for the protection of individuals' privacy rights and will challenge the legal validity of overly broad or legally questionable requests. We will never respond to a request that does not meet legal standards and will not provide any information if it does not have a defined purpose. Where requests are valid, we will use all available legal means to challenge, narrow their scope, and minimize any impact on our users’ data.

Anonymous Mode: Maximum Protection

In 2022, we built Anonymous Mode specifically to address concerns about data access, including from law enforcement. This wasn't just a privacy feature. It was an architectural decision about how we handle sensitive health information.

Here's how it works from a technical standpoint.

  • Identity disconnection. When you activate Anonymous Mode, your health data is completely separated from your identity. Your email, name, and technical identifiers are not stored with your health information, and cannot be reconnected.
  • Technically impossible to identify you. Even Flo can't identify people using Anonymous Mode. This isn't about choosing not to look; it is that we simply cannot connect your health data to your identity. This is a technical solution that cannot be overridden.
  • No data to provide. In the event of a legally valid demand or subpoena, we can't identify you and therefore can't fulfill any information demands. The technical architecture makes identification impossible.

Your Privacy Rights Matter

Even in situations where law enforcement has legal authority to request data, I would like to emphasize that you have rights.

  • You have a right to notification. In most cases, you should be notified about data requests. Exceptions exist for certain criminal investigations where notification is legally prohibited.
  • You have a right to challenge. You can challenge the request in court, depending on the jurisdiction and nature of the request.
  • You have the right to limit the scope. Overly broad requests can be challenged to limit what information is disclosed.

Rest assured, our policies and procedures ensure that we apply these protections automatically for you whenever possible.

At Flo, you’re in control of the data you wish to share when using Flo’s services. You delete, access and amend your information directly within the app or by reaching out to support@flo.health

The Bottom Line

At Flo, your privacy is paramount to us. Even when legal obligations exist, we advocate for protecting your rights and limiting disclosures. Anonymous Mode exists precisely to address these concerns, providing protection even in worst-case scenarios.

We built our infrastructure with privacy as a core principle, not an afterthought. That's why we hold ISO 27001 and ISO 27701 certifications, invested in post-quantum cryptography and created Anonymous Mode.

Your body. Your data.

Related Resources: