How to choose a private period tracker (2026 guide)

A plain-English guide

Almost every period app calls itself "private." The word has become marketing. Here's a short, practical checklist you can use to tell genuine privacy from a privacy label — and the questions worth asking before you install anything.

The five-point checklist

1. Does it work fully offline? The strongest privacy guarantee is data that never leaves your device. If an app needs the internet to function, your data is going somewhere.
2. Can you use it without an account? No email, no sign-up. An account usually means a server-side profile tied to you.
3. Is it a one-time price, not a subscription? A direct payment removes the incentive to monetize your data. "Free" trackers are often funded by ads and data.
4. Is your data encrypted on the device? Look for on-device encryption (e.g., AES-GCM) and a clear statement of where the key is stored.
5. Does it avoid analytics and ad SDKs? Third-party SDKs are how data quietly leaks even when the app itself seems trustworthy.

Questions to ask before installing

• Where is my data stored — on my phone, or on the company's servers?
• If I delete the app, is my data actually gone, or just removed from my phone?
• Does the privacy policy mention sharing data with "partners," "vendors," or "for advertising"?
• What happens to my data if the company is sold or shuts down?
• Is there a free tier funded by something — and if so, what?

Why "offline" beats "we promise"

A cloud app's privacy depends on its policies, its vendors, its security, and its future owners all behaving — indefinitely. An offline app's privacy depends on a fact: the data isn't anywhere else. Facts beat promises. That's the difference between privacy by policy and privacy by architecture.

How Hoo-Ha scores on the checklist

Compare Hoo-Ha to Flo & Clue →