photo: Glow/Facebook

If you're one of the thousands of women who use a period-tracking app for family planning purposes — or just to track when Aunt Flo's coming to town — you might want to read your app's privacy policy.

Consumer Reports recently launched a sobering investigation into one such app, called Glow. The app, which has repeatedly been rated as one of the best of its kind, has allegedly helped 25,000 women get pregnant. But according to the investigation, Glow has made a ton of personal data about its users extremely accessible, including details about their sexual history.

photo: Apple/Glow

Glow has a feature that allows partners to link accounts so, if they wanted, they could see each other's data, including when they masturbated, had intercourse, drank alcohol or smoked cigarettes.

However, Consumer Reports found that the same feature that allowed partners to link Glow accounts via email, unintentionally allowed strangers to see their data, too. As long as a person knew a Glow user's email address, they could theoretically link accounts and have access to all that person's intimate data. 

This is deeply disturbing for many reasons, especially when you consider that 1 in 6 women experience stalking victimization at some point in their lives. This security flaw would make it that much easier for a jealous ex or internet rando got a hold of a Glow user's personal information and use it to their advantage.

If that wasn't bad enough, CR found that not only was it was extremely easy for potential hackers to change a user's password, it was unnervingly simple to access a person's full name and rough location by using information from the app's community forum.

photo: Glow

Thankfully, Glow immediately addressed all the privacy concerns as soon as it was made aware of them.

“We appreciate Consumer Reports bringing to our attention some possible vulnerabilities within our app,” Jennifer Tye, head of U.S. operations at Glow, said in a statement shared with Consumer Reports. “Once informed, our team immediately worked to address and correct the potential issues and have since released an updated version of the app. We also informed users via email to consider changing their password as an extra precaution."

"There is no evidence to suggest that any Glow data has been compromised.”

While Glow's 4 million users can finally breathe a sigh of relief, one question still remains: Why does the app ask so many personal details — are they truly essential to menstrual tracking or family planning?

"Michelle," 23, says she uses a similar app, Period Tracker Lite, which gives users the option to add more intimate information if they choose.

"All I really have to provide is my start date," she told Revelist. "It determines the rest such as average length of cycle and when I should finish and start. I have the option to add days where I'm intimate or when I'm PMSing and can add all different types of symptoms, but I never use that."

Eve, another tracking app owned by Glow, seems to focus purely on period tracking and sexual health and also asks for a lot of personal information, says "Tina" a 22-year-old former user.

"When you make a daily log, it asks you what emotions you're feeling, if you're experiencing any symptoms (cramps, hunger, bloating, headache etc.), if you exercised, if you ate sweets/snacks/alcohol, your sex drive, if you had sex and how (with/with out condom, oral, etc.), how heavy your period is, your discharge, and if anything weird is happening with your vagina," she told Revelist. 

"So yeah it asks A LOT."

In short: Do what makes you feel happy and healthy — just be sure to read the fine print.

Update 8/5, 1:11 pm: Glow has responded to Revelist's request for comment.

“We appreciate Consumer Reports bringing to our attention some possible vulnerabilities within our app. The industry only gets stronger with white hats who are looking to protect consumers. Once informed, our team immediately worked to address and correct the potential issues and have since released an updated version of the app. We also informed users via email to consider changing their password as an extra precaution. Of the more than 4 million users across our apps, far less than 0.15% of our users could have potentially been impacted, but there is no evidence to suggest that any Glow data has been compromised.” — Jennifer Tye, Glow's Head of US Operations