We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: Holiday.com, ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: Holiday.com, ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Meta Found Guilty of Using Flo App Data Without Consent

Meta Found Guilty of Using Flo App Data Without Consent
Hendrik Human Published on August 07, 2025 Cybersecurity Researcher

A jury found Meta guilty of contravening the California Invasion of Privacy Act for using data from the female health tracking app, Flo Health. A co-defendant in the trial, Flo, had reached a settlement with the plaintiffs earlier in the trial.

Claiming more than 420 million users worldwide, Flo acts as a “period tracker, ovulation tracker, pregnancy app.” Thus, it routinely handles sensitive sexual and reproductive health data, which plaintiffs allege was siphoned by Meta without their consent or knowledge. This includes information on their menstrual cycle, sexual activity, mood, health symptoms, and weight.

The Wall Street Journal originally reported Flo’s concerning data sharing practices in 2019, revealing how it and other companies divulge users’ most “intimate” secrets to third-party services. In response, the US Federal Trade Commission (FTC) launched an inquiry into Flo Health’s practices. This resulted in a settlement between the parties.

A class action lawsuit followed in 2021, filed with the US District Court for the Northern District of California.

Any individuals in the US who used the app between June 2016 and January 2021 were eligible to enroll in the class. Lawyers on behalf of the plaintiffs argued for $1,000 per person in minimum statutory damages. With roughly 40 million in monthly active subscribers at the end of this period, that would represent a massive total payout if the lawsuit were to succeed.

Alongside Google and Meta, the data was allegedly shared with “dozens of third parties” who used it for advertising purposes. Other defendants include digital advertising and analytics companies, such as AppsFlyer and Flurry.

The case against AppsFlyer was voluntarily dismissed in 2022. However, Flurry, now defunct, agreed to settle back in March of 2025, with Google reaching a settlement “in principle” in June. This left Meta as the last defendant standing until the recent verdict against it.

In its verdict, the jury found that the plaintiffs were able to prove that Meta had “intentionally eavesdropped and/or recorded their conversations” against a “reasonable expectation” as well as without users’ consent.

Meta has faced numerous similar privacy allegations in recent years, with costly financial outcomes. In August of last year, Meta was fined $1.4 billion by the state of Texas in one of the largest settlements of its kind. It was also fined $15 million by a South Korean court for illegally harvesting Facebook users’ data.

About the Author

Hendrik is a writer at vpnMentor, specializing in VPN comparisons and user guides. With 5+ years of experience as a tech and cybersecurity writer, plus a background in corporate IT, he brings a variety of perspectives to test VPN services and analyze how they address the needs of different users.

Please, comment on how to improve this article. Your feedback matters!

Leave a comment

This field must contain more than 50 characters

The field content should not exceed 1000 letters

Sorry, links are not allowed in this field!

Name should contain at least 3 letters

The field content should not exceed 80 letters

Sorry, links are not allowed in this field!

Special characters are not allowed in the Name field

Please enter a valid email address