On August 1, 2025, a California federal jury found that Meta violated the California Invasion of Privacy Act (CIPA) by collecting data from the Flo Health app without the consent of the individuals who downloaded the app and provided information about their period, ovulation, and pregnancies.

CIPA is California’s wiretap law, and the jury found that Meta effectively “eavesdropped” on Flo app users without their consent. According to the plaintiffs, Flo collected information from Flo users after they completed a survey regarding their pregnancy status, tracking of their period, and other information about their menstrual cycle. The suit alleged that although Flo promised not to disclose user-provided information, it provided Meta, Google, and Flurry access to this information through custom app events sent through software development kits incorporated into the Flo app. This is very standard in websites and apps to track individuals for marketing purposes.

The jury found that the sharing of this data was a violation of CIPA. Damages have not been determined as yet. Flo, Google, and Flurry were also named defendants in the case, but plaintiffs settled with the other three defendants before trial began.