When TINA.org Investigations Collide
These brand collabs are far from fab.
Stardust marketing claims out of this world
I’m a pretty skeptical person by nature. I believe if something seems too good to be true, it usually is. So, when period tracking app Stardust went TikTok viral by changing the emphasis of its marketing strategy from astrology to data security, stating “We don’t sell or share your data. Period,” I had my hesitations, specifically with the word share.
As someone who has worked with NPPI (nonpublic personal information) in the highly regulated and routinely audited financial industry, I know even protected data must still be shared with authorities when required by law. However, I was ultimately swayed when Stardust claimed end-to-end encryption would prevent a user’s login information from being tied to their period tracking data. I became one of the app’s 90,000+ TikTok followers and shared its videos with friends.
Stardust is a period tracking app that “integrates science, astronomy and artificial intelligence to connect your hormonal cycle with the cycles of larger celestial bodies: the stars, planets, sun, and moon.” The app did not appear to market itself as a privacy focused company until after reports of Roe v. Wade being overturned began circulating on May 2.
The first appearance of Stardust claiming to not share data appeared on their Instagram account on May 4 and their TikTok account on May 11. This specific TikTok gave Stardust its first viral hit and just two days later, Stardust posted a follow-up showing it was third in the Top Charts for Apple downloads.
The timing of Stardust’s shift in marketing strategies seemed to suggest it was capitalizing on the fears that many were experiencing concerning healthcare access and reproductive rights. A suggestion that is reinforced by this TikTok, where the app proclaims “when your period tracker finishes encrypting your data just in time for the Roe v. Wade reversal.”
Then on June 24, when Roe v. Wade was officially overturned, Stardust launched its most viral TikTok yet, saying “if we get subpoenaed by the government we will not be able to hand over any of your period tracking data. It is completely anonymized from your login data. We can’t view it. You are the only person that can see this.” Again, two days after going viral, Stardust celebrated its success in the Apple App Store, but this time it was first.
Claims Get Scrutinized
A security editor at TechCrunch ran another analysis of the app and found that the encryption process that Stardust claimed would prevent login information from being “linked” to period tracking data created an “encryption key” that was sent back to Stardust. If the key — which links login information and period tracking data — is stored, it can theoretically be subpoenaed and used to connect the two.
What This Teaches Us
When faced with the unique ability to market itself to a growing number of individuals worried about menstrual health data privacy in a post-Roe world, Stardust appeared to rush forward without confirming it could backup its marketing claims. This oversight might simply be because it may have fallen prey to the same issue I did: not fully understanding the encryption technology.
Companies asking users to trust them need to ensure they are advertising themselves honestly and accurately. Hopefully Stardust, and anyone that shared the viral TikToks or downloaded the app under the belief their data would be protected from governmental authorities, has learned to be a bit more skeptical when something seems too good to be true. I know I have.
These brand collabs are far from fab.
And why the problem is even worse when those human viewers are kids.
TINA.org applauds proposed rulemaking and recommends addition.