U.S women’s health company Everlywell and its subsidiary Natalist have agreed to a $5 million settlement following allegations of unauthorized data sharing with third parties.

The class action lawsuit, filed in the U.S. District Court for the Northern District of Illinois, claimed that the companies used tracking technologies on their websites to transmit users' personal and health information to entities like Meta (formerly Facebook) and Google without proper consent.

The lawsuit centered on the use of tracking pixels, which allegedly captured and shared sensitive user data, including information about at-home lab tests purchased through Everlywell.com and Natalist.com. These tests covered areas such as sexually transmitted infections and fertility, raising significant privacy concerns.

Under the settlement terms, approximately two million affected individuals were eligible for compensation up until the end of March 2025 when the claims process expired.

The settlement fund is divided into two categories: $2.64 million allocated for those who purchased "sensitive" tests and $2.36 million for "non-sensitive" test purchasers. Eligible class members had until March 19, 2025, to submit claims, with payments to be distributed after the conclusion of any appeals. It is not yet known how much has been distributed following the closure of this claims process.

Everlywell’s parent brand Everly Health acquired Natalist in 2021, as it sought to expand its reach into reproductive health. However, in early 2025, Natalist quietly shut down its direct-to-consumer online shop — a move that has not been publicly linked to the lawsuit.

A spotlight on digital privacy

This case spotlights again the critical importance of data privacy in the healthtech and femtech sector, particularly for companies handling sensitive health information.

Sophie-louise Feith is the founder of Hanah Ecosystem, a Dutch start-up building privacy-first infrastructure to support data collection in women’s health. Sophie said:

“There is increasing confusion between securing digital applications and securing the sensitive data that those applications rely on. This distinction is critical, particularly in the context of women’s health, where data is often deeply personal and shared without full awareness of its long-term implications.

“Women’s privacy demands structural change in systems that prioritise individual data ownership, transparent governance, and active, ongoing consent. It’s crucial to support continued innovation in women’s health, but without robust protections and user-led control frameworks, increased visibility risks becoming exposure, and progress may come at the cost of exploitation.”

The case also highlights how data protection needs to be taken into account in all areas of a business.

Monica Cutler, founder of digital marketing agency Palteq said:

"This goes far beyond compliance checkboxes. In women’s health, privacy and consent are foundational for user trust. Founders have a responsibility to understand how technologies like the Facebook pixel interact with personal data, and to make sure that users are giving meaningful consent.

“In sensitive sectors like this, ethical, consent-driven marketing is the only sustainable approach."

Ongoing cases in digital privacy

There have been a number of high-profile cases and reports in the last decade which have highlighted concerns about data sharing of reproductive health.

These have mostly centered around period and cycle tracking apps which have been found to collect more data than is necessary, share with third parties (and even potentially sell data to third parties), have poor data security measures and a lack of transparency about data privacy (i.e not being open about how data is collected, used and shared).

Back in 2019, Privacy International conducted an analysis of 36 menstruation apps and they found that 61% were automatically transferring data to Facebook when a user opened the app. They also found that some of those apps were routinely sending Facebook incredibly detailed and sometimes sensitive personal data. This was happening even if people were logged out of Facebook or didn’t have an account.

More recently, following the overturning of Roe vs Wade in 2022 there were calls for women to delete their period tracking apps because of the fear that information logged in these apps could be used to prove women had obtained an abortion.

And, as FutureFemHealth reported this week, the world’s most popular female health app, Flo Health, will face a jury trial later this year over allegations that it mishandled users’ sensitive health data between 2017 and 2019.