A DC cyber company created a safe period tracking app at an internal hackathon

Cybersecurity and menstrual cycles might not seem linked to most people. But their relevance to one another was a bit of a no-brainer to one team of employees at DC-based encryption services company Virtru.

At the request of a design team lead during the company’s biannual internal hackathon, the team created a prototype period tracking app, SecureCycle, that aims to protect user data. Although Virtru doesn’t plan to roll it out as a commercial product, its leaders still see the app as a possible inspiration to other cyber companies — one that challenges them to be open to solving different digital problems.

The app, which is currently for iOS, lets users log in with their preferred OpenID Connect authenticator and see any historical data they’ve put into the app. From there, they can see a day view or a month view with days on the calendar that they’ve experienced flow. They can log symptoms as well as any general notes about their cycle, and a predictive component of the app will anticipate the number of days until their next period. The app also includes a resources section and a page that describes the encryption and data policy.

The creators additionally developed a share function that lets users share their data with doctors, friends or others if they want. The app will show the user who accessed their data, and users can revoke access at any point (say, if they have a doctor’s appointment and only want to share the data for a day).

Dana Morris, a senior VP at Virtru, told Technical.ly that a goal was to ensure users can control and own access to their data — a unique concept compared to many apps that rely on user data.

“The old idea of, like, if I physically possess something, that means I own it — How does that actually work in a digital world? If you really think about it, it doesn’t actually make sense because you don’t technically own it,” Morris said. “Once you upload something into one of these apps, like flow or anything else, they’re storing into the cloud.”

OpenTDF to shut down subpoenas

Period tracking apps took a hit in the wake of Roe v. Wade’s overturn, particularly over users’ concern that their information could be used against them. There are still a few different ways that data from an app can be accessed (breaches and tricky situations involving third-party data brokers), but the Virtru team thinks they might have a solution to the issue of subpoenas: its OpenTDF safeguards.

A common request from many of the company’s European customers, Morris said, is protection against a blind subpoena. These customers own a private key as their safeguard, and Virtru applied that method to SecureCycle. The app encrypts the data prior to uploading and is unable to decrypt it as the users hold the encryption keys. This means that if a subpoena is sent out, the app provider (in this case, Virtru, but it could be applied elsewhere) would actually be unable to meet the subpoena request because they don’t own the data.

Senior Technical Product Manager Cassandra Bailey noted that for cyber companies, showcasing something like SecureCycle is a huge opportunity, since she sees data privacy and Roe v. Wade’s aftermath as ever-growing problems.

“As a security company or a company that’s trying to protect people’s data, proving out a concept like this and having an example demonstrating how you could do something like this, I think is extremely strategic and important and valuable,” Bailey said.

At the moment, Virtru doesn’t have any plans to turn the app into a commercially viable product. Instead, the app will actually be open source so others can access it and build on it. But, Morris said the company wouldn’t be opposed if a health organization approached them down the line for a partnership with SecureCycle.

Both he and Bailey also encouraged companies to see what unique ideas can come from a company hackathon — even if it doesn’t seem immediately relevant. They also agreed on its benefit to company culture, as well as its possible widespread impact.

“Sometimes you need to move past, a little bit, the day-to-day of: How am I bringing in revenue? And just take a step back and say, fundamentally, how am I building a community? How am I contributing to the world?” Morris said. “If I can do that in a way that at least brings attention in a positive way to my organization, maybe it’s worth pursuing.”

“Enabling people in your organization to follow through on those ideas and giving them space to feel them out, I think, is really great for those individuals involved,” Bailey added. “But it’s also really great in terms of finding new, innovative things to work on, or new, compelling use cases as we did with SecureCycle at Virtru.”