Period tracking data can tell you when someone got pregnant, whether they're using contraception, if they missed a period, and roughly when they're fertile. In the wrong hands, that information is a weapon.
This is not hypothetical. Digital evidence — search histories, text messages, app data — has already been used in reproductive health prosecutions in the United States. As of early 2026, thirteen states enforce total abortion bans. Eighteen states have restrictive policies affecting roughly a third of the population. The federal HIPAA Reproductive Health Rule was vacated by a Texas court in 2025, and HHS didn't appeal. The patchwork of state-level protections that remains is exactly that — a patchwork.
Meanwhile, a 2025 BMC Women's Health study found that 71% of period tracking apps share personal and sensitive health data with third parties. In 2025, Flo Health and Google settled a combined $56 million class action lawsuit for sharing intimate cycle data with advertisers. The apps people trust with their most private health information are, in many cases, handing that information to advertising companies.
When the Dobbs decision came down, I donated to Planned Parenthood. But I'm not a politician or an organizer, and monthly donations don't do much against a structural problem. What I know how to do is build systems. So I went looking for the thing I assumed someone had already built — an encrypted, offline period tracker designed to hold up under real adversarial pressure — and it didn't exist.
What Tarn does differently
Tarn is an offline period tracker with PIN-based encryption. Here's what that means in practice:
Your data never leaves your phone. Not to a server. Not to a backup. Not to an analytics service. The app makes zero network calls. There is nothing to intercept, nothing to subpoena, nothing stored on a server that could be breached or compelled.
Your data is encrypted. The database is encrypted with SQLCipher (AES-256). The encryption key is derived from your PIN using Argon2id — the same key derivation function used in serious cryptographic applications, configured with 64MB of memory cost and three iterations. This isn't a toy lock. It's computationally expensive to break.
The app can destroy itself. After a configurable number of wrong PIN attempts, Tarn overwrites all data with random bytes and deletes it. This isn't a "factory reset." The data is gone.
There's a duress PIN. An optional second PIN that, when entered, shows a convincing empty app — or wipes everything. For situations where someone is forced to unlock.
The app doesn't look like a period tracker. Optional icon disguises make it appear as a calculator, notes app, or weather app on your home screen. The lock screen shows no branding.
No account required. No email. No phone number. No identity tied to your data. You install it, set a PIN, and start tracking.
Who this is for
I built Tarn for people whose period tracking data could be used against them. That includes:
- People in states where reproductive health data could become legal evidence
- People in abusive relationships where a partner monitors their phone
- People in families or cultural contexts where menstruation is private
- People who want health data to remain private on principle
- Minors whose parents monitor their devices
Not everyone needs this level of protection. But the people who do need it really need it, and they don't currently have good options.
What this is not
Tarn is not the most feature-rich period tracker. If your primary concern is features and you're comfortable with how other apps handle your data, they might serve you better today.
Tarn is for the people who looked at those apps and decided they couldn't take the risk.
Open source
Tarn is open source under GPL-3.0. Every security claim I make is verifiable by reading the code. I publish the threat model so you can evaluate it yourself. If you find a flaw, I want to know about it.
I don't ask you to trust me. I ask you to trust the math, and I give you the tools to verify it.
What's next
The app is in active development. Core encryption is built. Cycle tracking works. Predictions and insights are coming. I'll be writing about the design decisions, the trade-offs, and the things I get wrong along the way.
If you want to follow along, the repo is public. If you want to help, contributions are welcome — especially security review, accessibility testing, and translations.
If you know someone who needs this, it'll be ready soon.