Click for Full Transcript

Intro 0:01

Welcome to the She Said Privacy/He Said Security Podcast. Like any good marriage, we will debate, evaluate, and sometimes quarrel about how privacy and security impact business in the 21st century.

Jodi Daniels 0:22

Hi, Jodi Daniels, here. I’m the Founder and CEO of Red Clover Advisors, a certified women’s privacy consultancy. I’m a privacy consultant and certified informational privacy professional providing practical privacy advice to overwhelmed companies. 

Justin Daniels 0:36

Hi I am Justin Daniels, I am a shareholder and corporate M&A and tech transaction lawyer at the law firm, Baker Donelson, advising companies in the deployment and scaling of technology. Since data is critical to every transaction, I help clients make informed business decisions while managing data privacy and cybersecurity risk. And when needed, I lead the legal cyber data breach response brigade.

Jodi Daniels 1:00

And this episode is brought to you by Red Clover Advisors. We help companies to comply with data privacy laws and establish customer trust so that they can grow and nurture integrity. We work with companies in a variety of fields, including technology e commerce, professional services and digital media. In short, we use data privacy to transform the way companies do business together. We’re creating a future where there’s greater trust between companies and consumers to learn more and to check out our best-selling book Data Reimagined: Building Trust One Byte at a Time, visit redcloveradvisors.com. So this week, when we’re recording this episode, it’s been a really busy week, because we have celebrated — our book has been out for two years, and we have celebrated four years of podcasting, and we counted that it’s a little bit over 190 episodes now and almost 100 hours of content. So we are now in our fifth year season.

Justin Daniels 2:03

When can I get paid? 

Jodi Daniels 2:04

Nope, nope. We don’t. We don’t do that. In fact, someone had asked — no guest pays to be on here, and there is no advertising. So this is a no-money podcast, so I have no money to pay you. So sorry. Actually, not, sorry, Okay, moving right. A lot. That’s funny.

Justin Daniels 2:24

I’m impressed. Hey, listeners, Jodi was funny, impressive.

Jodi Daniels 2:29

It can happen. I move all right, we’re gonna come back to privacy now. Okay, today we have Anna Hall, who is an educator, mom of two, and Co-founder of Embody, a privacy forward menstrual wellness app. Anna, welcome to our silly show. I am so glad to be here. Thanks for having me. That’s your turn. That was your cue.

Justin Daniels 2:54

Does this mean I’m getting a pay cut for this? So Anna, welcome. Let’s begin by having you tell us a little bit more about your career journey.

Anna Hall 3:08

Sure, so I have a fairly non-traditional path to the tech world. I was a public school special education teacher for the first 10 years of my career focusing on teaching young adults to use high tech communication devices to communicate. So I’ve always been involved in tech, and then I came to tech by way of my husband. He had a cryptocurrency startup that started all the way back in 2011, moved out to the Bay Area. We did the whole startup thing. If you ever saw Silicon Valley on HBO, that was basically our lives out there. And I learned a lot. And I think as anyone who works closely with their spouse, or anyone who’s the spouse of somebody with a small business, you know that you’re involved in the day to day as a partner. So I was kind of in the Shadow World of the startup community and Silicon Valley, and saw how everything worked and functioned, and then we’ll talk about it in a little bit. But when I had the idea for what is now in body, I realized how the pieces could come together, and then I did have this, this experience and path towards creating an app.

Jodi Daniels 4:30

Silicon Valley is a really good show. I forgot about that show. I’m not sure I’ve seen all of the episodes.

Anna Hall 4:36

My parents would ask how we’re doing. And I said, did you watch last week’s episode, that’s how we’re doing great.

Jodi Daniels 4:43

Justin, why are you laughing at me?

Justin Daniels 4:46

Because it’s a riotously hilarious and parody, and it’s a very well done show about Silicon Valley investors. There are multiple episodes that are beyond hilarious.

Jodi Daniels 5:00

Yes, yeah. Now I forgot all about that show. Okay, so I will have to put that on when I have a free moment, come back to that show. But let’s bring it back here. I kind of want to set the stage a little bit for Embody. So with that in mind, what is the biggest misconception that you hear, or maybe you don’t hear, that people just are not realizing when it comes to privacy and security of their health information, especially women.

Anna Hall 5:27

Yes, so it’s a menstrual wellness company that I own, and the biggest misconception I hear is, who cares about my data? Who cares about specifically my menstrual health data? I don’t think anybody does, and I think that that’s the biggest misunderstanding. Your data is a commodity, and it is the product. And a lot of cases, and so specifically in the menstrual health world, a lot of people, we’ll talk about this a little bit later, but one in three women use a period tracker, and the largest period tracker has been sued by the FTC for selling and misusing women’s data without their explicit consent. And so I think that’s something that a lot of women are not aware of, is just that these kinds of breaches of trust have been broken already.

Jodi Daniels 6:20

Yeah, it’s really interesting, because at the same time, while those companies are being sued, the way the US works is it’s not a consent-driven system for something that is this type of data on these kinds of websites, right? The misconception that I always see is people think health data equals covered by HIPAA, right? And there it’s not. HIPAA is a very precise definition and a very particular type of health data point in certain scenarios. Have that our legal answer?

Justin Daniels 6:59

Yeah, but we need to add something to this conversation when we talk about HIPAA. Do you remember when they passed HIPAA a long time ago, before 2000 and the definition of HIPAA has not been iterated to really represent the health data that we collect today with all of the apps and whatnot. It’s really narrowly tailored to like service providers or insurance companies, but not all the wealth of these companies. And I guess to me, what Anna is doing and what we’re talking about is a real test case about how technology has gotten so far out in front of public policy and the law that we’re desperately in need of serious reform.

Jodi Daniels 7:43

I don’t know how to get there. Well, we’re not gonna be able to solve that one today. Nope. It is a really big question. So to kind of continue forward, given our misconception and understanding of what people think is health information, why, in your opinion, is it really a big deal to have a secure app for this type of health information.

Anna Hall 8:04

I think, you know, it’s twofold. First of all, it is some of the most personal data we put out there. People have very strong feelings about it. We’re talking about, you know, when women ovulate, when they are menstruating. And this is not information that you want to shout to the world, right? It’s very private information. And then, second of all, besides people who want to sell sell your data to third parties, there’s also, unfortunately, the situation where menstrual surveillance is in the news and somewhat on the ballot in the United States right now, and what I mean by that is, if there were a case of suspected abortion in a state with restrictive abortion bans, then people’s menstrual health data could be subpoenaed and used as circumstantial evidence in a court of law. A lot of people are unaware of this. There was a really fantastic study that came out of Duke University called I deleted after Roe, and it talks about how many women in the United States use these types of period trackers, and how many it’s 87% said they care deeply about the privacy of their menstrual health data, but only 40% feel like they have any control over that data and how it’s used and shared.

Jodi Daniels 9:37

It’s a really interesting study. And actually, I want to go back to something that I said before about how it’s interesting because in the US regarding consent given in the last couple of years, some of the court case decisions the Washington State, my health, my data privacy act, is. A really interesting law that is the first of its kind to really try and extend this definition of health information and the kind of data that we’re talking about right now would be covered under that state and has a long list of very specific requirements and provisions that would prevent the sale of this kind of data. So for anyone here who is working in the health related space, and you are not familiar with the Washington law, then I highly encourage you to do so. And we actually have a podcast episode on that that we did earlier in 2024 with Mike.

Justin Daniels 10:38

So Anna, can you share with us, based on what you learned about all this, the motivation to start Embody.

Anna Hall 10:46

Sure. So I had, at age 31 I just had my second child, and I was noticing an interesting pattern. I kind of felt like postpartum depression, but it was, it was not. I would feel great normal one week, and then the next week, I felt like clouds were rolling in. I was kind of tired. The following was very challenging to do my normal day to day. And then the next week, I was exhausted. I felt fine, but I was busy picking up the pieces. I got this is unusual, and I ended up going to my doctor, and I got diagnosed with something called PMDD, premenstrual dysphoric disorder. Found out it runs in my family. It’s, you know, about 8% of women have this. And so, you know, as a nerd, an educator, I wanted to learn everything I could about my cycle, and at age 31 that’s when I learned that there are different phases of the menstrual cycle, and each phase comes with its own set of symptoms and qualities. And it was just a massive unlock. I like to liken it to like it’s biohacking for women, we know about the circadian rhythm, you wouldn’t go lift weights at 3 a.m. right in the same way you might not plan a large presentation or a marathon on day 28 of your cycle. So when you really understand and know how you might feel at each phase of your cycle, it really empowers you to live your best life and plan ahead for both your strengths and what you need as support. So I was on this wellness, PMDD journey, and then I live in Atlanta, Georgia, and in 2022 Roe v Wade was overturned, and that we had a trigger law in Georgia that has a six-week ban on abortion, which I felt uncomfortable with, and and, you know, we that same day, we heard from security experts everywhere delete all history of your menstrual health data online. And I think it was, you know, is alarming, and I think it was a wake up call to a lot of people. That’s why there was this study. I deleted after Roe — many people did. And so with this new obsession with tracking my period and understanding it, and then security experts saying, delete, delete, delete, I was like, This is ridiculous. They were saying, Go back to pen and paper. And I know we deserve a whole lot more than pen and paper. Pen and paper only gets you so far as a planning tool and I knew that there was a path forward with my connection to my husband’s photography studio, that there’s a safe way to move forward and have a sophisticated tool for women to use in a safe, secure, private way.

Jodi Daniels 13:47

Anna, with the you had kind of mentioned before, you know, people don’t think that they need to care. Help us understand a little bit about No, actually, here’s why they should care. And you also mentioned how you built it with some security pieces in mind. Can you share a little bit more about what are those security pieces that are making you different than tool XYZ out there?

Anna Hall 14:12

Absolutely. So we all know that the standard in tech, especially with wellness apps, as consent, is not a standard Before connecting your very personal data to a server, right? And so we are breaking the norm here, and body is offline-first. So no, no, there’s no login, there’s no password. We don’t have an account for you. Your information does not touch the cloud without your explicit permission. So all of the data you put in the app stays on your device and is locally encrypted. We are providing the option for encrypted backup, and kind of an interesting algorithm for how to back that up. Safely, where we don’t hold the passcode, where it’s really user owned, and that’s going to be a paid option in the future. And then another way that we’re kind of breaking the norm is we are open sourcing in the coming months, which I’m really excited about. And really what open sourcing says is anybody can come in, review our code and verify that we’re delivering on our privacy promises. They’re not just having to blindly trust us with their data.

Jodi Daniels 15:33

And so, Anna, you’re storing it locally. Can you help understand some of the what? How is that different than what you know, another app might do, just to really help paint the picture about how this is a secure solution, compared to, again, what else might be out there.

Anna Hall 15:50

Sure. So this is probably going to make you guys feel crazy, but we say we’re subpoena proof, and of course, we’re not, but what we mean by that is we do not have your data, and so if it were subpoenaed by local law enforcement, we do not have that data to share with them. It’s simply we don’t have it. It exists on your device and your advice alone. And I think that that’s the biggest difference. It’s very atypical for our industry.

Jodi Daniels 16:21

Okay, well, thank you.

Justin Daniels 16:24

So I wanted to ask you a follow up question, because one of the trends or things that Jodi and I have seen this year is privacy security professionals having to broaden our skill set. And one of the things that I find very interesting in talking to you is you talked about in the show before we got on about how you had to you might talk to male investors, your audience or your customer for your app, like I would never use your app. So some of the things I’m learning — this is very interesting. How does that work when you have a certain client base that are women and yet, you have to explain the app and all the benefits to maybe someone like me who’s an interested investor, but I don’t know anything. How do you craft that story?

Anna Hall 17:12

I think you know the biggest, the biggest thing is that our product speaks volumes. We just shipped our general release to both app stores in August, and it was late August, and we now have over 20,000 users, and this was slowly organic uptake of our free product. Right now, I think that there’s been a gap between understanding that our data is valuable to other people, and really the kind of concern that we have as women in this country as that, you know, as menstrual surveillance is in the news. I really think that gap of understanding is closing, and we’re kind of seeing that with our numbers right now, but it is a challenging story to tell. I think people are clued in. I think that there are a lot of studies that people say that, you know, consumers are willing to pay up to $100 a year for privacy, right? And this is a growing trend, and we’re seeing this with Embody, which is really exciting.

Jodi Daniels 18:22

Well, with all that you know in the privacy and security space, we asked this to everyone, which is, what would be the best privacy tip you would share with your friends after they already downloaded the app?

Anna Hall 18:40

Yes, OK, so my best tip to share with friends is make sure that you unlock your phone with a passcode, not Face ID or Fingerprint, because if someone were to force you to unlock your phone, let’s say law enforcement, they could compel you to use your face or your finger, but they because of the fifth they can’t force you to put a passcode in — little known fact.

Jodi Daniels 19:08

That is very interesting. Thank you. Yeah, that’s a new one. I like when we get I mean, it’s sometimes fun to get the same one, because then it really helps emphasize this is a really important piece, and then it’s also really nice to get all these other tips, because we’re helping to basically build a privacy tip library for the community.

Anna Hall 19:31

Yeah, and I think that’s a really practical one that a lot of people are not aware of, and it affects everybody who has a phone.

Jodi Daniels 19:37

Which is like everyone, dude, why is it going to start having dog cell phones soon? I mean, there’s dog TV.

Justin Daniels 19:45

Alright, you’re onto dogs.

Jodi Daniels 19:48

Yes, because I, it’s just when I was thinking of people, I could imagine even dogs and people leave their TVs on for dogs now. So I seriously think there’s going to be a dog communication device soon. Anna, maybe you can help me. Is going to go and create that now?

Justin Daniels 20:04

Maybe, Anna, you can help me create an app that can figure out how Jodi’s mind got from where it was to the dog app. Because I don’t understand, because everyone has a phone, how?

Jodi Daniels 20:14

And even young kids have phones now. And so I’m thinking everyone’s going to have a phone, even the dogs are going to have a phone. Okay? And Justin, you watch me, in a couple years, someone’s going to have that, if it’s not here already, I fully agree.

Anna Hall 20:29

Jodi and Justin, we are working on a decentralized partner sharing component to Embody. So if you are partnered up with somebody who has a cycle, you can see where they are in their cycle, what that might mean, how it might affect you, and what you can do to support them, instead of like a support animal.

Justin Daniels 20:48

It’s a different version of that.

Jodi Daniels 20:50

There you go. Cool. Alright.

Justin Daniels 20:52

So Anna, when you are not building Embody, what do you like to do for fun here in Atlanta, Georgia?

Anna Hall 21:01

I, you know, I have two kids, and both my husband and I own our own companies, so the free time is going far between. But really, what I do is spend time with family and friends. Tomorrow for Halloween, we’re hosting 14 people at our house and just hanging out having fun, being together.

Jodi Daniels 21:23

Yeah, I hear you on the little free time. Yes, totally. Well, Anna, it has been a joy to have you here. If people would like to learn more and to grab the app, where should they go?

Anna Hall 21:35

To Embody.space. And it’s available for both iPhone and Android and easy to download on the app stores.

Jodi Daniels 21:43

There you go. Well, Anna, thank you again. We’ll be sure to include the link in the show notes, and we appreciate you coming to share more about health and what people need to know about it. 

Anna Hall 21:56

Thank you guys so much.

Jodi Daniels 21:57

Thank you. 

Outro 22:03

Thanks for listening to the She Said Privacy/He Said Security Podcast. If you haven’t already, be sure to click Subscribe to get future episodes and check us out on LinkedIn. See you next time.

Privacy doesn’t have to be complicated.