data destruction policy options

[dkg]

The political situation in the USA around fertility is fraught today, and data stored on people's phones can potentially get them in trouble.

A local period tracker like log28 is clearly better than one that sends stuff to the cloud, but local data could still be used against someone if their phone is seized.

It would be nice to have a setting that would automatically securely destroy data older than a certain time. This is comparable to "disappearing messages" on a messenger app.

Having a simple setting like "delete logged data after" with choices like 3 months or 6 months would be a nice option for people who have to worry about this. It wouldn't help if a person's phone is seized promptly after a visit for reproductive healthcare, but if their phone was seized later during a delayed prosecution, it might help.

Other possible options for data destruction or protection:

• a button to destroy all data (i guess uninstall and reinstall might work too, but maybe it is clearer to have an explicit action?)
• a button to replace historical data (from some point back?) with reasonable-looking random data

[wildeyedskies]

This is a really cool idea

[Asalle]

I think it comes from a good place, but I don't know if it actually will protect people. Maybe the same thing can be achieved by safeguarding the whole app with a password and encrypting the exported file? You can refer to 5th amendment and refuse to give the password or just pretend like you forgot it.