Amy Mitchell started getting sick in 2012. Dizzy spells and fatigue became a part of her daily life, followed by numbness in her limbs and painful muscle spasms. After half a dozen doctors over two years couldn’t tell her what was wrong, she sent away for a 23andMe kit. At the time, the consumer DNA-testing company was only giving ancestry reports—the Federal Drug Administration had recently shut down 23andMe’s health information ambitions. But a new doctor had recommended that Mitchell send in her spit anyway, and link her genetic profile to a third-party app that would analyze her DNA for clues.

It wasn’t an FDA-approved test or a genetic panel that her insurance would cover. The app interpreted variations in her MTHFR gene, which were once thought to be linked to hundreds of conditions, before being mostly discarded by mainstream science. But Mitchell was desperate. The $100 she paid for the kit plus $50 for the app seemed a reasonable price under the circumstances. She brought the results to her first appointment with the new doctor and after taking a look, he suggested she switch up her supplements and stop eating gluten. Within days her headaches and dizziness went away, and her energy rebounded. It wasn’t a miracle cure; the 37-year-old Mitchell still has pain and numbness and trouble clearing infections from her body. But she credits the app, and half a dozen others she’s used over the years, with leaving a trail of breadcrumbs for her to follow. And now, she’s worried other people like her won’t have the same opportunity.

This week, 23andMe shut down external apps’ access to its anonymized genomic data through its application programming interface. 23andMe was the first DNA testing company to open an API, back in 2012, and the idea at the time was to “allow authorized developers to build a broad range of new applications and tools for the 23andMe community.”

But a lot has changed since then, pushing the company to rethink how its genetic, behavioral, and health data gets used. For one thing, pharmaceutical giants are now willing to pay 23andMe hundreds of millions of dollars for exclusive access to its stockpile of data, to help with drug discovery.

Meanwhile, the dangers of loose data practices forced their way into the public consciousness earlier this year when it was exposed that a third-party app harvested, and then sold, the personal Facebook data of up to 87 million Americans. At-home genetic testing companies have themselves been cast into a maelstrom of privacy concerns, with the news that detectives cracked the case of the Golden State Killer using genetic profiles uploaded to a publicly available genealogy website.

Beyond privacy considerations, 23andMe is also concerned about the prevalence of diet and fitness apps of dubious scientific merit. “While we have had some great API partners, there are others that do not meet our scientific standards and lack rigorous privacy policies,” a 23andMe spokesperson wrote in an email to WIRED. Going forward, app developers will only be able to access data from the reports 23andMe generates for customers, such as ancestry composition or risk probabilities for genetic diseases like Parkinson’s. In the coming weeks, 23andMe plans to publish new criteria for developers, outlining what sorts of privacy measures and scientific validation are required for future participation. Notably, all apps must return results consistent with what 23andMe itself claims, limiting those apps’ utility.

The company says qualified researchers will still have access to raw genetic data, provided that customers have consented to share their information through the API. And customers will still have the option to download all their data and manually share it with outside apps or services, an action that has its own security risks (computers can get lost, stolen, hacked). 23andMe declined to say how many apps are currently connected to the API, or how many will be disabled by the change.