Mindshift CBT

Warnung: *Datenschutz ist in diesem Produkt nicht inbegriffen

CBT stands for Cognitive Behavioral Therapy. It is a psychological treatment shown to be effective at helping manage things like anxiety, eating disorders, and phobias. Mindshift CBT is a free app created by the Canadian charitable organization Anxiety Canada that uses evidence-based CBT strategies to help users manage anxiety by reducing worry, stress, and panic. The app offers tools based on these CBT strategies such as thought journals, belief experiments, and coping cards as well as fear ladders and expanding your comfort zone guides. Tools all designed to help better navigate the crazy, messed up world we're living in these days. Couple that with the fact that Anxiety Canada is a non-profit charitable organization that isn't looking to share or sell a bunch of your personal information to make money and you've got yourself a pretty good deal. Did we mention it's free? But you can always donate to support this organization if you want. We do worry a little about the app's security practices, though, so unfortunately, it's not perfect.

Was könnte passieren, wenn etwas schiefgeht?

First reviewed April 20, 2022. Review updated, April 25, 2023

Not much has changed with non-profit Anxiety Canada's Mindshift CBT app over the last year. Their privacy policy was last update in October, 2021, so no changes there since our last review. And we still have the same concerns about the app from a security perspective that we had last year -- we are unable to confirm if they encrypt their data both in transit and at rest (where they store it online), and they still only require a weak password of "111111".

We see they did start restricting access to their public Community forum where users can share stories and offer peer-to-peer support to only users who turn 18+ in the current calendar year. We consider that a good privacy move, especially since we could find no child-specific privacy information in their privacy policy. This is also a good reminder to only share what you are comfortable being made public in such open community forums, no matter your age (but especially if you are under 18!).

Read our 2022 review:

Anxiety Canada's Mindshift CBT app seems to take their users' privacy fairly seriously, which is nice. They do collect personal information like name, e-mail address, telephone, location, and information about your usage of MindShift. The do not share or sell this information for any targeted marketing or advertising purposes though, so yay! Unfortunately, as we have seen with other apps created by non-profit charitable organizations, we do have some concerns about their security practices. The app accepted the weak password "111111" when we logged in. We also were unable to confirm if and when they use encryption to protect users' data in transit and at rest and if they have a way to manage security vulnerabilities. Emails to the address mentioned in their privacy policy for these privacy related questions went unanswered.

It's great to see the organization take privacy seriously. And we understand that charitable organizations don't always have the same resources as bigger companies to focus on an app's security. Which stinks. Big companies tend to have way worse privacy practices and better security practices where charitable organizations seem to have the best privacy practices and not as strong security practices. We feel a little like Goldilocks out here looking for the rare that manages to do both well.

Tipps zu Ihrem Schutz

  • Choose a strong password! You may use a password control tool like 1Password, KeePass etc
  • Do not use social media plug-ins.
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
  • Keep your app regularly updated
  • Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
  • Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
  • When starting a sign-up, do not agree to tracking of your data if possible.
  • mobile

Kann es mich ausspionieren? Information

Kamera

Gerät: Nicht verfügbar

App: Nein

Mikrofon

Gerät: Nicht verfügbar

App: Nein

Verfolgt den Standort

Gerät: Nicht verfügbar

App: Nein

Was kann zur Registrierung verwendet werden?

Welche Daten sammelt das Unternehmen?

Wie nutzt das Unternehmen die Daten?

"We do not generally disclose your personal information to any third party without your specific consent, except as permitted or required by law."

"We use information about you in the following ways: To ensure that Mindshift content is presented in the most effective manner for your mobile device.

To provide you with information related to MindShift that will facilitate your engagement with the MindShift.

To provide you with promotional communications, such as email, where you have provided consent to receive such communications.

To carry out our obligations arising from any agreements entered into between you and us. To allow you to participate in interactive features of MindShift when you choose to do so. To notify you about changes to MindShift.

To understand your location to help us identify groups of users by general geographic market (such as postal code, province, or country)."

Wie können Sie Ihre Daten kontrollieren?

"You may request access to, make corrections to, or delete the personal information we hold about you at any time, subject to certain exceptions."

"We will retain the personal information we collect from or about you only for so long as we require it to satisfy the purposes for which we collected the information. We will also retain your personal information for as long as is required to meet our various legal and business obligations, which in some cases might be for a longer period than is necessary to satisfy the purposes for collection.

In particular, if we use any of your personal information to make a decision that directly affects you (e.g., to decide whether you are eligible to participate in a MindShift CBT Group of the Mindshift CBT Community), we will retain that information for at least one year after the date we use the information to make the decision. This is so you have time to request access to your personal information.

Once there is no longer a legal requirement or business purpose to retain your personal information we will securely delete, destroy, or anonymize it."

Wie ist das Unternehmen in der Vergangenheit mit den Daten über seine Verbraucher umgegangen?

Durchschnittlich

No known privacy or security incidents discovered in the last 3 years.

Informationen zum Datenschutz bei Kindern

Mindshift CBT's privacy policy does not mention child privacy information.

They do say that as of November, 2022 "Access to Community is now restricted to users who are 18+ at the start of the calendar year."

They also state in their privacy policy that:

"f you apply to become a participant in our MindShift CBT Group, we will also collect personal information, including information about the nature and severity of your anxiety symptoms, directly from you for the following purposes...

"If you are a minor, to determine whether you are able to consent on your own behalf to participate in the MindShift CBT Group, or whether consent from your parent/guardian is required;"

Kann dieses Produkt offline genutzt werden?

Nein

Benutzerfreundliche Informationen zum Datenschutz?

Nein

Links zu Datenschutzinformationen

Erfüllt dieses Produkt unsere Mindestsicherheitsstandards? Information

Nein

Verschlüsselung

Nicht zu bestimmen

Sicheres Passwort

Nein

The app has accepted '111111' as a password.

Sicherheits-Updates

Ja

Umgang mit Schwachstellen

Ja

"To deal with security vulnerabilities, we would escalate reported potential vulnerabilities to our contracted developer, EY, and request a corresponding update to the MindShift app. The contact would be [email protected]."

Datenschutzrichtlinie

Ja

Verwendet das Produkt KI? Information

Nicht zu bestimmen

Ist diese KI nicht vertrauenswürdig?

Nicht zu bestimmen

Welche Entscheidungen trifft die KI über Sie oder für Sie?

Gibt das Unternehmen transparent an, wie die KI funktioniert?

Nicht zu bestimmen

Hat der Benutzer die Kontrolle über die KI-Funktionen?

Nicht zu bestimmen

*Datenschutz nicht inbegriffen

Tauchen Sie tiefer ein

Kommentare

Möchten Sie einen Kommentar loswerden? Schreiben Sie uns.