7 Cups

Warning: *privacy not included with this product

Mental Health Apps Online Therapy

7 Cups

7 Cups of Tea
Wi-Fi

Review date: April 25, 2023

|
Mozilla researched 16 hours
|

Mozilla says

|
People voted: Very creepy

Ever just need someone to listen to you? Sure, you can talk to your kitty or your plant or that stranger at the bus stop (who probably isn't all that interested in your problems as they have their own). Sometimes, though, you just need someone to stop and listen to you. That's what 7 Cups says they offer with their trained volunteer listeners, AI-chat bots, licensed therapists, and community support pages. Free to download, access to text-only chat therapy costs $150 a month. How does 7 Cups look from a privacy perspective? Well, we found things in their privacy policy rather unclear. That's not good for a mental health app there to listen to your problems.

What could happen if something goes wrong?

First reviewed April 20, 2022. Review updated, April 25, 2023

7 Cups was one of those mental health apps that left us feeling worried and concerned after our review in 2022. Their vague privacy policy wasn't what you want to see when you're signing up for a service that connects people with unlicensed "listeners" to their problems. We had concerns, for sure. In 2023, we still have some concerns, but we do think 7 Cups privacy policy is a bit clearer this year. They now clearly state, albeit down in the California Privacy Rights section at the bottom of their privacy policy, that they "do not share your Personal Information with other businesses for marketing uses." That is a good thing to see clearly stated in a privacy policy. What's missing in their privacy policy still in 2023 is any clarity that all users, regardless of what privacy laws the reside under, have the same rights to access and delete their data. That's bad.

On top of that, 7 Cups took a step backward and now does not require a strong password to protect their app. We were able to log in with the weak password "11111111". That's not good. And we still can't confirm if the company has a way to manage security vulnerabilities. These are questionable security practices for an app where users can share super sensitive personal information.

In 2023, 7 Cups made some progress by making their privacy policy a little less vague. They still raise too many issues for us to feel much less worried and concerned. Also, they signed your lovely privacy research up to their email list without consent, which is a HUGE privacy research pet peeve. All in all, 7 Cups is still not great when it comes to privacy and security in 2023.

Read our 2022 review:

7 Cups is an app for listening. Which is great, we all need to be heard. However, it also seems 7 Cups is an app that likes to collect a lot of personal information. And we had real trouble telling just how exactly 7 Cups uses and shares that personal information based on their privacy policy. Lack of clarity in privacy policies stinks, especially with a mental health apps that can collect so much data.

Here's what we do know. 7 Cups says they can collect a whole lot of personal information, including your first name, last name, email address, location, phone number, age, gender, race ethnicity, sexual orientation, disabilities, and veteran status, and information about your health and medical history if you choose to give it.

How does 7 Cups use this personal information? Here's where things get vague for us. They don’t specifically state in their privacy policy that they don’t sell user data, which is something we like to see stated clearly. 7 Cups' privacy policy is unclear on if they share your data with third parties for advertising and marketing purposes. They do say the use your personal information for promotions and they share data with third parties "that assist us in providing the Services and which are bound by duties of confidentiality." All this leaves us with too many questions to feel confident about how all that personal information they collect is used.

What about those chats you have with their unpaid volunteer listeners and paid therapists? 7 Cups says, "While we generally do not monitor transcripts of chats between users and Listeners and Therapists, we may occasionally review the chat transcripts to conduct quality control, address potential safety issues, and prevent misuse of our platform, if certain suspicious or potentially harmful activity is detected. We may also use aggregated data from chat transcripts to conduct research and development. In reviewing this information, 7 Cups will maintain all applicable confidentiality/HIPAA/privacy standards." Which sounds like your chat transcripts can be reviewed by employees of 7 Cups and also aggregated for research and development purposes. You may or may not be comfortable with this. We're not sure we would. And also remember, while chats with a licensed therapist are covered under stricter HIPAA privacy laws, chats with volunteer listeners might not be.

Finally, 7 Cups says they may de-identify your personal information and that anonymized, aggregated data is no longer considered personal information and maybe be shared in lots more ways with lots more people. This is a pretty common practice but we also must remind you that it has been found to be relatively easy to re-identify such data, especially if location is included.

What's the worst that could happen with 7 Cups? We sure hope those unpaid, volunteer trained listeners value the privacy of all the stuff you just needed to get off your chest. Because if even one of them took your private conversations and shared them publicly, that could be pretty traumatic, even if they don't know your identity.

Tips to protect yourself

  • Do not share personal sensitive information in apps' chats, forums or other non-private locations. Anything users post in the public forums, chats, or other features of the app will be accessible to other users and may not be able to be deleted.
  • Check the Community Guidelines for tips "to promote safe, warm, comfortable, supportive atmosphere."
  • Choose a strong password! You may use a password control tool like 1Password, KeePass etc
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
  • Keep your app regularly updated
  • Limit ad tracking via your device (e.g. on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
  • Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
  • When starting a sign-up, do not agree to tracking of your data if possible.
  • mobile

Can it snoop on me? information

Camera

Device: N/A

App: Yes

Microphone

Device: N/A

App: Yes

Tracks location

Device: N/A

App: No

What can be used to sign up?

What data does the company collect?

How does the company use this data?

"It is our policy that we do not share your Personal Information with other businesses for marketing uses. "

"Anonymized Data. We may de-identify your Personal Information, in compliance with applicable law and aggregate such de-identified data with the de-identified data of other users. Such anonymized, aggregated data is no longer considered Personal Information. We may then share such anonymized aggregated data with the sponsors of programs that facilitate your access to the Services, such as government health agencies, researchers or healthcare providers."

"Listening and Therapy Chat Transcripts. While we generally do not monitor transcripts of chats between users and Listeners and Therapists, we may occasionally review the chat transcripts to conduct quality control, address potential safety issues, and prevent misuse of our platform, if certain suspicious or potentially harmful activity is detected. We may also use aggregated data from chat transcripts to conduct research and development. In reviewing this information, 7 Cups will maintain all applicable confidentiality/HIPAA/privacy standards."

How can you control your data?

We ding this product as it is unclear if all users regardless of location can get their data deleted. And since some data can not be deleted at all.

"Users can request a download of their own Personal Information that 7 Cups currently stores, and also request deletion of their account and associated Personal Information. We reserve the right to prevent a User from exercising such rights in certain circumstances, as permitted by law. "

"Anything users post in the public forums, chats, or other features will be accessible to other users and may not be able to be deleted. Accordingly, 7 Cups strongly discourages posting any Personal Information in these places and it is your responsibility not to share Personal Information in such non-private location."

"Generally, we will retain your Personal Information for as long as your account or profile is active, or for the length of time needed to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law. Private messages are stored for up to one year. Group messages (in chatrooms, groupchat) are stored for up to 30 days. Posts in community forums (including subcommunities) are maintained on community forums at the discretion of Community admins. 7 Cups will store your user account and associated Personal Information if your account is active. After a period of inactivity greater than 1 calendar year, 7 Cups may, at its discretion, purge Personal Information related to inactive accounts."

What is the company’s known track record of protecting users’ data?

Average

In 2018, blogger Jim Hannery posted an investigation into coercive digital marketing practices of 7 Cups.

Child Privacy Information

"7 Cups complies with the Children’s Online Privacy Protection Act and Our Site and Services clearly specifies that users must be at least 18 years old. Children between the ages of 13-17 years old may only participate in our Services with parental consent. If a parent or guardian becomes aware that their child has provided us with Personal Information without their consent, they should contact us at [email protected]. If we become aware that a child under 18 (or between the ages of 13-17 years old without parental consent) has provided us with Personal Information, we will take steps to delete such information from our files. Separately, a child under 18 may request deletion of information they posted on our Site or Services, which may be accomplished through anonymization."

Can this product be used offline?

No

User-friendly privacy information?

No

Links to privacy information

Does this product meet our Minimum Security Standards? information

No

Encryption

Yes

Standard SSL encryption

Strong password

No

Allowed "11111111" for a password.

Security updates

Yes

Manages vulnerabilities

Can’t Determine

Three vulnerabilities disclosed at openbugbounty remain unpatched.

Privacy policy

Yes

Does the product use AI? information

Yes

The AI Chatbot, Noni, can help you navigate the website or app, or it can guide you through various activities in its own chat room.

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

Is the company transparent about how the AI works?

Can’t Determine

Does the user have control over the AI features?

Can’t Determine

*privacy not included

Dive Deeper

Comments

Got a comment? Let us hear it.