Warning: *privacy not included with this product
Insight Timer bills itself as the "#1 free app for sleep, anxiety, and stress". Groovy. With over 100,000 guided meditations, a handy dandy meditation timer, thousands of calm sounds and music tracks, and discussion pages to chat with others trying to calm down, it is chock-full of meditation goodies. However, you know what they say, "When something is free, you're the product." Yup, Insight Timer is collecting tons of your personal information, including things like your political and religious beliefs because having that insight about you helps Insight Timer keep you on the app longer and potentially is data they can share with advertisers to sell you more stuff. Also, did you know that just by simply visiting their website, you agree for them to track you around the web using cookies? You're given no option to opt-out. Bad form! And good insight to know before you decide to give Insight Timer a try.
What could happen if something goes wrong?
Insight Timer, it’s gonna be a “meh” from us. Why aren’t we thrilled? So glad you asked. It’s time to have a look at what insights this app has about you. Aside from your registration details, they collect any information you feed the app while you’re poking around and joining meditation sessions — including your DMs. Then they collect data about what you do on the app, including what time and where you are when you do it.
And like we mentioned earlier, that also means they keep your responses to those pretty intimate-sounding in-app surveys that ask “about your health, mood, religious beliefs, race, gender, ethnicity, ancestry, physical disabilities, marital status, or sexual orientation.” Yeesh. But then they — wait what? Collect some more personal information about you like your “mailing address, your gender, your age, your household income, and other demographic data” from “privately owned databases” and combine it with what they already know about you. That's a whole lot of personal information Insight Timer is collecting on you. Does Russell Brand know about this?
When it gets to the part about what they do with the information, let’s say we could have benefited from some guided deep breathing exercises. Besides reasons like targeted ads, personalizing your experience and administrative tasks, they included one that's pretty vague (but also pretty commonly found in privacy policies) for our taste: for their “legitimate interests, or those of a relevant third party” like “improv[ing] the Services and for other business and commercial purposes.” We like that they say they won’t combine your health data with the rest of your information. But they do reserve the right to share that health data with research partners so long as it’s "anonymized." And if you want to erase your data? It’s not clear whether you can unless that’s your legal right where you live, which unfortunately, it mostly isn’t.
Lastly the app’s security practices leave something to be desired. Though they suggest using a strong password, they don’t really give users a hand in doing that. The registration form will accept a super simple one like "111111" and that makes us worry about the breachability of their accounts.
What's the worst that could happen with Insights Timer? Well, aside from your data being used to target you with more ads, just imagine if your very personal health data contributed to the publication of one of those awful studies that overgeneralizes about some generation or broad demographic. Like, Bisexual Zillenials Prefer Whispers to Raindrops For Sleeping. The world does not need any more of that!
Tips to protect yourself
- Do not give access to your photos and video or camera
- Do not log in using third-party accounts
- Do not connect to any third party via the app, or at least make sure that a third party employs decent privacy practices
- Do not give consent for sharing of personal data for marketing and advertisement.
- Chose a strong password! You may use a password control tool like 1Password, KeePass etc
- Do not use social media plug-ins.
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
- Keep your app regularly updated
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
- When starting a sign-up, do not agree to tracking of your data if possible.
What can be used to sign up?
Google sign-in available
What data does the company collect?
Mailing address, gender, age, household income, other demographic data, precise location.
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
No known privacy or security incidents discovered in the last 3 years.
Child Privacy Information
Can this product be used offline?
User-friendly privacy information?
Links to privacy information
Does this product meet our Minimum Security Standards?
"111111" allowed as a password.
Got a comment? Let us hear it.