Warning: *Privacy Not Included with this product
MindDoc is a mental health app developed by clinical psychologists and researchers to help people suffering with depression, anxiety, insomnia, and eating disorders or who simply want to work daily on their emotional well-being. Based in Germany, MindDoc is governed by the generally stricter GDPR privacy laws, at least for people living in the EU. The app, available in German and English, is free to download and costs around $70 for a yearly subscription. Users get access to a mood journal, a mental health score to help gives users insight into where things are going well and where there are problems and then offers courses and exercises to help improve mental wellness. So, how do their privacy practices look? Well, yay for being under GDPR, that's a good thing as that law has stricter privacy protections than most anywhere else in the world. Still, boo on MindDoc for being occasionally vague in their privacy policy about how they share data with third parties. And an even bigger BOO on MindDoc for allowing Facebook to collect data on their users that could tell Facebook things like when a person users the mental health app and how often. Not good, not good at all.
What could happen if something goes wrong?
First reviewed April 20, 2022. Review updated, April 25, 2023
There's good news and bad news when it comes to MindDoc this past year. First, the good news. Since we last reviewed MindDoc in 2022, they have updated their privacy policy to clarify that all users covered by their privacy policy are granted the same rights -- derived from Europe's strong GDPR privacy law -- to access and delete their data. Yay! We here at *Privacy Not Included love to see that. They even have a whole section that lays out all the privacy rights they grant everyone, not only those who list in places covered by GDPR. Again, yay!
That's the good news. Now, the bad news. MindDoc still raises lots of concerns for us about how much data they collect and say they can share with companies like Facebook and Google. Their privacy policy is actually quite exhaustive in laying out all the third parties they say they can share data with. The other bad news is, just like in 2022, they never responded to the privacy and security related questions we emailed them at the email address listed in their privacy policy for such questions. And therefore we are unable to confirm if they meet our Minimum Security Standards. So, MindDoc still earns our *Privacy Not Included warning label in 2023, even though we want to give them credit for doing better by clarifying all people have the same rights to control and delete their data regardless of what privacy laws they live under. Two steps forward, one step back, as the saying goes.
Read our 2022 review:
Here's a scary line to read in any privacy policy, "Facebook may associate your use of our app and related activities with your Facebook user account." Uhm, YIKES!!! What does that mean? Well, it seems to indicate Facebook could know if you use the MindDoc app, when you use the app, how often you use the app, and perhaps other details about your use of the app. So, Facebook could know you're a woman, 28 years old, who uses an app to help manage anxiety, and likes lots of posts about cats and wine. Based on that. Facebook could then serve you lots of targeted ads about being single, your biological clock ticking, and make you even more anxious about life. You absolutely do not need that.
Here's another vague line in MindDoc's privacy policy that worries us, "We generally do not share your data with third parties unless we are legally entitled or obligated to do so, or you have given us consent to do so." Uhm, what do they mean by "generally"? That word seems to give them wiggle room to share your data with third parties in instances not covered by their privacy policy. Which, again, YIKES!!! Vague statements in privacy policies are not your friend. Especially with apps that collect so much personal information about you like your name, email, phone number, questions about your mental state, living conditions, and more. Seems Consumers Reports also had problems with MIndDoc's vague privacy policies on data sharing with third parties back in 2021. We're worried your data could get shared with third parties you're not aware of or don't consent to and then it could be used for who knows what. You don't want that. We don't want that.
One more thing about MindDoc that leaves us worried. They say you can delete your data directly in the app at any time by going to "Settings → Data & Security." However, when we downloaded and used the app and then wanted to delete our data, we could not find this option. Which means MindDoc still has your friendly privacy researcher's data when we'd really rather they didn't. Because suddenly we're seeing ads about mental health everywhere and it's got us a little freaked out (granted, we've been researching mental health apps, so mental health ads following us everywhere seems inevitable, unfortunately).
Tips to protect yourself
- Go to "Profile > Data & security" section of the app to opt out from Facebook and other third-party ad networks.
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
- Keep your app regularly updated
- Limit ad tracking via your device (e.g. on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
- When starting a sign-up, do not agree to tracking of your data if possible.
Can it snoop on me?
Camera
Device: N/A
App: No
Microphone
Device: N/A
App: No
Tracks location
Device: N/A
App: No
What can be used to sign up?
Yes
Phone
No
Third-party account
No
What data does the company collect?
Personal
Name, email. In Germany also, to use online psychotherapy: postal address, phone number.
Body related
General mental condition, complaints, symptoms.
Social
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
No known privacy or security incidents discovered in the last 3 years.
Child Privacy Information
Can this product be used offline?
User-friendly privacy information?
Links to privacy information
Does this product meet our Minimum Security Standards?
Encryption
MindDoc's encryption practices are described here: https://minddoc.com/us/en/privacy-policy#chapter-9
Strong password
Security updates
Manages vulnerabilities
Privacy policy
MindDoc acts as a mental health companion that asks questions daily in order to evaluate a person’s well-being and screen them for symptoms of depression.
Is this AI untrustworthy?
What kind of decisions does the AI make about you or for you?
Is the company transparent about how the AI works?
Does the user have control over the AI features?
Dive Deeper
-
Mental Health Apps Aren't All As Private As You May ThinkConsumer Reports
-
The Digital Standard Case Study: Mental Health AppsThe Digital Standard
-
Peace of Mind...Evaluating the Privacy Practices of Mental Health AppsConsumer Reports
-
5 Mental Health Apps You Need On Your PhoneTech Guide
-
Do Therapy Apps Really Protect Your Privacy?Life Hacker
-
MindDoc: Depression & Anxiety ReviewOne Mind Psyber Guide
Comments
Got a comment? Let us hear it.