MindDoc

Warning: *Privacy Not Included with this product

MindDoc

Review date: April 25, 2023

|
|

Mozilla says

|
People voted: Somewhat creepy

MindDoc is a mental health app developed by clinical psychologists and researchers to help people suffering with depression, anxiety, insomnia, and eating disorders or who simply want to work daily on their emotional well-being. Based in Germany, MindDoc is governed by the generally stricter GDPR privacy laws, at least for people living in the EU. The app, available in German and English, is free to download and costs around $70 for a yearly subscription. Users get access to a mood journal, a mental health score to help gives users insight into where things are going well and where there are problems and then offers courses and exercises to help improve mental wellness. So, how do their privacy practices look? Well, yay for being under GDPR, that's a good thing as that law has stricter privacy protections than most anywhere else in the world. Still, boo on MindDoc for being occasionally vague in their privacy policy about how they share data with third parties. And an even bigger BOO on MindDoc for allowing Facebook to collect data on their users that could tell Facebook things like when a person users the mental health app and how often. Not good, not good at all.

What could happen if something goes wrong?

First reviewed April 20, 2022. Review updated, April 25, 2023

There's good news and bad news when it comes to MindDoc this past year. First, the good news. Since we last reviewed MindDoc in 2022, they have updated their privacy policy to clarify that all users covered by their privacy policy are granted the same rights -- derived from Europe's strong GDPR privacy law -- to access and delete their data. Yay! We here at *Privacy Not Included love to see that. They even have a whole section that lays out all the privacy rights they grant everyone, not only those who list in places covered by GDPR. Again, yay!

That's the good news. Now, the bad news. MindDoc still raises lots of concerns for us about how much data they collect and say they can share with companies like Facebook and Google. Their privacy policy is actually quite exhaustive in laying out all the third parties they say they can share data with. The other bad news is, just like in 2022, they never responded to the privacy and security related questions we emailed them at the email address listed in their privacy policy for such questions. And therefore we are unable to confirm if they meet our Minimum Security Standards. So, MindDoc still earns our *Privacy Not Included warning label in 2023, even though we want to give them credit for doing better by clarifying all people have the same rights to control and delete their data regardless of what privacy laws they live under. Two steps forward, one step back, as the saying goes.

Read our 2022 review:

Here's a scary line to read in any privacy policy, "Facebook may associate your use of our app and related activities with your Facebook user account." Uhm, YIKES!!! What does that mean? Well, it seems to indicate Facebook could know if you use the MindDoc app, when you use the app, how often you use the app, and perhaps other details about your use of the app. So, Facebook could know you're a woman, 28 years old, who uses an app to help manage anxiety, and likes lots of posts about cats and wine. Based on that. Facebook could then serve you lots of targeted ads about being single, your biological clock ticking, and make you even more anxious about life. You absolutely do not need that.

Here's another vague line in MindDoc's privacy policy that worries us, "We generally do not share your data with third parties unless we are legally entitled or obligated to do so, or you have given us consent to do so." Uhm, what do they mean by "generally"? That word seems to give them wiggle room to share your data with third parties in instances not covered by their privacy policy. Which, again, YIKES!!! Vague statements in privacy policies are not your friend. Especially with apps that collect so much personal information about you like your name, email, phone number, questions about your mental state, living conditions, and more. Seems Consumers Reports also had problems with MIndDoc's vague privacy policies on data sharing with third parties back in 2021. We're worried your data could get shared with third parties you're not aware of or don't consent to and then it could be used for who knows what. You don't want that. We don't want that.

One more thing about MindDoc that leaves us worried. They say you can delete your data directly in the app at any time by going to "Settings → Data & Security." However, when we downloaded and used the app and then wanted to delete our data, we could not find this option. Which means MindDoc still has your friendly privacy researcher's data when we'd really rather they didn't. Because suddenly we're seeing ads about mental health everywhere and it's got us a little freaked out (granted, we've been researching mental health apps, so mental health ads following us everywhere seems inevitable, unfortunately).

Tips to protect yourself

  • Go to "Profile > Data & security" section of the app to opt out from Facebook and other third-party ad networks.
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
  • Keep your app regularly updated
  • Limit ad tracking via your device (e.g. on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
  • Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
  • When starting a sign-up, do not agree to tracking of your data if possible.
  • mobile

Can it snoop on me? information

Camera

Device: N/A

App: No

Microphone

Device: N/A

App: No

Tracks location

Device: N/A

App: No

What can be used to sign up?

What data does the company collect?

How does the company use this data?

We ding this product for being vague about data sharing, as well as for sharing some usage data with Facebook for advertisement.

MindDoc can share your usage data with Facebook for advertisement purposes. You can object using the opt out slider in the "Profile > Data & security" section of the application.

"Facebook may associate your use of our app and related activities with your Facebook user account."

"Using the App Events feature, we can track certain interactions ("Events") with our app (opening the app, in-app purchases, answering a question) and use them for further analysis and advertising purposes."

"We generally do not share your data with third parties unless we are legally entitled or obligated to do so, or you have given us consent to do so. In the event that we process personal data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or have it processed (see also the third-party tools described), this is done in compliance with the respective legal specifics. In these cases, we will always take appropriate measures to adequately secure your data (e.g., encryption with our own key management)."

How can you control your data?

"All subjects under this privacy policy are entitled to so-called data subject rights, i.e. rights which the persons concerned can exercise in individual cases. These rights can be asserted against the persons responsible. The rights are derived from the GDPR"

"Regardless of the right to data deletion pursuant to Art. 17 GDPR (see also the rights of data subjects), the data can be deleted directly in the app in the "Settings → Data & Security" at any time. Before this, they can be transferred or backed up using an automatic export function. Alternatively, any user can write this request by e-mail from the address registered with us to [email protected] or by naming the personal identification number (this is located in the profile area at the very bottom). We will then check this immediately and contact you."

"The data provided above will be stored by us for as long as is necessary for the use of our app and related services in the context of unaccompanied monitoring and self-management. "

What is the company’s known track record of protecting users’ data?

Average

No known privacy or security incidents discovered in the last 3 years.

Child Privacy Information

We did not find information about children privacy in their privacy policy.

Can this product be used offline?

No

User-friendly privacy information?

Yes

Links to privacy information

Does this product meet our Minimum Security Standards? information

No

Encryption

Yes

MindDoc's encryption practices are described here: https://minddoc.com/us/en/privacy-policy#chapter-9

Strong password

Yes

Security updates

Yes

Manages vulnerabilities

Can’t Determine

Privacy policy

Yes

Does the product use AI? information

Yes

MindDoc acts as a mental health companion that asks questions daily in order to evaluate a person’s well-being and screen them for symptoms of depression.

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

Is the company transparent about how the AI works?

Can’t Determine

Does the user have control over the AI features?

Can’t Determine

*Privacy Not Included

Dive Deeper

Comments

Got a comment? Let us hear it.