Mindshift CBT

Warning: *Privacy Not Included with this product

Mindshift CBT

Review date: April 25, 2023

|
|

Mozilla says

|
People voted: Somewhat creepy

CBT stands for Cognitive Behavioral Therapy. It is a psychological treatment shown to be effective at helping manage things like anxiety, eating disorders, and phobias. Mindshift CBT is a free app created by the Canadian charitable organization Anxiety Canada that uses evidence-based CBT strategies to help users manage anxiety by reducing worry, stress, and panic. The app offers tools based on these CBT strategies such as thought journals, belief experiments, and coping cards as well as fear ladders and expanding your comfort zone guides. Tools all designed to help better navigate the crazy, messed up world we're living in these days. Couple that with the fact that Anxiety Canada is a non-profit charitable organization that isn't looking to share or sell a bunch of your personal information to make money and you've got yourself a pretty good deal. Did we mention it's free? But you can always donate to support this organization if you want. We do worry a little about the app's security practices, though, so unfortunately, it's not perfect.

What could happen if something goes wrong?

First reviewed April 20, 2022. Review updated, April 25, 2023

Not much has changed with non-profit Anxiety Canada's Mindshift CBT app over the last year. Their privacy policy was last update in October, 2021, so no changes there since our last review. And we still have the same concerns about the app from a security perspective that we had last year -- we are unable to confirm if they encrypt their data both in transit and at rest (where they store it online), and they still only require a weak password of "111111".

We see they did start restricting access to their public Community forum where users can share stories and offer peer-to-peer support to only users who turn 18+ in the current calendar year. We consider that a good privacy move, especially since we could find no child-specific privacy information in their privacy policy. This is also a good reminder to only share what you are comfortable being made public in such open community forums, no matter your age (but especially if you are under 18!).

Read our 2022 review:

Anxiety Canada's Mindshift CBT app seems to take their users' privacy fairly seriously, which is nice. They do collect personal information like name, e-mail address, telephone, location, and information about your usage of MindShift. The do not share or sell this information for any targeted marketing or advertising purposes though, so yay! Unfortunately, as we have seen with other apps created by non-profit charitable organizations, we do have some concerns about their security practices. The app accepted the weak password "111111" when we logged in. We also were unable to confirm if and when they use encryption to protect users' data in transit and at rest and if they have a way to manage security vulnerabilities. Emails to the address mentioned in their privacy policy for these privacy related questions went unanswered.

It's great to see the organization take privacy seriously. And we understand that charitable organizations don't always have the same resources as bigger companies to focus on an app's security. Which stinks. Big companies tend to have way worse privacy practices and better security practices where charitable organizations seem to have the best privacy practices and not as strong security practices. We feel a little like Goldilocks out here looking for the rare that manages to do both well.

Tips to protect yourself

  • Choose a strong password! You may use a password control tool like 1Password, KeePass etc
  • Do not use social media plug-ins.
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
  • Keep your app regularly updated
  • Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
  • Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
  • When starting a sign-up, do not agree to tracking of your data if possible.
  • mobile

Can it snoop on me? information

Camera

Device: N/A

App: No

Microphone

Device: N/A

App: No

Tracks location

Device: N/A

App: No

What can be used to sign up?

What data does the company collect?

How does the company use this data?

"We do not generally disclose your personal information to any third party without your specific consent, except as permitted or required by law."

"We use information about you in the following ways: To ensure that Mindshift content is presented in the most effective manner for your mobile device.

To provide you with information related to MindShift that will facilitate your engagement with the MindShift.

To provide you with promotional communications, such as email, where you have provided consent to receive such communications.

To carry out our obligations arising from any agreements entered into between you and us. To allow you to participate in interactive features of MindShift when you choose to do so. To notify you about changes to MindShift.

To understand your location to help us identify groups of users by general geographic market (such as postal code, province, or country)."

How can you control your data?

"You may request access to, make corrections to, or delete the personal information we hold about you at any time, subject to certain exceptions."

"We will retain the personal information we collect from or about you only for so long as we require it to satisfy the purposes for which we collected the information. We will also retain your personal information for as long as is required to meet our various legal and business obligations, which in some cases might be for a longer period than is necessary to satisfy the purposes for collection.

In particular, if we use any of your personal information to make a decision that directly affects you (e.g., to decide whether you are eligible to participate in a MindShift CBT Group of the Mindshift CBT Community), we will retain that information for at least one year after the date we use the information to make the decision. This is so you have time to request access to your personal information.

Once there is no longer a legal requirement or business purpose to retain your personal information we will securely delete, destroy, or anonymize it."

What is the company’s known track record of protecting users’ data?

Average

No known privacy or security incidents discovered in the last 3 years.

Child Privacy Information

Mindshift CBT's privacy policy does not mention child privacy information.

They do say that as of November, 2022 "Access to Community is now restricted to users who are 18+ at the start of the calendar year."

They also state in their privacy policy that:

"f you apply to become a participant in our MindShift CBT Group, we will also collect personal information, including information about the nature and severity of your anxiety symptoms, directly from you for the following purposes...

"If you are a minor, to determine whether you are able to consent on your own behalf to participate in the MindShift CBT Group, or whether consent from your parent/guardian is required;"

Can this product be used offline?

No

User-friendly privacy information?

No

Links to privacy information

Does this product meet our Minimum Security Standards? information

No

Encryption

Can’t Determine

Strong password

No

The app has accepted '111111' as a password.

Security updates

Yes

Manages vulnerabilities

Yes

"To deal with security vulnerabilities, we would escalate reported potential vulnerabilities to our contracted developer, EY, and request a corresponding update to the MindShift app. The contact would be [email protected]."

Privacy policy

Yes

Does the product use AI? information

Can’t Determine

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

Is the company transparent about how the AI works?

Can’t Determine

Does the user have control over the AI features?

Can’t Determine

*Privacy Not Included

Dive Deeper

Comments

Got a comment? Let us hear it.