Moodfit
Mental Health Apps Mood Trackers

Moodfit

Roble Ridge Software LLC
Wi-Fi

Review date: April 25, 2022

|
Mozilla researched 16 hours
|

Mozilla says

|
People voted: Somewhat creepy

Moodfit is a mood tracking, cognitive behavioural therapy using, mindfulness meditation, breathing, medication and sleep tracking app that users seem to really like. Verywell Mind named it their best mental health app so far in 2022. The app is free to download and use some features. To unlock all features, users will need to pay $10 a month or $40 for a yearly subscription to Moodfit Premium. Their privacy policy is much like their website -- short and relatively straightforward. Their security practices raised our eyeballs pretty high though when we were able to login with the password of "1" in 2022. We're happy to report they have since updated that to a strong password requirement here in 2023.

We did really appreciate their blog post discussing how the war in Ukraine can impact mental health (one of your *Privacy Not Included researchers is Ukrainian). Thank you to everyone supporting Ukraine.

What could happen if something goes wrong?

First reviewed April 20, 2022. Review updated, April 25, 2023

In 2022, we were able to use the super weak password "1" to login to Moodfit. This earned them our *Privacy Not Included warning label. This year when we reached out to Moodfit with our concerns, they agreed to update their password requirement. Now their password requirement is much strong and they meet our Minimum Security Standards. Thanks Moodfit! Moodfit also updated their privacy policy on March 29, 2023, and while it is rather short and vague, it doesn't raise too many red flags for us. Overall, Moodfit has improved since we reviewed them in 2022 and that is something we love to see.

Read our review from 2022:

Moodfit kinda really messed up when they allowed weak passwords like the one number password of "1" to protect all the sensitive personal information you can store in their app. This is a terrible security practices we can't overlook. We did email them multiple times at the email address listed in their privacy policy with questions about their privacy and security practices but received no response. So, yeah, we have concerns about Moodfit's security. Please, if you use this app, use a much stronger password than "1" to protect your personal information.

As for privacy, Moodfit does seem to do a bit better there. Their privacy policy, last updated a good while ago in 2018, says that registration is optional, however, you may not be able to use many of the features offered by the app unless you register with Moodfit. When you register, Moodfit collects data such as email address, app usage information like when you use the app and what features you use, and mood-related data you enter. Moodfit says they can use this data to, among other things, contact you with marketing promotions. Moodfit also collects data such as IP address and your mobile devices unique device ID.

Moodfit does say they can share the personal and app usage information you provide with "our trusted services providers who work on our behalf, do not have an independent use of the information we disclose to them, and have agreed to adhere to the rules set forth in this privacy statement." That's a rather vague statement of who they share your information with and how that information is used. Although it is pretty common to share you data with service providers, it's nice when a privacy policy outlines who those providers are. We really don't like vague statements in privacy policies.

Moodfit doesn't specifically state in their privacy policy that they don't sell user data, which is something we like to see stated clearly. They do say only aggregated, anonymized data may be periodically transmitted to external services to help Moodfit improve the app, so hopefully no personal information is being sold. We do have to mention here that it has been found to be relatively easy to de-anonymize user data, especially if location or device ID data is included.

What's would happen if something goes wrong with Moodfit? Well, you could use a terrible password to protect all the sensitive, personal information Moodfit can collect. Your 10-year old could easily guess your terrible password and learn you have huge anxiety they'll grow up to be an Instagram influencer. This results in your 10-year old only dreaming of becoming an Instagram influencer. No one wants that. Use a strong password people!

Tips to protect yourself

  • Do not log in using third-party accounts
  • Do not connect to any third party via the app, or at least make sure that a third party employs decent privacy practices
  • Do not give consent for sharing of personal data for marketing and advertisement.
  • Choose a strong password! You may use a password control tool like 1Password, KeePass etc - Do not use social media plug-ins.
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
  • Keep your app regularly updated - Limit ad tracking via your device (e.g. on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
  • Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
  • When starting a sign-up, do not agree to tracking of your data if possible.
  • mobile

Can it snoop on me? information

Camera

Device: N/A

App: No

Microphone

Device: N/A

App: Yes

Tracks location

Device: N/A

App: No

What can be used to sign up?

Facebook sign-up available

What data does the company collect?

How does the company use this data?

"We do not sell your User Provided data to third parties. Only aggregated, anonymized data may be periodically transmitted to external services to help us improve the Application and our service. We will share your information with third parties only in the ways that are described in this privacy statement."

"We may disclose User Provided and Automatically Collected Information:

- as required by law, such as to comply with a subpoena, or similar legal process;

- when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request;

- with our trusted services providers who work on our behalf, do not have an independent use of the information we disclose to them, and have agreed to adhere to the rules set forth in this privacy statement.

- if the Company is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Web site of any change in ownership or uses of this information, as well as any choices you may have regarding this information."

How can you control your data?

"We will retain User Provided data until you either delete it from within the Application or request us to delete it. We will retain Automatically Collected information in perpetuity. If you’d like us to delete User Provided Data that you have provided via the Application, please contact us at [email protected]."d Data that you have provided via the Application, Moodfit says to contact them at [email protected]. Unfortunately, our emails to that address went unanswered.

What is the company’s known track record of protecting users’ data?

Average

No known privacy or security incidents discovered in the last 3 years.

Child Privacy Information

"We do not use the Application to knowingly solicit data from or market to children under the age of 13. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us at [email protected]. We will delete such information from our files within a reasonable time."

Can this product be used offline?

Yes

Most features require online connection however.

User-friendly privacy information?

No

Links to privacy information

Does this product meet our Minimum Security Standards? information

Yes

Encryption

Yes

Strong password

Yes

Moodfit updated their password requirment to require a strong password on our request. Thank you Moodfit!

Security updates

Yes

Manages vulnerabilities

Yes

You can contact [email protected].

Privacy policy

Yes

Does the product use AI? information

Can’t Determine

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

Is the company transparent about how the AI works?

Can’t Determine

Does the user have control over the AI features?

Can’t Determine

*Privacy Not Included

Dive Deeper

Comments

Got a comment? Let us hear it.