NOCD

NOCD

NOCD INC
Wi-Fi

Review date: Aug. 2, 2022

|
|

Mozilla says

|
People voted: Super creepy

NOCD is an app designed to help treat Obsessive Compulsive Disorder or OCD. And with a big spike in people reporting OCD symptoms during the COVID-19 pandemic, it's no surprise investors are jumping on board, giving NOCD $33 million in funding at the end of 2021. The app helps users connect with a therapist who specializes in OCD treatment, provides face-to-face therapy, and supports users in between sessions with therapeutic tools and connections to others in the OCD community. It is currently free to download and use. Therapy session are paid for on a per session basis and NOCD says they do partner with many major insurance companies. NOCD is currently available in the US, UK, Australia, and parts of Canada. Unfortunately, we're a bit concerned about NOCD's privacy practices. They do say they can collect a good deal of personal information, combine that information with data gathered from third parties, and use that information for targeted, interest-based advertising and potentially more. Come on NOCD, we don't need another thing to worry about these days!

What could happen if something goes wrong?

NOCD says they can collect a whole lot of information on their users. Everything from name, address, email address, and telephone number, to age, gender, to health information like your OCD triggers and intensity levels, to your precise location information (Update: NOCD updated their privacy policy August 3, 2022 to indicated they now only collect geolocation data rather than precised location data) when you're using the app and even when you're not. Yikes! NOCD also says they can collect even more information about you from third parties such as social media sites like Facebook, YouTube, and Instagram as well as "Companies that provide information to supplement what we already know about you" (like data brokers?). Double yikes!!! That's a whole lot of information NOCD is collecting on you. And it seems to us like information that goes beyond what they need to help you manage and treat your OCD.

What does NOCD say they can do with all this personal information and app usage data they collect on you? Well, to begin with, they say they can combine the information you give them with information they gather from third parties. Then they say they can use that information for things like learning your interests to better understand what tools interest you and to target you with ads. They actually use the word "might" a whole lot when they talk about how they say they can market you with targeted ads, which is a concern for us when it comes to privacy policies because that word "might" seems to offer a lot of wiggle room. Here's what they actually say, "We might use your information to serve you ads about tools and offers. We might tell you about new features or updates. These might be third party offers or tools, services or studies we think you might find interesting. We may also use your information to send you electronic communications. We and our partners may engage in interest-based advertising using information gathered across multiple websites, devices, or other platforms."

We "might" say this is all quite a bit concerning for an app that collects so much personal information. Ah heck, forget the "might", we do say that concerns us. NOCD says they can collect a whole lot of personal information, can combine that with other information they get from third parties like social media sites and potentially data brokers. They then say they can share that information with a whole host of third parties including business partners and the vague "For Other Reasons We May Describe to You."

What's the worst that could happen? Well, just how many people in the world need to know you are struggling with OCD? And why does NOCD need to say they can gather so much additional information about you from third parties sources such as social media sites and potentially even data brokers? NOCD doesn’t specifically state in their privacy policy that they don’t sell user data, which is something we like to see stated clearly. Not to mention, we couldn't determine if they meet our Minimum Security Standards. For an app that targets people dealing with the struggles of OCD, this all just seems like very very bad privacy practices. With OCD symptoms on the rise these days, an app that can help sounds wonderful. We worry that this app doesn't seem to protect the privacy of their users and potentially even exploits it. That's really not good. Not good at all.

Tips to protect yourself

  • Opt out of location-based information collection in the app settings.
  • Limit information you post on social media pages
  • mobile

Can it snoop on me? information

Camera

Device: N/A

App: Yes

Microphone

Device: N/A

App: Yes

Tracks location

Device: N/A

App: No

What can be used to sign up?

Google sign-up is available

What data does the company collect?

How does the company use this data?

UPDATE: On June 28 2022 NOCD updated their privacy policy to state that "We work with these third parties to serve you with our ads and content only—we do not sell or share Personal Information about you with any third parties for their own advertising or marketing purposes." The policy also says that some of their practices may be considered to be 'sale' under California Consumer Privacy Act: "We do share data with third parties as needed for treatment, and we share limited non-treatment related data with third parties with which we have contracts to help with our marketing and analytics efforts, through cookies and pixels. This practice may be considered ‘selling’ data according to the CCPA’s broad definition, even though it is not a “sale” under the conventional definition of the word or under the laws in Virginia and Utah. Additionally, as further clarification, we do not use cookies to enable third parties to serve ads to our website visitors about their own products or services."

NOCD may receive information about you from other sources with your consent or as permitted by applicable law. For example, this may include receiving information from their business partners, social media sites, including Facebook, Twitter, YouTube, Pinterest and Instagram, and other companies that provide information to supplement what NOCD already know about you.

NOCD may also combine information they get from third parties with information they already have about you.

NOCD may engage in interest-based advertising using information gathered across multiple websites, devices, or other platforms.

In the previous 12 months, NOCD have disclosed identifiers as well as select information in customer records, with NOCD's service providers as well as with third parties to whom you authorize us to disclose your personal information.

How can you control your data?

You can opt-out of receiving NOCD's marketing communications. You may also opt-out of location-based information collection by NOCD if you uninstall all NOCD mobile apps from your devices.

The Privacy Policy lists data subject's rights for all users, including right to access and to erase data.

What is the company’s known track record of protecting users’ data?

Average

No known privacy or security incidents discovered in the last 3 years.

Child Privacy Information

By using the Platform, you represent and warrant that you are at least eighteen (18) years of age;. If you discover that information of anyone under eighteen (18) years of age was submitted to the Services, please contact NOCD and they will remove such information.

Can this product be used offline?

No

User-friendly privacy information?

No

Links to privacy information

Does this product meet our Minimum Security Standards? information

Yes

Encryption

Yes

Strong password

Yes

Security updates

Yes

Manages vulnerabilities

Yes

NOCD says people can report security vulnerabilities [email protected]

Privacy policy

Yes

Does the product use AI? information

No

*privacy not included

Dive Deeper

Comments

Got a comment? Let us hear it.