NOCD is an app designed to help treat Obsessive Compulsive Disorder or OCD. And with a big spike in people reporting OCD symptoms during the COVID-19 pandemic, it's no surprise investors are jumping on board, giving NOCD $33 million in funding at the end of 2021. The app helps users connect with a therapist who specializes in OCD treatment, provides face-to-face therapy, and supports users in between sessions with therapeutic tools and connections to others in the OCD community. It is currently free to download and use. Therapy session are paid for on a per session basis and NOCD says they do partner with many major insurance companies. NOCD is currently available in the US, UK, Australia, and parts of Canada. In 2022, we found a good bit to be concerned about with NOCD's privacy. However, it does seem they have improved some since we released our review last year.
What could happen if something goes wrong?
First reviewed April 20, 2022. Review updated, April 25, 2023
Oh NOCD, what a journey it has been with you this last year. When we first reviewed NOCD in 2022 we had some serious concerns about their privacy. And our questions emailed to email address listed in their privacy policy for privacy related questions went unanswered before we launched our review. However, after our launch, when our review was brought to NOCD's attention by concerned users, NOCD came back to us and was open to communication and clarifying some confusing aspects of their privacy policy. We always appreciate constructive communication with any company looking to improve their privacy practices and privacy policies.
So, has NOCD improved over the last year? Yes, they have. In their responses to us, we were able to confirm they meet our Minimum Security Standards, which is good. And they have improved their privacy policy to offer some more clarity about their privacy practices, especially clarity around how personal information from website visitors, NOCD app/community members, and NOCD therapy members is handled. Clarity on this is good.
Now, their privacy notices make clear that they “do not use location tracking.” And this year, they promptly responded when we sent an email to the address listed in their privacy policy. In that email, they reassured us that they do not collect personal information from data brokers and when they combine information about you from third parties, it’s for treatment purposes only. We’d like to see them commit to that in their privacy notice so they can’t just change it whenever they want to, but their emailed reassurance is a good first step.
NOCD does seem to do a good job of protecting and respecting the privacy of therapy members. The data for those individuals is generally covered by HIPAA and more strongly protected. We do still have concerns about the privacy of information NOCD collects, uses, and shares for people visiting their website or who download their app. Some of that information, NOCD says, can be shared with third parties for targeted advertising purposes (they do clearly state in their privacy policy that no data used for treatment is shared for advertising purposes though).
So, yes, NOCD has gotten better since we reviewed them in 2022. That said, they do still raise a few privacy concerns for us. If you visit NOCD's website, don't be surprised to find their ads following you around the internet once you leave.
Read our 2022 review:
NOCD says they can collect a whole lot of information on their users. Everything from name, address, email address, and telephone number, to age, gender, to health information like your OCD triggers and intensity levels, to your precise location information when you're using the app and even when you're not. Yikes! NOCD also says they can collect even more information about you from third parties such as social media sites like Facebook, YouTube, and Instagram as well as "Companies that provide information to supplement what we already know about you" (like data brokers?). Double yikes!!! That's a whole lot of information NOCD is collecting on you. And it seems to us like information that goes beyond what they need to help you manage and treat your OCD.
What does NOCD say they can do with all this personal information and app usage data they collect on you? Well, to begin with, they say they can combine the information you give them with information they gather from third parties. Then they say they can use that information for things like learning your interests to better understand what tools interest you and to target you with ads. They actually use the word "might" a whole lot when they talk about how they say they can market you with targeted ads, which is a concern for us when it comes to privacy policies because that word "might" seems to offer a lot of wiggle room. Here's what they actually say, "We might use your information to serve you ads about tools and offers. We might tell you about new features or updates. These might be third party offers or tools, services or studies we think you might find interesting. We may also use your information to send you electronic communications. We and our partners may engage in interest-based advertising using information gathered across multiple websites, devices, or other platforms."
We "might" say this is all quite a bit concerning for an app that collects so much personal information. Ah heck, forget the "might", we do say that concerns us. NOCD says they can collect a whole lot of personal information, can combine that with other information they get from third parties like social media sites and potentially data brokers. They then say they can share that information with a whole host of third parties including business partners and the vague "For Other Reasons We May Describe to You."
What's the worst that could happen? Well, just how many people in the world need to know you are struggling with OCD? And why does NOCD need to say they can gather so much additional information about you from third parties sources such as social media sites and potentially even data brokers? NOCD doesn’t specifically state in their privacy policy that they don’t sell user data, which is something we like to see stated clearly. Not to mention, we couldn't determine if they meet our Minimum Security Standards. For an app that targets people dealing with the struggles of OCD, this all just seems like very very bad privacy practices. With OCD symptoms on the rise these days, an app that can help sounds wonderful. We worry that this app doesn't seem to protect the privacy of their users and potentially even exploits it. That's really not good. Not good at all.
Tips to protect yourself
- Chose a strong password! You may use a password control tool like 1Password, KeePass etc
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
- Keep your app regularly updated
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
- When starting a sign-up, do not agree to tracking of your data if possible.
Can it snoop on me?
Camera
Device: N/A
App: Yes
Microphone
Device: N/A
App: Yes
Tracks location
Device: N/A
App: No
What can be used to sign up?
Yes
Phone
No
Third-party account
Yes
Google sign-up is available
What data does the company collect?
Personal
Name, mailing address, telephone number, email address, phone number, birthdate, age, gender, location and zip code.
Body related
Information about your condition including but not limited to obsessions, compulsions, triggers, intensity levels, etc.
Social
Information you post on our social media pages, as well as social media profile information and information posted on your page.
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
No known privacy or security incidents discovered in the last 3 years.
Child Privacy Information
Can this product be used offline?
User-friendly privacy information?
Links to privacy information
Does this product meet our Minimum Security Standards?
Encryption
Strong password
Security updates
Manages vulnerabilities
NOCD says people can report security vulnerabilities at [email protected].
Privacy policy
Dive Deeper
-
Is NOCD also doing shady things with your data?Playfair Consulting
-
How Apps and VR Therapy Can Help OCD PatientsWIRED
-
NOCD ReviewOne Mind Psyber Guide
-
OCD therapy app sees sessions double during pandemicMedCity News
-
Mobile Apps for OCD ManagementInternational OCD Foundation
-
Pandemic Anxiety Is Fueling OCD Symptoms—Even for People Without the DisorderTIME
-
Virtual OCD Treatment Provider NOCD Raises $33M in Series B RoundBuilt In Chicago
Comments
Got a comment? Let us hear it.