Sanvello

Warning: *privacy not included with this product

Mental Health Apps Online Therapy Peer Support

Sanvello

Sanvello Health, Inc.
Wi-Fi

Review date: April 20, 2022

|
Mozilla researched 8 hours
|

Mozilla says

|
People voted: Super creepy

Sanvello says they have "everything you need to feel better." That includes self-care practices, coaching, online therapists, and a peer support community. This mental health app offers wellness strategies based on the principles of cognitive behavioral therapy (CBT) and mindfulness meditation to help users work on their stress, anxiety, and depression. And holy cow, there's a lot of stress, anxiety, and depression out there these days. A walk around their website shows they have celebrity influencers supporting their app like author John Green and gymnast Aly Raisman. The app is free to download, with many features only available through a subscription of around $54 a year. Insurance and employer coverage is also an option.

All that sounds great, but what about their privacy practices? From what we can tell from their rather vague privacy policy, those maybe aren't so great. Sanvello does collect a good amount of personal information and may share that information with third parties for personalization, advertising, marketing, and research purposes. For an app that works to help those with stress and anxiety, we think having a better privacy policy would decrease some of our stress and anxiety about how they handle their users' personal data.

What could happen if something goes wrong?

Sanvello says they can collect a lot of personal information, including name, email, gender, location, birth date, mood, health and biometric data, thought records, messages with your coach, and more. And they say the may combine all this personal data with information they get from other sources, such as potentially data brokers and advertising companies. And they say they may use and disclose de-identified and aggregated data for any purpose (here's where we remind you such de-identified data has been found to be relatively easy re-identify, especially if location data is included.) Red flags for us.

How do they say they can use all this data they collect on you? Sanvello says they can share your personal information with third party researcher partners for health or behavioral research purposes. They can share information about your use of Sanvello with health insurers or health plan administrators to evaluate your care (they say they won't share your thought records with health insurers). And Sanvello says they can use your personal information for advertising and promotional purposes. Finally, Sanvello adds that they can use your personal information "as otherwise necessary or useful for us to conduct our business, so long as such use is permitted by law or for any other purpose with your consent." That last part feels kinda broad and vague to us. Guess what, more red flags. 🚩 🚩 🚩

One last red flag with Sanvello. We emailed them multiple times as the email listed in their privacy policy for privacy-related questions and Sanvello didn't respond with answers to our privacy and security questions. So, we can't confirm if Sanvello meets our Minimum Security Standards.

What's the worst that could happen with Sanvello? Well, we suppose it's possible you could think it normal for a mental health app (or any app, but especially one that collects so much personal information) to collect and share so much of your personal information and get used to that as the norm in the world and completely give up on having any privacy at all. That's sounds terrible. Let's never let that happen.

Tips to protect yourself

  • Ensure you have a strong password
  • Do not allow third-party tools access to your medical data
  • Do not give permission to combine your data with other third-party data, or to use it for research
  • mobile

Can it snoop on me? information

Camera

Device: N/A

App: Yes

Microphone

Device: N/A

App: Yes

Tracks location

Device: N/A

App: No

What can be used to sign up?

What data does the company collect?

How does the company use this data?

Sanvello may, when permitted, combine your Information with other information, whether online or offline, maintained or available to them from you or from other sources, such as from our vendors, and they may use and disclose combined data for the purpose described in this Section or for internal business purposes.

Sanvello may also share Information with third-party companies that they have a business relationship with.

The Privacy Policy is not transparent on whether data is shared for marketing purposes with third parties. It mentions that for California residents, "If we have disclosed any personal information to third parties for direct marketing purposes, we will provide a list of the categories of personal information, along with the names and addresses of these third parties to you at your request. " It makes us believe that some data may be shared for marketing purposes. The Policy also mentions for California residents that in the preceding twelve months, they have not sold any personal information.

How can you control your data?

Sanvello's privacy policy mentions that you may have options to modify or delete or your Information, if applicable. It is not transparent about what categories of users have such right. The retention details are also unclear.

Data retention policies are mentioned only for EEA users.

What is the company’s known track record of protecting users’ data?

Average

No known privacy or security incidents discovered in the last 3 years.

Child Privacy Information

Sanvello will not intentionally collect any personal information (as that term is defined in the Children’s Online Privacy Protection Act) from children under the age of 13 through our Online Services without receiving parental consent.

Can this product be used offline?

Yes

Sanvello offers offline meditation options.

User-friendly privacy information?

No

https://www.sanvello.com/privacy-policy/

Links to privacy information

Does this product meet our Minimum Security Standards? information

Unknown

Encryption

Yes

Data is sent over SSL (Secure Sockets Layer) and any persistent data is encrypted and stored on secured servers

Strong password

Yes

Security updates

Yes

Manages vulnerabilities

Can’t Determine

Privacy policy

Yes

Does the product use AI? information

Can’t Determine

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

Is the company transparent about how the AI works?

Can’t Determine

Does the user have control over the AI features?

Can’t Determine

*privacy not included

Dive Deeper

Comments

Got a comment? Let us hear it.