Sanvello

Warning: *Privacy Not Included with this product

Mental Health Apps Online Therapy Peer Support

Sanvello

Sanvello Health, Inc.
Wi-Fi

Review date: April 25, 2023

|
Mozilla researched 16 hours
|

Mozilla says

|
People voted: Very creepy

Sanvello says they have "everything you need to feel better." That includes self-care practices, coaching, online therapists, and a peer support community. This mental health app offers wellness strategies based on the principles of cognitive behavioral therapy (CBT) and mindfulness meditation to help users work on their stress, anxiety, and depression. And holy cow, there's a lot of stress, anxiety, and depression out there these days. A walk around their website shows they have celebrity influencers supporting their app like author John Green and gymnast Aly Raisman. The app is free to download, with many features only available through a subscription of around $54 a year. Insurance and employer coverage is also an option. All that sounds great, but what about their privacy practices? From what we can tell from their rather confusing privacy policy, those maybe aren't so great. Sanvello does collect a good amount of personal information and may share that information with third parties for personalization, advertising, marketing, and research purposes. For an app that works to help those with stress and anxiety, we think having a better privacy policy would decrease some of our stress and anxiety about how they handle their users' personal data.

What could happen if something goes wrong?

First reviewed April 20, 2022. Review updated, April 25, 2023

Hmmm...in 2023 Sanvello presents us with an interesting conundrum. When reviewing their privacy policy, we notice they say it is a "Web And Mobile Privacy Policy." Which, OK, that's fine. They then go on to say "Our Privacy Policy explains how we handle information collected from Sanvello.com or in the course of receiving Services. Additional privacy policies (such as our notice of privacy practices) may apply depending on the specific product or service and outline how we handle information collected in other ways." All of those words make it seems like their privacy policy could cover their mobile app as well as their website and mobile site. But it's not 100% clear to us that this privacy policy does cover their app as it is not explicitly stated. Note to anyone reading this, you should absolutely be able to tell if the privacy policy you are reading specifically covers the app, website, device, or services you are using. There should be zero question here. Unfortunately, we have questions.

So, assuming their privacy policy does cover the app (which is an assumption we have to make because we aren't 100% clear), how does it look? Well, the good news is, they have both a privacy policy for information collected when using their website, and they have a separate notice of privacy practices that covers how they handle the privacy and disclosure of medical information specifically. This is good. The bad news is, both their privacy policy and their notice of privacy practices for medical information outline a whole lot of ways they could share your personal information if you use their services. They outline enough information sharing or have enough confusing or vaguely worded statements in their privacy policy that we have concerns. And because they never responded to questions emailed to them at the email address listed on their website, we were unable to get the clarification needed to do anything but assume the worst with Sanvello. In 2023, they still receive our *Privacy Not Included warning label.

Read our 2022 review:

Sanvello says they can collect a lot of personal information, including name, email, gender, location, birth date, mood, health and biometric data, thought records, messages with your coach, and more. And they say the may combine all this personal data with information they get from other sources, such as potentially data brokers and advertising companies. And they say they may use and disclose de-identified and aggregated data for any purpose (here's where we remind you such de-identified data has been found to be relatively easy re-identify, especially if location data is included.) Red flags for us.

How do they say they can use all this data they collect on you? Sanvello says they can share your personal information with third party researcher partners for health or behavioral research purposes. They can share information about your use of Sanvello with health insurers or health plan administrators to evaluate your care (they say they won't share your thought records with health insurers). And Sanvello says they can use your personal information for advertising and promotional purposes. Finally, Sanvello adds that they can use your personal information "as otherwise necessary or useful for us to conduct our business, so long as such use is permitted by law or for any other purpose with your consent." That last part feels kinda broad and vague to us. Guess what, more red flags. 🚩 🚩 🚩

One last red flag with Savello. We emailed them multiple times as the email listed in their privacy policy for privacy-related questions and Savello didn't respond with answers to our privacy and security questions. So, we can't confirm if Sanvello meets our Minimum Security Standards.

What's the worst that could happen with Sanvello? Well, we suppose it's possible you could think it normal for a mental health app (or any app, but especially one that collects so much personal information) to collect and share so much of your personal information and get used to that as the norm in the world and completely give up on having any privacy at all. That's sounds terrible. Let's never let that happen.

Tips to protect yourself

  • Choose a strong password! You may use a password control tool like 1Password, KeePass etc
  • Do not use social media plug-ins.
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
  • Keep your app regularly updated
  • Limit ad tracking via your device (e.g. on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
  • Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
  • When starting a sign-up, do not agree to tracking of your data if possible.
  • mobile

Can it snoop on me? information

Camera

Device: N/A

App: Yes

Microphone

Device: N/A

App: Yes

Tracks location

Device: N/A

App: Yes

What can be used to sign up?

What data does the company collect?

How does the company use this data?

We ding this product as their sharing practices are unclear. They may be sharing or selling data to third parties incl. for their marketing purposes. They may be also combinining data collected about you with data from third parties. "We will not disclose, share, sell, or otherwise disclose your information to unaffiliated third parties for their own marketing unless so authorized by you, your employer or association, group or benefit program sponsor."

"We may use Personal Information for a number of purposes such as:

<...>

As otherwise necessary or useful for us to conduct our business, so long as such use is permitted by law."

"We may also share Personal Information within the Company, and we may combine Personal Information that you provide us through this website with other information we have received from you, whether online or offline, or from other sources such as from our vendors."

"We may disclose De-Identified Information. “De-Identified Information”, means information that is neither used nor intended to be used to personally identify an individual."

How can you control your data?

It is not clear if all users regardless of location can get their data be deleted, and how users outside of California jurisdiction can get their data deleted.

"This section applies solely to the personal data of users who reside in the State of California <...> You have the right to request that Sanvello delete any of your personal information that we collected from you and retained, subject to certain exceptions. <...> Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information."

What is the company’s known track record of protecting users’ data?

Average

No known privacy or security incidents discovered in the last 3 years.

Child Privacy Information

Sanvello says they will not intentionally collect any Personal Information from children under the age of 13 through this website without receiving parental consent.

Can this product be used offline?

Yes

Sanvello offers offline meditation options.

User-friendly privacy information?

No

https://www.sanvello.com/privacy-policy/

Links to privacy information

Does this product meet our Minimum Security Standards? information

No

Encryption

Yes

Data is sent over SSL (Secure Sockets Layer) and any persistent data is encrypted and stored on secured servers

Strong password

Yes

Security updates

Yes

Manages vulnerabilities

Can’t Determine

Privacy policy

Can’t Determine

Could not confirm their privacy policy covers their app as it mentions only "Web And Mobile Privacy Policy". We are unclear if mobile is the mobile site or if mobile also covers their app.

Does the product use AI? information

Can’t Determine

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

Is the company transparent about how the AI works?

Can’t Determine

Does the user have control over the AI features?

Can’t Determine

*Privacy Not Included

Dive Deeper

Comments

Got a comment? Let us hear it.