Warning: *privacy not included with this product
Review date: April 20, 2022
Shine was built by two women of color to focus on groups too often underrepresented in wellness conversations -- women of color. The app features daily meditations, self-care courses, personalized support, and monthly virtual workshops. With a majority of teachers being people of color, Shine is able to focus more specifically on the causes of stress, anxiety, and depression in the Black, Indigenous, and people of color communities, especially among women. Meditation topics focused on specific communities -- AAPI, Black, LGBTQ+, Latinx for example -- are designed to help users manage work frustrations, navigate relationships, and find joy. With a staff that is 80% BIPOC, Shine believes that fighting for the mental health of marginalized people helps fights for their lives and rights too. Yay for caring for and about marginalized communities! But how does Shine's privacy and security practices look? Well, unfortunately, they don't really shine.
What could happen if something goes wrong?
But what do those statements actually mean? Does that mean that they could sell data to any affiliated third parties. Yes, it seems so. Does it mean they may share personal data with marketing and advertising providers. Again, yes it does. And what does you giving them permission pursuant of a joint marketing agreement etc etc. actually look like? It's rather confusing legalese that doesn't make us feel great about their overall privacy practices.
Shine says they can collect a fair amount of personal information on you including first and last name, postal address, email address, and other "identifying information that you choose." They can also collect information such as your annual revenue, gender, and certain demographic information they say they don't consider personal info but rather anonymized statistical data. Shine also says they can receive information about your from third parties including business partners, data brokers, or credit reporting agencies. So much data from so many places! We don't like it.
They go on to say, as so many mental health app companies we reviewed do, "We may disclose aggregated, anonymized, statistical data and/or non-identifying information about our Users without restriction." And here is where we must remind you that it has been found to be relatively easy to de-anonymize this data.
Shine collects a lot of personal information, shares a lot of personal information with a lot of people and on top of all that, they don't meet our Minimum Security Standards (we were able to log into the app with the weak password "111111". ) All in all, Shine leaves us concerned about their privacy and security practices. Which is a bummer, because we here at *Privacy Not Included firmly believe protecting the privacy of marginalized communities is very important. Here's hoping Shine will step up and do better for the communities they work to help.
Tips to protect yourself
- Do not give consent for sharing of personal data for marketing and advertisement.
- Do NOT use your Facebook account to login.
- Chose a strong password. Unfortunately, the app will not prompt you to do it.
- Email [email protected] to opt out of having your email and other contact information used for marketing and advertising.
What can be used to sign up?
Facebook or Apple accounts can be used
What data does the company collect?
First and last name, postal address, email address
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
No known privacy or security incidents discovered in the last 3 years.
Child Privacy Information
Can this product be used offline?
You can download your Shine meditations
User-friendly privacy information?
Links to privacy information
Does this product meet our Minimum Security Standards?
We were able to sign up with '111111'.
Got a comment? Let us hear it.