Mindshift CBT

Advertencia: *privacidad no incluida con este producto

CBT stands for Cognitive Behavioral Therapy. It is a psychological treatment shown to be effective at helping manage things like anxiety, eating disorders, and phobias. Mindshift CBT is a free app created by the Canadian charitable organization Anxiety Canada that uses evidence-based CBT strategies to help users manage anxiety by reducing worry, stress, and panic. The app offers tools based on these CBT strategies such as thought journals, belief experiments, and coping cards as well as fear ladders and expanding your comfort zone guides. Tools all designed to help better navigate the crazy, messed up world we're living in these days. Couple that with the fact that Anxiety Canada is a non-profit charitable organization that isn't looking to share or sell a bunch of your personal information to make money and you've got yourself a pretty good deal. Did we mention it's free? But you can always donate to support this organization if you want. We do worry a little about the app's security practices, though, so unfortunately, it's not perfect.

¿Qué podría pasar si algo falla?

First reviewed April 20, 2022. Review updated, April 25, 2023

Not much has changed with non-profit Anxiety Canada's Mindshift CBT app over the last year. Their privacy policy was last update in October, 2021, so no changes there since our last review. And we still have the same concerns about the app from a security perspective that we had last year -- we are unable to confirm if they encrypt their data both in transit and at rest (where they store it online), and they still only require a weak password of "111111".

We see they did start restricting access to their public Community forum where users can share stories and offer peer-to-peer support to only users who turn 18+ in the current calendar year. We consider that a good privacy move, especially since we could find no child-specific privacy information in their privacy policy. This is also a good reminder to only share what you are comfortable being made public in such open community forums, no matter your age (but especially if you are under 18!).

Read our 2022 review:

Anxiety Canada's Mindshift CBT app seems to take their users' privacy fairly seriously, which is nice. They do collect personal information like name, e-mail address, telephone, location, and information about your usage of MindShift. The do not share or sell this information for any targeted marketing or advertising purposes though, so yay! Unfortunately, as we have seen with other apps created by non-profit charitable organizations, we do have some concerns about their security practices. The app accepted the weak password "111111" when we logged in. We also were unable to confirm if and when they use encryption to protect users' data in transit and at rest and if they have a way to manage security vulnerabilities. Emails to the address mentioned in their privacy policy for these privacy related questions went unanswered.

It's great to see the organization take privacy seriously. And we understand that charitable organizations don't always have the same resources as bigger companies to focus on an app's security. Which stinks. Big companies tend to have way worse privacy practices and better security practices where charitable organizations seem to have the best privacy practices and not as strong security practices. We feel a little like Goldilocks out here looking for the rare that manages to do both well.

Consejos para protegerte

  • Choose a strong password! You may use a password control tool like 1Password, KeePass etc
  • Do not use social media plug-ins.
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
  • Keep your app regularly updated
  • Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
  • Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
  • When starting a sign-up, do not agree to tracking of your data if possible.
  • mobile

¿Me puede espiar? Información

Cámara

Dispositivo: No aplica

Aplicación: No

Micrófono

Dispositivo: No aplica

Aplicación: No

Rastrea la ubicación

Dispositivo: No aplica

Aplicación: No

¿Qué se puede usar para registrarse?

¿Qué datos recopila la empresa?

¿Cómo utiliza la empresa estos datos?

"We do not generally disclose your personal information to any third party without your specific consent, except as permitted or required by law."

"We use information about you in the following ways: To ensure that Mindshift content is presented in the most effective manner for your mobile device.

To provide you with information related to MindShift that will facilitate your engagement with the MindShift.

To provide you with promotional communications, such as email, where you have provided consent to receive such communications.

To carry out our obligations arising from any agreements entered into between you and us. To allow you to participate in interactive features of MindShift when you choose to do so. To notify you about changes to MindShift.

To understand your location to help us identify groups of users by general geographic market (such as postal code, province, or country)."

¿Cómo puedes controlar el uso de tus datos?

"You may request access to, make corrections to, or delete the personal information we hold about you at any time, subject to certain exceptions."

"We will retain the personal information we collect from or about you only for so long as we require it to satisfy the purposes for which we collected the information. We will also retain your personal information for as long as is required to meet our various legal and business obligations, which in some cases might be for a longer period than is necessary to satisfy the purposes for collection.

In particular, if we use any of your personal information to make a decision that directly affects you (e.g., to decide whether you are eligible to participate in a MindShift CBT Group of the Mindshift CBT Community), we will retain that information for at least one year after the date we use the information to make the decision. This is so you have time to request access to your personal information.

Once there is no longer a legal requirement or business purpose to retain your personal information we will securely delete, destroy, or anonymize it."

¿Qué historial tiene la compañía en cuanto a la protección de los datos de los usuarios?

Promedio

No known privacy or security incidents discovered in the last 3 years.

Información sobre privacidad infantil

Mindshift CBT's privacy policy does not mention child privacy information.

They do say that as of November, 2022 "Access to Community is now restricted to users who are 18+ at the start of the calendar year."

They also state in their privacy policy that:

"f you apply to become a participant in our MindShift CBT Group, we will also collect personal information, including information about the nature and severity of your anxiety symptoms, directly from you for the following purposes...

"If you are a minor, to determine whether you are able to consent on your own behalf to participate in the MindShift CBT Group, or whether consent from your parent/guardian is required;"

¿El producto se puede usar sin conexión?

No

¿La información de privacidad es fácil de entender?

No

Enlaces a información de privacidad

¿El producto cumple nuestros estándares mínimos de seguridad? Información

No

Cifrado

No se puede determinar

Contraseña fuerte

No

The app has accepted '111111' as a password.

Actualizaciones de seguridad

Gestiona las vulnerabilidades

"To deal with security vulnerabilities, we would escalate reported potential vulnerabilities to our contracted developer, EY, and request a corresponding update to the MindShift app. The contact would be [email protected]."

Política de privacidad

¿El producto usa IA? Información

No se puede determinar

¿Es poco confiable esta IA?

No se puede determinar

¿Qué tipo de decisiones toma la IA acerca de ti o por ti?

¿La empresa es transparente acerca del funcionamiento de la IA?

No se puede determinar

¿Tiene el usuario control sobre las características de la IA?

No se puede determinar

*privacidad no incluida

Profundiza más

Comentarios

¿Tienes algún comentario? Queremos escucharte.