Bearable

Bearable

Bearable
WiFi

Data da avaliação: 25 de Abril de 2023

|
A Mozilla investigou por 16 horas
|

Opinião da Mozilla

|
Votos das pessoas: Razoavelmente assustador

You're feeling off, you're not sure why. It happens to all of us. Sometimes we can step back and put two-and-two together to figure out what's going on. Sometimes we can't. Mood and symptom trackers can help. Bearable is a popular and recommended mood/symptom tracker that lets users "track anything and discover how it affects your health." Track your mood, sleep, exercise, medication, stress, food, bowel movements, or even customize it to track things you didn't even know you could like how often you sneeze everyday. Track it all, then look at charts and graphs to see how all those things affect your over time. Or share that data with your mental health professional to sort through what is going on in your life. How does Bearable handle all that private, personal information you share? Well, they seem to do an OK job, although we do have some concerns about what you consent to when you simply agree to use the app.

O que pode acontecer se algo der errado?

First reviewed April 20, 2022. Review updated, April 25, 2023

Some good news. We mark Bearable as one of the companies that has improved since we reviewed them in 2022. That is mainly because we can now confirm they meet our Minimum Security Standards, which was our biggest concern about them in 2022. Last year when we reached out to the email listed in their privacy policy -- [email protected] -- James didn't reply back to our questions before we launched our reviews. This year we heard from James right away when we emailed our questions! Thank you James. We're also happy to see that the email address now listed in their privacy policy for privacy related questions is no longer James' personal email. Now users can email [email protected]. That seems like an improvement to us.

Bearable does have a few things that concern us here in 2023. The biggest one is how they get your "explicit consent" to collect and process your data. Consent happens when you create an account at Bearable. And it appears the only way to withdraw that consent is to delete your account. Here's what Bearable's privacy policy says on the matter: "The data you track in Bearable about your health and activities is considered sensitive personal data. Bearable does not store sensitive personal data without your explicit consent. It is only when you give us explicit consent by creating a Bearable account, and giving us your consent declaration, that we start storing health data that you choose to provide on our secured servers. You can withdraw your consent at any time by simply deleting your account in the app." Yeah, maybe that's OK. But honestly, how many people read all those privacy policies and consent declarations when they sign up for an app. We would love to see giving "explicit consent" to feel a little more "explicit."

One other thing that gave us pause about Bearable was the discovery that certain trackers, like one for Facebook that could be used to track user data, appeared when our research used the app. As your lovely privacy researcher pointed out, he didn't give his "explicit consent" for any of his user data to be tracked through Facebook. We emailed our good buddy James at Bearable for an explanation of this. We're still waiting to hear back on that one.

Back to nice things we noticed about Bearable, In July, 2022 they added a notice at the top of their privacy policy that reads, "Updated to clarify that as a UK company, we’re not required to have to comply with US criminal subpoenas requesting disclosure of data." This is an important clarification that we love to see in light of the removal of reproductive healthcare rights in the US in many states following the end of Roe vs Wade. We appreciate Bearable letting their users know that any US law enforcement requests for information potentially related to women seeking reproductive healthcare will be better protected under the UK's privacy laws.

All in all, Bearable isn't the worst app we've reviewed. It's not the best either. But we're happy James did confirm they meet our Minimum Security Standards this year, so that's a step forward. There's still work to do though James! Including fixing that confusing "explicit consent" concern. Nobody wants to feel tricked into giving their consent to for an app to collect and/or use their personal information.

Read our 2022 review:

Bearable seems to do a pretty good job taking their users' privacy seriously. This mood and symptom tracking app can collect a lot of personal information if you chose to share it. Things like your email, mood, energy levels and individual symptoms, your medication and supplements, sleep quality, exercise, diet, and daily activities such as work and grocery shopping. That's a lot of personal information. Here's what we like about how Bearable handles all of that data of yours.

First, Bearable says they don't and will never sell your data. Yay! They also say they track as little personally identifiable data as possible to protect users. They purposefully do not ask for information like name, age, and gender. Again, yay! They go on to say they don't process personal data that directly identifies you as a person (such as your first name, surname, email). Good work Bearable, so far so good. Bearable doesn't seem to share personal information with third parties for targeted advertising. Again, good. They do say your health data is encrypted safely and the only personal data attached to it is your email address. And then they say, "your personal profile data (email address) is stored separately from your health (mood, symptoms, medication, your customized health factors) data and your service settings. This allows us to ensure the highest possible level of privacy for your health data. Your password is stored using one-way encryption." Which is a little confusing, because it sounds like your email address is attached to your health data, yet stored separately. Not exactly sure how that works, but it seems OK, we hope.

Unfortunately we couldn't tell if Bearable meets our Minimum Security Standards. We emailed James, the privacy contact listed in Bearable's privacy policy for privacy related questions. Unfortunately, we didn't hear back from James. (Give us a shout James! We'd love to hear from you.) What could happen if something goes wrong? Hopefully not too much. Just make sure to set up a strong password so no one can get into your app and see that you track stuff like how often you fart. That could get embarrassing.

Dicas para se proteger

  • You can read Bearable’s recommendations for protecting your personal data under the section 'Data security' here.
  • Do not log in using third-party accounts
  • Do not connect to any third party via the app, or at least make sure that a third party employs decent privacy practices
  • Do not give consent for sharing of personal data for marketing and advertisement.
  • Choose a strong password! You may use a password control tool like 1Password, KeePass etc
  • Do not use social media plug-ins.
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
  • Keep your app regularly updated
  • Limit ad tracking via your device (e.g. on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
  • Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
  • When starting a sign-up, do not agree to tracking of your data if possible.
  • mobile

Pode me bisbilhotar? informações

Câmera

Dispositivo: Não aplicável

Aplicativo: Não

Microfone

Dispositivo: Não aplicável

Aplicativo: Não

Rastreia localização

Dispositivo: Não aplicável

Aplicativo: Sim

O que pode ser usado para se inscrever?

Facebook, Google, Apple sign-ups are available

Que dados a empresa coleta?

Como a empresa usa esses dados?

"Bearable does not and will never sell any personal data. We made this app primarily to help people like us and this would not be in line with our values.

Bearable does not track or share any personal data with third party companies unless you specifically choose to enable that option (e.g. with Google Fit or Apple Health)."

"By creating an account with Bearable you explicitly consent that:

i. Bearable may store and process personal data you provide through the usage of the Bearable app and through the account creation process solely for the purpose of providing Bearable services to you and to improve Bearable’s service features. Such Bearable services may include sending you information and reminders through the Bearable app, e.g. via push notification or to the email address you provided to Bearable, where you have separately agreed to receive such messages.

ii. Such personal data you provide to Bearable through the account creation process for the purpose of providing Bearable’s service includes personal data you enter into the Bearable app, such as your account data (e.g. your email address), and your health data which may include your mood levels and individual symptom levels, your medication and supplements and other health factors you track in the app (e.g. sleep quality, exercise, diet and food diary, general daily activities such as work, tv, meditation etc.). All of your health data is encrypted on the server end.

You may withdraw your consent to this use of your data at any time by deleting your Bearable account. This can be requested by e-mailing [email protected]. You can also delete your data from the settings page within the Bearable App at any time."

Como você pode controlar seus dados?

"We do not retain your personal data in an identifiable format for longer than necessary to deliver our services. As soon as we can, we encrypt your email address and create an anonymised user ID so that your health data is not directly connected to your email address on our systems."

You can "request the complete deletion of your data, including all past data sent to third-party services used for tracking and analysis, by reaching out to [email protected]. Your data will be deleted as soon as possible and within 30 days."

Qual é o histórico conhecido da empresa na proteção de dados dos usuários?

Médio

No known privacy or security incidents discovered in the last 3 years.

Informações de privacidade infantil

"This service is not intended for children under the age of 16. Bearable does not knowingly collect or use personal data from children under the age of 16. By registering to a Bearable account you are required to confirm that you are at least 16 years old.

If Bearable gains actual knowledge that the information has been collected from children under 16, we reserve the right to immediately delete the account and wipe all related information, including health and sensitive data of the user, from our servers.

If you are a parent and learn that your child is using Bearable without your permission or if you have any specific question about data privacy at Bearable, do not hesitate to get in touch with us at [email protected]."

Este produto pode ser usado offline?

Não

Informações de privacidade fáceis de entender?

Sim

Links para informações de privacidade

Este produto atende aos nossos padrões mínimos de segurança? informações

Sim

Criptografia

Sim

Senha forte

Sim

Atualizações de segurança

Sim

Gerencia vulnerabilidades

Sim

Reporting per email available.

Política de privacidade

Sim

O produto usa inteligência artificial? informações

Não

*Privacidade não incluída

Mergulhe mais fundo

Comentários

Tem um comentário a fazer? Nos diga.