MindDoc

Aviso: *Privacidade não incluída neste produto

MindDoc

Data da avaliação: 25 de Abril de 2023

|
A Mozilla investigou por 16 horas
|

Opinião da Mozilla

|
Votos das pessoas: Razoavelmente assustador

MindDoc is a mental health app developed by clinical psychologists and researchers to help people suffering with depression, anxiety, insomnia, and eating disorders or who simply want to work daily on their emotional well-being. Based in Germany, MindDoc is governed by the generally stricter GDPR privacy laws, at least for people living in the EU. The app, available in German and English, is free to download and costs around $70 for a yearly subscription. Users get access to a mood journal, a mental health score to help gives users insight into where things are going well and where there are problems and then offers courses and exercises to help improve mental wellness. So, how do their privacy practices look? Well, yay for being under GDPR, that's a good thing as that law has stricter privacy protections than most anywhere else in the world. Still, boo on MindDoc for being occasionally vague in their privacy policy about how they share data with third parties. And an even bigger BOO on MindDoc for allowing Facebook to collect data on their users that could tell Facebook things like when a person users the mental health app and how often. Not good, not good at all.

O que pode acontecer se algo der errado?

First reviewed April 20, 2022. Review updated, April 25, 2023

There's good news and bad news when it comes to MindDoc this past year. First, the good news. Since we last reviewed MindDoc in 2022, they have updated their privacy policy to clarify that all users covered by their privacy policy are granted the same rights -- derived from Europe's strong GDPR privacy law -- to access and delete their data. Yay! We here at *Privacy Not Included love to see that. They even have a whole section that lays out all the privacy rights they grant everyone, not only those who list in places covered by GDPR. Again, yay!

That's the good news. Now, the bad news. MindDoc still raises lots of concerns for us about how much data they collect and say they can share with companies like Facebook and Google. Their privacy policy is actually quite exhaustive in laying out all the third parties they say they can share data with. The other bad news is, just like in 2022, they never responded to the privacy and security related questions we emailed them at the email address listed in their privacy policy for such questions. And therefore we are unable to confirm if they meet our Minimum Security Standards. So, MindDoc still earns our *Privacy Not Included warning label in 2023, even though we want to give them credit for doing better by clarifying all people have the same rights to control and delete their data regardless of what privacy laws they live under. Two steps forward, one step back, as the saying goes.

Read our 2022 review:

Here's a scary line to read in any privacy policy, "Facebook may associate your use of our app and related activities with your Facebook user account." Uhm, YIKES!!! What does that mean? Well, it seems to indicate Facebook could know if you use the MindDoc app, when you use the app, how often you use the app, and perhaps other details about your use of the app. So, Facebook could know you're a woman, 28 years old, who uses an app to help manage anxiety, and likes lots of posts about cats and wine. Based on that. Facebook could then serve you lots of targeted ads about being single, your biological clock ticking, and make you even more anxious about life. You absolutely do not need that.

Here's another vague line in MindDoc's privacy policy that worries us, "We generally do not share your data with third parties unless we are legally entitled or obligated to do so, or you have given us consent to do so." Uhm, what do they mean by "generally"? That word seems to give them wiggle room to share your data with third parties in instances not covered by their privacy policy. Which, again, YIKES!!! Vague statements in privacy policies are not your friend. Especially with apps that collect so much personal information about you like your name, email, phone number, questions about your mental state, living conditions, and more. Seems Consumers Reports also had problems with MIndDoc's vague privacy policies on data sharing with third parties back in 2021. We're worried your data could get shared with third parties you're not aware of or don't consent to and then it could be used for who knows what. You don't want that. We don't want that.

One more thing about MindDoc that leaves us worried. They say you can delete your data directly in the app at any time by going to "Settings → Data & Security." However, when we downloaded and used the app and then wanted to delete our data, we could not find this option. Which means MindDoc still has your friendly privacy researcher's data when we'd really rather they didn't. Because suddenly we're seeing ads about mental health everywhere and it's got us a little freaked out (granted, we've been researching mental health apps, so mental health ads following us everywhere seems inevitable, unfortunately).

Dicas para se proteger

  • Go to "Profile > Data & security" section of the app to opt out from Facebook and other third-party ad networks.
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
  • Keep your app regularly updated
  • Limit ad tracking via your device (e.g. on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
  • Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
  • When starting a sign-up, do not agree to tracking of your data if possible.
  • mobile

Pode me bisbilhotar? informações

Câmera

Dispositivo: Não aplicável

Aplicativo: Não

Microfone

Dispositivo: Não aplicável

Aplicativo: Não

Rastreia localização

Dispositivo: Não aplicável

Aplicativo: Não

O que pode ser usado para se inscrever?

Que dados a empresa coleta?

Como a empresa usa esses dados?

We ding this product for being vague about data sharing, as well as for sharing some usage data with Facebook for advertisement.

MindDoc can share your usage data with Facebook for advertisement purposes. You can object using the opt out slider in the "Profile > Data & security" section of the application.

"Facebook may associate your use of our app and related activities with your Facebook user account."

"Using the App Events feature, we can track certain interactions ("Events") with our app (opening the app, in-app purchases, answering a question) and use them for further analysis and advertising purposes."

"We generally do not share your data with third parties unless we are legally entitled or obligated to do so, or you have given us consent to do so. In the event that we process personal data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or have it processed (see also the third-party tools described), this is done in compliance with the respective legal specifics. In these cases, we will always take appropriate measures to adequately secure your data (e.g., encryption with our own key management)."

Como você pode controlar seus dados?

"All subjects under this privacy policy are entitled to so-called data subject rights, i.e. rights which the persons concerned can exercise in individual cases. These rights can be asserted against the persons responsible. The rights are derived from the GDPR"

"Regardless of the right to data deletion pursuant to Art. 17 GDPR (see also the rights of data subjects), the data can be deleted directly in the app in the "Settings → Data & Security" at any time. Before this, they can be transferred or backed up using an automatic export function. Alternatively, any user can write this request by e-mail from the address registered with us to [email protected] or by naming the personal identification number (this is located in the profile area at the very bottom). We will then check this immediately and contact you."

"The data provided above will be stored by us for as long as is necessary for the use of our app and related services in the context of unaccompanied monitoring and self-management. "

Qual é o histórico conhecido da empresa na proteção de dados dos usuários?

Médio

No known privacy or security incidents discovered in the last 3 years.

Informações de privacidade infantil

We did not find information about children privacy in their privacy policy.

Este produto pode ser usado offline?

Não

Informações de privacidade fáceis de entender?

Sim

Links para informações de privacidade

Este produto atende aos nossos padrões mínimos de segurança? informações

Não

Criptografia

Sim

MindDoc's encryption practices are described here: https://minddoc.com/us/en/privacy-policy#chapter-9

Senha forte

Sim

Atualizações de segurança

Sim

Gerencia vulnerabilidades

Não foi possível determinar

Política de privacidade

Sim

O produto usa inteligência artificial? informações

Sim

MindDoc acts as a mental health companion that asks questions daily in order to evaluate a person’s well-being and screen them for symptoms of depression.

Esta inteligência artificial não é confiável?

Não foi possível determinar

Que tipo de decisões a inteligência artificial faz sobre você ou por você?

A empresa é transparente sobre como funciona a inteligência artificial?

Não foi possível determinar

O usuário tem controle sobre os recursos da inteligência artificial?

Não foi possível determinar

*Privacidade não incluída

Mergulhe mais fundo

Comentários

Tem um comentário a fazer? Nos diga.