Mindshift CBT

Aviso: *Privacidade não incluída neste produto

Mindshift CBT

Data da avaliação: 25 de Abril de 2023

|
A Mozilla investigou por 15 horas
|

Opinião da Mozilla

|
Votos das pessoas: Razoavelmente assustador

CBT stands for Cognitive Behavioral Therapy. It is a psychological treatment shown to be effective at helping manage things like anxiety, eating disorders, and phobias. Mindshift CBT is a free app created by the Canadian charitable organization Anxiety Canada that uses evidence-based CBT strategies to help users manage anxiety by reducing worry, stress, and panic. The app offers tools based on these CBT strategies such as thought journals, belief experiments, and coping cards as well as fear ladders and expanding your comfort zone guides. Tools all designed to help better navigate the crazy, messed up world we're living in these days. Couple that with the fact that Anxiety Canada is a non-profit charitable organization that isn't looking to share or sell a bunch of your personal information to make money and you've got yourself a pretty good deal. Did we mention it's free? But you can always donate to support this organization if you want. We do worry a little about the app's security practices, though, so unfortunately, it's not perfect.

O que pode acontecer se algo der errado?

First reviewed April 20, 2022. Review updated, April 25, 2023

Not much has changed with non-profit Anxiety Canada's Mindshift CBT app over the last year. Their privacy policy was last update in October, 2021, so no changes there since our last review. And we still have the same concerns about the app from a security perspective that we had last year -- we are unable to confirm if they encrypt their data both in transit and at rest (where they store it online), and they still only require a weak password of "111111".

We see they did start restricting access to their public Community forum where users can share stories and offer peer-to-peer support to only users who turn 18+ in the current calendar year. We consider that a good privacy move, especially since we could find no child-specific privacy information in their privacy policy. This is also a good reminder to only share what you are comfortable being made public in such open community forums, no matter your age (but especially if you are under 18!).

Read our 2022 review:

Anxiety Canada's Mindshift CBT app seems to take their users' privacy fairly seriously, which is nice. They do collect personal information like name, e-mail address, telephone, location, and information about your usage of MindShift. The do not share or sell this information for any targeted marketing or advertising purposes though, so yay! Unfortunately, as we have seen with other apps created by non-profit charitable organizations, we do have some concerns about their security practices. The app accepted the weak password "111111" when we logged in. We also were unable to confirm if and when they use encryption to protect users' data in transit and at rest and if they have a way to manage security vulnerabilities. Emails to the address mentioned in their privacy policy for these privacy related questions went unanswered.

It's great to see the organization take privacy seriously. And we understand that charitable organizations don't always have the same resources as bigger companies to focus on an app's security. Which stinks. Big companies tend to have way worse privacy practices and better security practices where charitable organizations seem to have the best privacy practices and not as strong security practices. We feel a little like Goldilocks out here looking for the rare that manages to do both well.

Dicas para se proteger

  • Choose a strong password! You may use a password control tool like 1Password, KeePass etc
  • Do not use social media plug-ins.
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
  • Keep your app regularly updated
  • Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
  • Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
  • When starting a sign-up, do not agree to tracking of your data if possible.
  • mobile

Pode me bisbilhotar? informações

Câmera

Dispositivo: Não aplicável

Aplicativo: Não

Microfone

Dispositivo: Não aplicável

Aplicativo: Não

Rastreia localização

Dispositivo: Não aplicável

Aplicativo: Não

O que pode ser usado para se inscrever?

Que dados a empresa coleta?

Como a empresa usa esses dados?

"We do not generally disclose your personal information to any third party without your specific consent, except as permitted or required by law."

"We use information about you in the following ways: To ensure that Mindshift content is presented in the most effective manner for your mobile device.

To provide you with information related to MindShift that will facilitate your engagement with the MindShift.

To provide you with promotional communications, such as email, where you have provided consent to receive such communications.

To carry out our obligations arising from any agreements entered into between you and us. To allow you to participate in interactive features of MindShift when you choose to do so. To notify you about changes to MindShift.

To understand your location to help us identify groups of users by general geographic market (such as postal code, province, or country)."

Como você pode controlar seus dados?

"You may request access to, make corrections to, or delete the personal information we hold about you at any time, subject to certain exceptions."

"We will retain the personal information we collect from or about you only for so long as we require it to satisfy the purposes for which we collected the information. We will also retain your personal information for as long as is required to meet our various legal and business obligations, which in some cases might be for a longer period than is necessary to satisfy the purposes for collection.

In particular, if we use any of your personal information to make a decision that directly affects you (e.g., to decide whether you are eligible to participate in a MindShift CBT Group of the Mindshift CBT Community), we will retain that information for at least one year after the date we use the information to make the decision. This is so you have time to request access to your personal information.

Once there is no longer a legal requirement or business purpose to retain your personal information we will securely delete, destroy, or anonymize it."

Qual é o histórico conhecido da empresa na proteção de dados dos usuários?

Médio

No known privacy or security incidents discovered in the last 3 years.

Informações de privacidade infantil

Mindshift CBT's privacy policy does not mention child privacy information.

They do say that as of November, 2022 "Access to Community is now restricted to users who are 18+ at the start of the calendar year."

They also state in their privacy policy that:

"f you apply to become a participant in our MindShift CBT Group, we will also collect personal information, including information about the nature and severity of your anxiety symptoms, directly from you for the following purposes...

"If you are a minor, to determine whether you are able to consent on your own behalf to participate in the MindShift CBT Group, or whether consent from your parent/guardian is required;"

Este produto pode ser usado offline?

Não

Informações de privacidade fáceis de entender?

Não

Links para informações de privacidade

Este produto atende aos nossos padrões mínimos de segurança? informações

Não

Criptografia

Não foi possível determinar

Senha forte

Não

The app has accepted '111111' as a password.

Atualizações de segurança

Sim

Gerencia vulnerabilidades

Sim

"To deal with security vulnerabilities, we would escalate reported potential vulnerabilities to our contracted developer, EY, and request a corresponding update to the MindShift app. The contact would be [email protected]."

Política de privacidade

Sim

O produto usa inteligência artificial? informações

Não foi possível determinar

Esta inteligência artificial não é confiável?

Não foi possível determinar

Que tipo de decisões a inteligência artificial faz sobre você ou por você?

A empresa é transparente sobre como funciona a inteligência artificial?

Não foi possível determinar

O usuário tem controle sobre os recursos da inteligência artificial?

Não foi possível determinar

*Privacidade não incluída

Mergulhe mais fundo

Comentários

Tem um comentário a fazer? Nos diga.