NOCD

First reviewed April 20, 2022. Review updated, April 25, 2023
Oh NOCD, what a journey it has been with you this last year. When we first reviewed NOCD in 2022 we had some serious concerns about their privacy. And our questions emailed to email address listed in their privacy policy for privacy related questions went unanswered before we launched our review. However, after our launch, when our review was brought to NOCD's attention by concerned users, NOCD came back to us and was open to communication and clarifying some confusing aspects of their privacy policy. We always appreciate constructive communication with any company looking to improve their privacy practices and privacy policies.

So, has NOCD improved over the last year? Yes, they have. In their responses to us, we were able to confirm they meet our Minimum Security Standards, which is good. And they have improved their privacy policy to offer some more clarity about their privacy practices, especially clarity around how personal information from website visitors, NOCD app/community members, and NOCD therapy members is handled. Clarity on this is good.

Now, their privacy notices make clear that they “do not use location tracking.” And this year, they promptly responded when we sent an email to the address listed in their privacy policy. In that email, they reassured us that they do not collect personal information from data brokers and when they combine information about you from third parties, it’s for treatment purposes only. We’d like to see them commit to that in their privacy notice so they can’t just change it whenever they want to, but their emailed reassurance is a good first step.

NOCD does seem to do a good job of protecting and respecting the privacy of therapy members. The data for those individuals is generally covered by HIPAA and more strongly protected. We do still have concerns about the privacy of information NOCD collects, uses, and shares for people visiting their website or who download their app. Some of that information, NOCD says, can be shared with third parties for targeted advertising purposes (they do clearly state in their privacy policy that no data used for treatment is shared for advertising purposes though).

So, yes, NOCD has gotten better since we reviewed them in 2022. That said, they do still raise a few privacy concerns for us. If you visit NOCD's website, don't be surprised to find their ads following you around the internet once you leave.

Read our 2022 review:

NOCD says they can collect a whole lot of information on their users. Everything from name, address, email address, and telephone number, to age, gender, to health information like your OCD triggers and intensity levels, to your precise location information when you're using the app and even when you're not. Yikes! NOCD also says they can collect even more information about you from third parties such as social media sites like Facebook, YouTube, and Instagram as well as "Companies that provide information to supplement what we already know about you" (like data brokers?). Double yikes!!! That's a whole lot of information NOCD is collecting on you. And it seems to us like information that goes beyond what they need to help you manage and treat your OCD.

What does NOCD say they can do with all this personal information and app usage data they collect on you? Well, to begin with, they say they can combine the information you give them with information they gather from third parties. Then they say they can use that information for things like learning your interests to better understand what tools interest you and to target you with ads. They actually use the word "might" a whole lot when they talk about how they say they can market you with targeted ads, which is a concern for us when it comes to privacy policies because that word "might" seems to offer a lot of wiggle room. Here's what they actually say, "We might use your information to serve you ads about tools and offers. We might tell you about new features or updates. These might be third party offers or tools, services or studies we think you might find interesting. We may also use your information to send you electronic communications. We and our partners may engage in interest-based advertising using information gathered across multiple websites, devices, or other platforms."

We "might" say this is all quite a bit concerning for an app that collects so much personal information. Ah heck, forget the "might", we do say that concerns us. NOCD says they can collect a whole lot of personal information, can combine that with other information they get from third parties like social media sites and potentially data brokers. They then say they can share that information with a whole host of third parties including business partners and the vague "For Other Reasons We May Describe to You."

What's the worst that could happen? Well, just how many people in the world need to know you are struggling with OCD? And why does NOCD need to say they can gather so much additional information about you from third parties sources such as social media sites and potentially even data brokers? NOCD doesn’t specifically state in their privacy policy that they don’t sell user data, which is something we like to see stated clearly. Not to mention, we couldn't determine if they meet our Minimum Security Standards. For an app that targets people dealing with the struggles of OCD, this all just seems like very very bad privacy practices. With OCD symptoms on the rise these days, an app that can help sounds wonderful. We worry that this app doesn't seem to protect the privacy of their users and potentially even exploits it. That's really not good. Not good at all.