Sanvello

Aviso: *privacidade não incluída neste produto

Sanvello

Data da avaliação: 25 de Abril de 2023

|
A Mozilla investigou por 16 horas
|

Opinião da Mozilla

|
Votos das pessoas: Muito assustador

Sanvello says they have "everything you need to feel better." That includes self-care practices, coaching, online therapists, and a peer support community. This mental health app offers wellness strategies based on the principles of cognitive behavioral therapy (CBT) and mindfulness meditation to help users work on their stress, anxiety, and depression. And holy cow, there's a lot of stress, anxiety, and depression out there these days. A walk around their website shows they have celebrity influencers supporting their app like author John Green and gymnast Aly Raisman. The app is free to download, with many features only available through a subscription of around $54 a year. Insurance and employer coverage is also an option. All that sounds great, but what about their privacy practices? From what we can tell from their rather confusing privacy policy, those maybe aren't so great. Sanvello does collect a good amount of personal information and may share that information with third parties for personalization, advertising, marketing, and research purposes. For an app that works to help those with stress and anxiety, we think having a better privacy policy would decrease some of our stress and anxiety about how they handle their users' personal data.

O que pode acontecer se algo der errado?

First reviewed April 20, 2022. Review updated, April 25, 2023

Hmmm...in 2023 Sanvello presents us with an interesting conundrum. When reviewing their privacy policy, we notice they say it is a "Web And Mobile Privacy Policy." Which, OK, that's fine. They then go on to say "Our Privacy Policy explains how we handle information collected from Sanvello.com or in the course of receiving Services. Additional privacy policies (such as our notice of privacy practices) may apply depending on the specific product or service and outline how we handle information collected in other ways." All of those words make it seems like their privacy policy could cover their mobile app as well as their website and mobile site. But it's not 100% clear to us that this privacy policy does cover their app as it is not explicitly stated. Note to anyone reading this, you should absolutely be able to tell if the privacy policy you are reading specifically covers the app, website, device, or services you are using. There should be zero question here. Unfortunately, we have questions.

So, assuming their privacy policy does cover the app (which is an assumption we have to make because we aren't 100% clear), how does it look? Well, the good news is, they have both a privacy policy for information collected when using their website, and they have a separate notice of privacy practices that covers how they handle the privacy and disclosure of medical information specifically. This is good. The bad news is, both their privacy policy and their notice of privacy practices for medical information outline a whole lot of ways they could share your personal information if you use their services. They outline enough information sharing or have enough confusing or vaguely worded statements in their privacy policy that we have concerns. And because they never responded to questions emailed to them at the email address listed on their website, we were unable to get the clarification needed to do anything but assume the worst with Sanvello. In 2023, they still receive our *Privacy Not Included warning label.

Read our 2022 review:

Sanvello says they can collect a lot of personal information, including name, email, gender, location, birth date, mood, health and biometric data, thought records, messages with your coach, and more. And they say the may combine all this personal data with information they get from other sources, such as potentially data brokers and advertising companies. And they say they may use and disclose de-identified and aggregated data for any purpose (here's where we remind you such de-identified data has been found to be relatively easy re-identify, especially if location data is included.) Red flags for us.

How do they say they can use all this data they collect on you? Sanvello says they can share your personal information with third party researcher partners for health or behavioral research purposes. They can share information about your use of Sanvello with health insurers or health plan administrators to evaluate your care (they say they won't share your thought records with health insurers). And Sanvello says they can use your personal information for advertising and promotional purposes. Finally, Sanvello adds that they can use your personal information "as otherwise necessary or useful for us to conduct our business, so long as such use is permitted by law or for any other purpose with your consent." That last part feels kinda broad and vague to us. Guess what, more red flags. 🚩 🚩 🚩

One last red flag with Savello. We emailed them multiple times as the email listed in their privacy policy for privacy-related questions and Savello didn't respond with answers to our privacy and security questions. So, we can't confirm if Sanvello meets our Minimum Security Standards.

What's the worst that could happen with Sanvello? Well, we suppose it's possible you could think it normal for a mental health app (or any app, but especially one that collects so much personal information) to collect and share so much of your personal information and get used to that as the norm in the world and completely give up on having any privacy at all. That's sounds terrible. Let's never let that happen.

Dicas para se proteger

  • Choose a strong password! You may use a password control tool like 1Password, KeePass etc
  • Do not use social media plug-ins.
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
  • Keep your app regularly updated
  • Limit ad tracking via your device (e.g. on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
  • Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
  • When starting a sign-up, do not agree to tracking of your data if possible.
  • mobile

Pode me bisbilhotar? informações

Câmera

Dispositivo: Não aplicável

Aplicativo: Sim

Microfone

Dispositivo: Não aplicável

Aplicativo: Sim

Rastreia localização

Dispositivo: Não aplicável

Aplicativo: Sim

O que pode ser usado para se inscrever?

Que dados a empresa coleta?

Como a empresa usa esses dados?

We ding this product as their sharing practices are unclear. They may be sharing or selling data to third parties incl. for their marketing purposes. They may be also combinining data collected about you with data from third parties. "We will not disclose, share, sell, or otherwise disclose your information to unaffiliated third parties for their own marketing unless so authorized by you, your employer or association, group or benefit program sponsor."

"We may use Personal Information for a number of purposes such as:

<...>

As otherwise necessary or useful for us to conduct our business, so long as such use is permitted by law."

"We may also share Personal Information within the Company, and we may combine Personal Information that you provide us through this website with other information we have received from you, whether online or offline, or from other sources such as from our vendors."

"We may disclose De-Identified Information. “De-Identified Information”, means information that is neither used nor intended to be used to personally identify an individual."

Como você pode controlar seus dados?

It is not clear if all users regardless of location can get their data be deleted, and how users outside of California jurisdiction can get their data deleted.

"This section applies solely to the personal data of users who reside in the State of California <...> You have the right to request that Sanvello delete any of your personal information that we collected from you and retained, subject to certain exceptions. <...> Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information."

Qual é o histórico conhecido da empresa na proteção de dados dos usuários?

Médio

No known privacy or security incidents discovered in the last 3 years.

Informações de privacidade infantil

Sanvello says they will not intentionally collect any Personal Information from children under the age of 13 through this website without receiving parental consent.

Este produto pode ser usado offline?

Sim

Sanvello offers offline meditation options.

Informações de privacidade fáceis de entender?

Não

https://www.sanvello.com/privacy-policy/

Links para informações de privacidade

Este produto atende aos nossos padrões mínimos de segurança? informações

Não

Criptografia

Sim

Data is sent over SSL (Secure Sockets Layer) and any persistent data is encrypted and stored on secured servers

Senha forte

Sim

Atualizações de segurança

Sim

Gerencia vulnerabilidades

Não foi possível determinar

Política de privacidade

Não foi possível determinar

Could not confirm their privacy policy covers their app as it mentions only "Web And Mobile Privacy Policy". We are unclear if mobile is the mobile site or if mobile also covers their app.

O produto usa inteligência artificial? informações

Não foi possível determinar

Esta inteligência artificial não é confiável?

Não foi possível determinar

Que tipo de decisões a inteligência artificial faz sobre você ou por você?

A empresa é transparente sobre como funciona a inteligência artificial?

Não foi possível determinar

O usuário tem controle sobre os recursos da inteligência artificial?

Não foi possível determinar

*privacidade não incluída

Mergulhe mais fundo

Comentários

Tem um comentário a fazer? Nos diga.