Privacy Policy

green gradient

Introduction

Mindframe, Inc. (“Mindframe”, “us”, “we”, or “our”) is committed to protecting and respecting your privacy. This privacy policy applies to and describes how we collect, store, use, and share personal data about you through our software, website, mobile application, documentation, and related services (together, the “Services”). References to “you” means the person whose personal data we collect, use, and process. We will manage your personal data only as described below and consistent with applicable laws. By using the Services, you acknowledge that you have read and understand this privacy policy.

Contact Us
Mindframe is the controller of personal data processed under this privacy policy.
For further information, to exercise your rights, or if you have any questions, please contact us at support@mindframes.ai

What Personal Data Do You Collect & How Is It Used?

See the European Union’s General Data and Protection Regulation (GDPR) guide for details on “Lawful basis for processing.” You decide how much or how little you are comfortable sharing. If you do not provide us with certain personal data, some of the Services may not work as intended.

Account data

Details:
Email address
Other personal data you provide to us, including any personal identifiers like your birthdate
Password
Referral or access code (if applicable)
Time zone (from iOS and Android apps)
What Mindframe should call you
How It Is Used:
To provide our Services, including creating an account
To improve our Services
For identification and authentication purposes
To address issues like malicious use of the Services
To maintain and uphold your preferences
To send you communications about our Services
To invite you to participate in relevant user experience research
Lawful Basis for Processing: Performance of a contract, Legitimate interest, Consent

Communications with us (separate from conversational data)

Details:
Email address
Platform
Operating system version
Other personal data you provide to us, including any personal identifiers or attachments you share
How it is used:
To provide our Services
To improve our Services
To invite you to participate in ad hoc opportunities, like product feedback
To provide user support
To invite you to participate in relevant user experience research
Lawful Basis for Processing: Performance of a contract, Legitimate interest, Consent

Conversational data

Details:
Your conversational interactions with Mindframes, like what you write or options you select during the conversation 
How it is used:
To provide our Services
To improve our Services
Lawful Basis for Processing: Performance of a contract, Legitimate interest, Consent

Concerning language and escalation data

Mindframe sometimes detects an input that might indicate you need more support than we can provide. Mindframe is not a crisis service.

Details:
How often you share concerning language and confirm that Mindframe has understood you correctly
If you share that you’re considering harming yourself or others in a clinical survey
How it is used:
To suggest more appropriate resources
To provide our Services
To improve our Services
For clinical partner programs (if enrolled), which may include informing your care team or clinical study staff
Lawful Basis for Processing: Performance of a contract, Legitimate interest, Consent

Hardware diagnostic and login information

Details:
Certain login information stored on your device
Crash reports and system error logs
Operating system, hardware, and browser version (if applicable)
How it is used:
To provide our Services
To improve our Services
To invite you to participate in relevant user experience research
For clinical partner programs (if enrolled), like supporting Single Sign-On (SSO)
For non-clinical partner programs (if enrolled), like supporting Single Sign-On (SSO)
Lawful Basis for Processing: Performance of a contract, Legitimate interest, Consent

Survey and assessment data

Details:
Surveys and assessments about your health or experiences
Surveys about our Services (if applicable)
How it is used:
To provide our Services, including to provide a personalized experience based on your responses
To improve our Services
To invite you to participate in relevant user experience research
For clinical partner programs (if enrolled), to inform your care
To share de-identified and/or aggregated data about Mindframe, like trends for marketing and business purposes
Lawful Basis for Processing: Performance of a contract, Legitimate interest, Consent

Usage data

Details:
Information from Google Analytics or other analytics vendors, like website visitor or app user behavior and demographics. 
Internal analytics information
Log files
Mobile device, browser type, browser language, operating system, and Internet Protocol address
Cookies, pixel tags, and web beacons
Usage information, like the time of day or how often you use each tool
How it is used:
To provide our Services
To improve our Services, including to assess the performance of our Services
To invite you to participate in relevant user experience research
For clinical partner programs (if enrolled), to inform your care
To share de-identified and/or aggregated data about Mindframe, like trends for marketing and business purposes
Lawful Basis for Processing: Performance of a contract, Legitimate interest, Consent

Note on our social media pages

Mindframe may maintain social media pages. Any personal data you share on the public sections of our social media pages is public and, unless otherwise required by applicable laws, is not covered by this privacy policy. Please exercise caution before sharing information that may identify you on the public sections of our social media pages. In addition, our Services may contain social media buttons to “Share Mindframe.” Use of, or sharing personal data, with a social media service will also be subject to the social media service’s terms of service and privacy policy.

Do You Share My Personal Data?

We do not share your personal data with third parties except as outlined below.

Service providers

We use third party service providers, like Amazon Web Services, that help us provide our Services. These third parties may have limited and controlled access to personal data in connection with the services they provide such as hosting or customer service. The use of personal data by service providers outside of agreed-upon service they provide is prohibited.

Partner programs

We may partner with organizations to conduct research studies or provide you with the Services through separate programs. 

Program partners may include employers, hospitals, providers, or other medical and academic partners. Clinical partner programs are a specific type of partner program that include a licensed healthcare provider.

Your participation in partner programs is optional and requires your agreement with our partner for any personal data to be shared with a partner. Participation may be governed by additional terms outside this privacy policy. If you choose to participate in a partner program, 

We will not share:

Your conversational interactions with Mindframe, like what you write or your path through a conversation, unless you give us your consent to do so

We often share:

De-identified and/or aggregated data about how Mindframe users use the app and its effectiveness
If you are using the Services through a clinical program or as part of a study and you consent, we may also share:
Identifiable data about how you’re doing such as survey responses, mood trends, or your confirmation that Mindframe has understood a concerning entry that’s beyond what it can support

Please note that any personal data shared with a partner program is also subject to the partner program’s terms and privacy policy. We are not responsible for the processing of personal data by partner programs. Please contact the partner program if you have any questions about their documents or practices. For research programs, please see the study’s informed consent. You may also contact the study and/or its institutional review board (IRB).

Your interactions with third-party services

Our Services may link to third parties, like helplines or other resources. Any information shared with or otherwise collected by third parties is subject to the third party’s terms and privacy policy. We are not responsible for the processing of personal data by third parties relevant to these resources.

De-identified and/or aggregated data

We may use your personal data to create de-identified and/or aggregated data, like approximate location information, information about the device you use to access our Services, information about conversational trends, or other analyses we create. De-identified and/or aggregated data is not personal data and we may use and share this data as permitted by applicable law, such as with academic partners. We never share your transcripts with Mindframe without your consent, even de-identified.

Disclosures to protect us or others

We may access, preserve, and disclose any personal data we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to:
Comply with law enforcement or national security requests and legal process, such as court order or subpoena;
Protect you, our, or others’ rights, property, or safety;
Enforce our policies or contracts; or
Assist with an investigation or prosecution of suspected or actual illegal activity
Transferring personal data outside of the country you reside in or are currently located
Your personal data may be transferred, stored, and processed in one or more countries outside of the country you reside in or are currently located in, which may have data protection laws that are different from the laws where you reside or are currently located. When processing personal data outside of the country you reside or are currently located in, we take additional steps in an effort to ensure our international transfer of personal data is consistent with applicable law.
If we transfer personal data which originates in the European Economic Area, Switzerland, and/or the United Kingdom to a country that has not been found to provide an adequate level of protection under applicable data protection laws, one of the safeguards we may use to support such transfer is the EU Standard Contractual Clauses.

Disclosure in the event of merger, sale, or other asset transfers

If we are involved in a merger, acquisition, financial due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, your information may be sold or transferred as part of such a transaction, as permitted by law and/or contract.

How is My Personal Data Protected?

We use commercially reasonable efforts to implement security measures that are designed to avoid accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data. This may include (as appropriate):
We adhere to hospital-level security policies and procedures to protect sensitive user data, adhering to the HIPAA rules, including the Privacy and Security Rules
Using cloud-enabled infrastructure designed to reduce our data footprint
Encrypting all personal data at rest and in transit
Securing sensitive personal data in a dedicated environment in a manner designed to ensure segregation and clear access control
Conducting and responding to penetration tests, vulnerability assessments, code reviews, and internal compliance reviews
Allowing employees to access personal data only if required in connection to their job duties
Despite these efforts, no security measures are perfect, and no method of data transmission or storage is guaranteed to prevent unauthorized disclosure or misuse. As a result, we cannot ensure or warrant the security of any personal data you provide to us. To the fullest extent permitted by applicable law, we do not accept liability for unauthorized access, use, disclosure, or loss of personal data. 

For How Long Do You Store My Personal Data?

We store personal data so that your experience with the Services is personalized based on your past interactions and for other reasons listed above. We retain the personal data we collect for as long as you use our Services, or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws. 

What Rights Do I Have?

Anyone who uses the services can access, correct, or delete their personal data regardless of where they live or are physically located. In addition, under certain data protection laws, individuals may have rights around their personal data which may include (as applicable):

The right of access which enables you to check what type of personal data we hold about you, what we do with that personal data, and to receive a copy of this personal data
The right to rectification which enables you to correct any inaccurate or incomplete personal data we hold about you (including Protected Health Information (PHI))
The right to erasure which enables you to request that we erase personal data held about you in certain circumstances
The right to restrict or object to the processing of your personal data by us in some instances, including if you believe that the personal data held about you is inaccurate or our use of the personal data is unlawful
The right to data portability which enables you to receive your personal data in a structured, commonly used, and machine-readable format and to have that personal data transmitted to another data controller

How Can I Control My Personal Data?

If you have feedback or questions about any aspect of how we collect, share, or use your personal data, please Contact Us.

If your personal data is subject to the applicable data protection laws of the European Economic Area, Switzerland, or the United Kingdom, you have the right to file a complaint with the competent supervisory authority, if you believe our processing of your personal data violates applicable law.

Request your personal data

Contact us at support@mindframes.ai from the email address you used to register for the app. 

Opt-out

Email communications: Use the unsubscribe link found at the bottom of any email to stop receiving future emails. You will continue to receive other transaction-related emails you have requested. You are not able to opt out of some types of important communications, like updates to our terms or this privacy policy.
Text messages: Follow the instructions in the text message you received or Contact Us.
Push notifications: We may send you push notifications through one of our mobile applications. Opt out by changing the settings on your mobile device.
Do Not Track (DNT): DNT is a privacy preference that you can set in some web browsers. We honor DNT on our website. The DNT preference does not apply to mobile applications.
Cookies and similar technologies: You may stop, restrict, or remove the placement of some of cookies and other similar technologies we use as your browser or device permits. You must opt out in each browser and on each device. 
Please note:
We only use cookies on our website, not on any mobile applications.
If you adjust your preferences, our Services may not work correctly.
For more information on how we and our partners use cookies and the options to control them, see the Cookie Policy.

What Responsibilities Do I Have?

Safeguard your personal data

You are responsible for helping to protect your personal data by safeguarding your device, email, and password. For best practices, see the US Federal Trade Commission (FTC) guides: How To Protect Your Privacy on Apps, Online Security, and How to Keep Your Personal Information Secure. Please reference our Security Overview for more information on how to safeguard your personal data.

Protect children’s information

The services are not directed to children (defined as under the age of 13 or another age as required by local law), and we do not knowingly collect personal data from children. If you learn that your child has provided us with personal data without your consent, please Contact Us. If we learn that we have collected a child’s personal data in violation of applicable law, we will delete that personal data (unless we have a legal obligation to keep it) and close the child’s account. 

Read the privacy policies of third parties

The Services may contain links to third party websites or applications not covered by this privacy policy. We do not endorse, screen, or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Providing personal data to third party websites or applications is at your own risk.

Review this privacy policy​ regularly

We may change this privacy policy at any time. If we make any material changes to this privacy policy, we will notify you as required by applicable law. 
If you continue using our Services after the new policy takes effect, you are acknowledging acceptance of the updated privacy policy. We encourage you to review the content of this privacy policy regularly.