Privacy Policy

Effective Date: June 2019


This Privacy Policy explains how Mindstrong Inc. d/b/a Mindstrong Health (“Mindstrong,” “we,” “us” or “our”) collects, uses and discloses your information when you access or use our website located at or our other websites (“Sites”), our mobile applications (the “Apps”) and other online services, in each case that we own and/or operate and that link to this Privacy Policy (collectively, the “Services”) and when you otherwise interact with us.

Please note we enter into agreements (“Organization Agreements”) with employers sponsoring group health plans for their employees, health insurers, health care providers, research institutions, and other organizations (“Organizations”) that govern our use of Protected Health Information under HIPAA and certain other information about you that we receive from you or on behalf of the Organizations. To the extent that this Privacy Policy conflicts with any applicable Organization Agreement, the Organization Agreement will control. If you use the Services as a plan member or patient of an Organization and have questions about the treatment of your Protected Health Information, you should review the HIPAA Notice of Privacy Practices of the Organization or contact the Organization.

This Privacy Policy is incorporated into and made a part of the Terms of Service. Please review our Terms of Service because they govern your use of the Services and limit our liability to you. By using our Services, you agree that we may treat your information in the ways we describe in this Privacy Policy. If you do not agree with any term of this Privacy Policy or the Terms of Service, you may not use our Services.


Please use the following links to jump to the different sections of this Privacy Policy:


How We Collect Your Information

Website Data Collection Technologies

How We Use Your Information

How We Share Your Information

Links to Other Sites


Note to International Users

Your Rights

Changes To This Privacy Policy

Contacting Us




We developed a suite of Apps to measure brain health and to provide access to healthcare services. Our Health App and Care App allow individuals to obtain care in a convenient location from providers who may be remote, and likewise enable providers to provide care to individuals who may be at a remote location, using these measurements of brain health.

Please see the following App-Specific Terms for more information on each of our Apps:

Health App 

  • The Health app will collect information about the way you interact with the touch screen on your mobile device, such as the patterns of your keystrokes, taps and scrolls.
  • Except for your response to questions and messages that you receive in the Health App, the Health App does not capture any other content from the use of your phone. It does not collect letters, numbers, words, or phrases that you type when using your phone. The Health App does not capture any information about your location, contacts, messages, voice, or calls.
  • On iOS devices, the Health App requires the installation of the included Mindstrong Keyboard (the “Mindstrong Keyboard”). On Android devices, the Health app requires the activation of the Mindstrong Service (the “Mindstrong Service”). Please note that not providing consent to download the Mindstrong Keyboard or activate the Mindstrong Service, or subsequently disabling the Mindstrong Keyboard or Mindstrong Service, will affect certain features of the Health App
  • The Health App provides patients and members of Organizations with functionality to communicate with their healthcare providers remotely.
  • As described in the section titled, “How We Share Your Information”, we share information collected on the Health App with Organizations of which you are a patient or member. For example, if you use the Health App to communicate with your healthcare provider that is an Organization, we will share your information with such Organization.


Discovery App 

  • The Discovery App supports academic medical centers and other Organizations in conducting clinical research studies to gather measurements about brain health or other information needed for their clinical research studies. The Discovery App is only used for participants of research studies, and only once the study participants have provided their in-person and written informed consent.
  • The Discovery App will collect information about the way you interact with the touch screen on your mobile device, such as the patterns of your keystrokes, taps and scrolls. Except for your response to questions and messages that you receive in the Discovery App, the Discovery App does not capture any other content from the use of your phone. It does not collect letters, numbers, words, or phrases that you type when using your phone. However, if you participate in an applicable study and have provided informed consent for the collection of these additional data, the Discovery App may collect the following additional data:
  • Data relating to the frequency in which you type certain words using the Mindstrong Keyboard (“Histogram Data”);
  • Location Information; and
  • particular commands that you speak into your device (“Voice Data”) if prompted by the Discovery App in studies that require Voice Data.

If a research study does not require Histogram Data, Location Information or Voice Data we do not collect it.

  • On iOS devices, the Discovery App requires the installation of the included Mindstrong Keyboard. On Android devices, the Discovery app requires the activation of the Mindstrong Service. Please note that not providing consent to download the Mindstrong Keyboard or activate the Mindstrong Service, or subsequently disabling the Mindstrong Keyboard or Mindstrong Service, will affect certain features of the Discovery App.
  • As described in the section titled, “How We Share Your Information”, if you participate in a clinical research study, we share information collected during your use of the Discovery App with the Organization is conducting or sponsoring the research study.


Care App  

  • The Care App is intended for use by Organizations, particularly healthcare professionals who will use the Care App to communicate with their patients.
  • If you are an employee, agent or contractor of an Organization and access or use the Care App on behalf of an Organization, we may ask you to provide information regarding your professional licensure or other qualifications.
  • The Care App does not use cookies or web beacons, and does not collect Location Information relating to the precise location of your mobile device.



When you access or use our Services, we collect the information you provide to us when you, for example:

  • Register with our Services
  • Contact us with inquiries and comments
  • Complete and submit forms offered on the Services
  • Apply for employment
  • Register for webinars or events
  • Use the interactive features of our Services
  • Enable the location services on your device

We may also obtain information about you from other sources and combine that information with information we collect from you directly. For example, if you are a health plan member or patient of an Organization, we receive Personal Information about you from your Organization so that we can provide Services to you. In addition, we may collect information about you when you post content to our pages and/or feeds on third party social media platforms.



On our Sites, we use cookies, pixel tags, log files, and other technologies (collectively, “Data Collection Technologies”) to help us provide the Services, tailor our content and enhance your experience. Our Data Collection Technologies include:

  • Cookies and other Tracking Technologies: A cookie is a small file placed on your computer’s hard drive that collects and stores information about your equipment, preferences and browsing patterns. A web beacon (also referred to as clear gif, pixel tag or single-pixel gif) is a transparent graphic image used with cookies that enables us to record a user’s actions. We use cookies and web beacons on our Sites to analyze web page traffic, usage patterns, verify system and server integrity, and to tailor our Services to your individual interests. For more information about cookies, visit For more information about cookies, and how to disable them when you visit our Sites, please see “Cookies” below.
  • Google Analytics: We use Google Analytics to help us understand how users engage with our Services. Google Analytics uses cookies, web beacons and other technologies to track your interactions with our Services, then collects that information and reports it to us, without identifying individual users. This information helps us improve our Services so that we can better serve users like you. For more information on Google Analytics, or to opt out of having your information used for such purposes, please visit

You can set your Internet browser settings to stop accepting new cookies, to receive notice when you receive a new cookie, to disable existing cookies, and to omit images (which will disable pixel tags). Note that the opt-out will apply only to the browser that you are using when you elect to opt out of advertising cookies. Please note, without cookies or pixel tags, you may not be able to take full advantage of all features of our Services.

Some web browsers incorporate a “Do Not Track” feature (“DNT”) that signals to the websites that you visit that you do not want to have your online activity tracked. Many websites and applications, including our Services, do not currently respond to web browser DNT signals because such signals are not yet uniform. For more information about DNT signals, please visit



We may use your information in the following ways:

  • Provide you the Services and fulfill your requests: We may use your information to register you, administer your account, and provide you the information, products and services that you request. For example, we respond to your questions when you contact us, assist with any problems you report about our Services.
  • Communicate with you: We may contact you to share information and materials that we think might be of interest to you, including information about products and services that promote health and wellness. You may unsubscribe from receiving emails about these products and services by using the unsubscribe link included in an email.
  • Enhance your experience: We use your information to personalize and enhance your experience when you use the Services, such as tailoring and remembering your preferences.
  • Improve our Services: Your information helps us improve the content and functionality of our Services. For example, we may conduct measurement activities and analyze trends, usage and activities in connection with the Services to create new features and content.
  • Protect Mindstrong and our Users: We may use information about you to detect, investigate and prevent fraudulent transactions and other illegal activities and protect the rights and property of Mindstrong and others.
  • Creation of De-Identified Information: We may use your Personal Information to create data that is de-identified in accordance with HIPAA, other applicable laws and our Organization Agreements with applicable Organizations. This de-identified information is not Personal Information, because it cannot be used to identify you, and may be used by us for any lawful purpose.

In addition to those purposes listed above, we may use your information for any other purpose disclosed to you at the time of collection.



We may share your information as follows or as otherwise described in this Privacy Policy:

  • With Organizations: If you are a health plan member or patient of an Organization, then we will share your information with the Organization in accordance with the Organization Agreement and applicable law. You should review the Notice of Privacy Practices and/or other privacy policies of the Organization to understand how the Organization uses your information.
  • Clinical Service Providers. We may share your information with Mindstrong Clinical Services, PC, or any other medical groups or healthcare professionals who provide physician or other clinical services to you through our Services.
  • Other Service Providers: We may share your information, in an encrypted format, with third-party hosting and information security providers that provide computer, storage and information security resources to Mindstrong.
  • In the Event of a Corporate Transaction: In the event we go through a business transition, such as a merger, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy or sale of all or a portion of our assets, we may disclose your information to the party or parties to such transaction.
  • For Legal Purposes: We will disclose your information when we think it is necessary to investigate or prevent actual or expected fraud, information security breaches, criminal activity, injury or damage to us or others or when otherwise required by law, regulation, subpoena, or court order, or if necessary to protect our rights.
  • At Your Direction: We will share your information with third parties if and when you direct us to.

We may share de-identified information and other De-identified Non-Personal Information in all legally permissible ways.



Our Services may contain links to other sites that are not owned or controlled by us. Please be aware that we are not responsible for the privacy practices or content of such other sites. We encourage you to be aware when you leave our Sites. We encourage you to review the privacy policies of each and every website that collects Personal information as the privacy policy may differ from ours.



The security of your Personal Information is important to us. We have implemented and maintain reasonable technical, physical and administrative security measures intended to protect against unauthorized use, disclosure, alteration or destruction of the Personal Information we collect and maintain. You should keep in mind, however, that no data transmitted over the Internet is 100% secure and any information disclosed online can potentially be collected and used by persons other than the intended recipient. As a result, while we strive to protect your Personal Information, we cannot guarantee or warrant the security of any information you transmit to or from our Services.



If you access or use our Services or contact us from outside of the United States of America, please be advised that (i) any information you provide to us or that we automatically collect will be transferred to the United States of America; and (ii) that by using our Services or submitting information, you explicitly authorize its transfer to and subsequent processing in the United States of America in accordance with this Privacy Policy.


Mindstrong, Inc. complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Mindstrong, Inc. has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit

In compliance with the Privacy Shield Principles, Mindstrong, Inc. commits to resolve complaints about our collection or use of your personal information. European Union and/or Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Mindstrong, Inc.’s Privacy Office at [email protected], or by courier to:

Mindstrong, Inc.
Attn: Privacy Office
303 Bryant Street Mountain View, CA 94041

Within the scope of this privacy notice, if a privacy complaint or dispute cannot be resolved through Mindstrong Inc.’s internal process, Mindstrong, Inc. has agreed to participate in the VeraSafe Privacy Shield Dispute Resolution Procedure.. Subject to the terms of the VeraSafe Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Dispute Resolution Procedure, please submit the required information here:

In addition, under certain conditions, you could be entitled to invoke binding arbitration to resolve a complaint or dispute arising under the Privacy Shield.

Mindstrong, Inc. is responsible for the processing of Personal Information it receives, under the Privacy Shield Frameworks, or subsequently transfers to a third party acting as an agent on its behalf. Mindstrong, Inc. complies with the Privacy Shield Principles for all onward transfers of Personal Information from the EU, EEA and Switzerland, including the onward transfer liability provisions.

With respect to Personal Information received or transferred pursuant to the Privacy Shield Frameworks, Mindstrong, Inc. is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Mindstrong, Inc. may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.


Account Information 

Subject to any restrictions in our Organization Agreements, you may update, correct or otherwise modify information that we maintain about you at any time by logging into your online account or by emailing us at [email protected] If there are restrictions in an applicable Organization Agreement, we will provide contact information for the Organization so that you can ask the Organization to modify your information. If you wish to deactivate your account, please email us at [email protected] but note we may continue to store information about you as required by law or for our legitimate healthcare business purposes. 


If personal data covered by this Privacy Shield Policy is to be used for a new purpose that is materially different from that for which the personal data was originally collected or subsequently authorized or is to be disclosed to a third-party, we will provide individuals with an opportunity to choose whether to have their personal data so used or disclosed. Requests to opt out of such uses or disclosures of personal data should be sent to [email protected].


Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of the Services.

Location Information

If you do not want us to collect Location Information from your device, please disable the location setting(s) on your device or delete the Apps. Please note that disabling the location setting may affect certain features of the Apps. 

Push Notifications

With your consent, we may send push notifications or alerts to your mobile device. You can deactivate these notifications at any time by changing the notification settings on your mobile device or within our Apps.


We reserve the right to change or replace this Privacy Policy at any time. Please check back from time to time to ensure that you are aware of any changes or updates to the notice. We will indicate the Privacy Policy’s effective date at the top of this page. Your continued use of the Services after changes have been posted indicates your consent to and amended terms of the Privacy Policy.

If we make material changes that would impact your use of the Services, we will endeavor to notify you of the changes, such as by posting a notice directly on the Services, by sending an email notification (if you have provided your email address to us), or by any other reasonable method.


If you have any questions or comments about this Privacy Policy, please contact us at [email protected] or by mail at:

Mindstrong, Inc.

303 Bryant Street

Mountain View, CA 94041

(650) 850-7050



  • HIPAA” is the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations.
  • Personal Information” is information that can be used to identify, contact or locate you. Examples of Personal Information such as your name, address, email address, telephone number, unique device identifier of the device you use to access the Services and other information you choose to provide as well as Protected Health Information under HIPAA.
  • Protected Health Information” is a subset of Personal Information that is protected by HIPAA. Your Personal Information is generally Protected Health Information if you are a health plan member or a patient of an Organization that is a “covered entity” under HIPAA and we are a “business associate” of the Organization under the Organization Agreement.
  • Location Information” is information that can be used to locate the device you use to access the Services. Location Information may include: (i) with your consent, the location of the device derived from GPS or WiFi use; (ii) the IP address of the device or internet service used to access the Services, and (iii) other information made available by a user or others that indicates the current or prior location of the user. Generally, we consider Location Information to be Personal Information unless the information is not Personal Information under applicable law. For more information about how you can control the collection of Location Information, please see “Your Choices” above.
  • Activity Data” is information that we collect about how you use the Services, including the following:
  • Communications: We collect information about how you communicate with your health care provider on the Services.
  • Other Functionality: We collect information associated with the performance exercises you take on the Services, the events and notes that you track on the Services, such as your medications and sleep habits, and other functionality that we may offer from time to time.
  • Non-Personal Information” is information that we collect, but it cannot be used to identify, contact or locate you. For example, your web browser type, operating system and mobile device model are Non-Personal Information. However, if we link Non-Personal Information to your Personal Information, we will treat such linked information as Personal Information in accordance with this Privacy Policy.
  • Log Data” is information that we automatically collect about your use of the Services and your mobile device. This type of information does not usually, by itself, uniquely identify an individual. It may include your IP address, web browser and operating system, device model and manufacturer, hardware or other device model number, mobile network information and time spent connected via an App or viewing a webpage. Generally, we do not consider Log Data to be Personal Information unless the Log Data is Personal Information under applicable law or linked to Personal Information for so long as it is linked.