Privacy Policy

Effective Date: April 2021

This Privacy Policy explains how Mindstrong Inc. d/b/a Mindstrong Health (“Mindstrong,” “we,” “us” or “our”) collects, uses and discloses your information when you access or use our website located at or our other websites (“Sites”), our mobile applications (the “Apps”) and other online services, in each case that we own and/or operate and that link to this Privacy Policy (collectively, the “Services”) and when you otherwise interact with us. In addition, Protected Health Information that you provide to us for purposes of obtaining health care from Mindstrong Clinical Services, PC, or another independently owned professional practice will also be subject to the practices’ Notice of Privacy Practices, which is available here. To the extent of any conflict between this Privacy Policy and the practices’ Notice of Privacy Practices, the Notice of Privacy Practices will control.

Please note we enter into agreements (“Organization Agreements”) with employers sponsoring group health plans for their employees, health insurers, health care providers, research institutions, and other organizations (“Organizations”) that govern our use of Protected Health Information under HIPAA and certain other information about you that we receive from you or on behalf of the Organizations. To the extent that this Privacy Policy conflicts with any applicable Organization Agreement, the Organization Agreement will control. If you use the Services as a plan member or patient of an Organization and have questions about the treatment of your Protected Health Information, you should review the HIPAA Notice of Privacy Practices of the Organization or contact the Organization.

This Privacy Policy is incorporated into and made a part of the Terms of Service. Please review our Terms of Service because they govern your use of the Services and limit our liability to you. By using our Services, you agree that we may treat your information in the ways we describe in this Privacy Policy. If you do not agree with any term of this Privacy Policy or the Terms of Service, you may not use our Services.

Please use the following links to jump to the different sections of this Privacy Policy:


Collection of Information

Information You Provide to Us

Information We Collect Automatically When You Use the Services

How We Collect Your Information Through Our Apps

Information We Collect from Other Sources

How We Use Your Information

How We Share Your Information

Links to Other Sites


Do Not Track

Note to International Users

Your Rights

Changes To This Privacy Policy

Contacting Us



At Mindstrong, we believe that measurement-based care is fundamental to improving mental health care outcomes. Our suite of Apps measures brain health and provides access to healthcare services. Our Health App and Care App allow individuals to obtain care in a convenient location from providers who may be remote, and likewise enable providers to provide care to individuals who may be at a remote location, using these measurements of brain health. Please note the providers who deliver professional services through the Services are independent professionals practicing through Mindstrong Clinical Services, PC, or another independently owned professional practice.

Our Apps are designed to help us understand your activity, behavior and brain health so that we can tailor treatment specifically to your needs. To help us tailor our treatment, the Apps need to collect information about the ways in which you interact with your mobile device. For example, with your permission, the Apps may automatically collect information such as the patterns of your keystrokes, taps and scrolls, information collected from your device’s sensors, such as the gyroscope, accelerometer, or GPS. We also use the information we collect for other business purposes, such as to communicate with you to try and keep you engaged in your treatment, and to develop new products and services that may improve the treatment we provide.


When you access and use the Services, we may collect the following types of information from you:

Information You Provide to Us

We collect Personal Information and other information you provide directly to us. For example, we collect information when you register with our Services, contact us with inquiries and comments, complete and submit forms offered on the Services, engage with our Services, including use of their interactive features.

The types of information we may collect from you include:

  • Identifiers, such as your full name, phone number, email address, postal mail address, and any other information you may provide.
  • Demographic Information, such as your age and gender.
  • Any other information you choose to provide.

Information We Collect Automatically When You Use the Services

When you access or use the Services, the types of information we may automatically collect about you include:

  • Log Data: When you visit the Services, our servers automatically collect certain Log Data and other information about your activities on the Services.
  • Cookies and other Tracking Technologies: A cookie is a small file placed on your computer’s hard drive that collects and stores information about your equipment, preferences and browsing patterns. A web beacon (also referred to as clear gif, pixel tag or single-pixel gif) is a transparent graphic image used with cookies that enables us to record a user’s actions. We use cookies and web beacons on our Sites to analyze web page traffic, usage patterns, verify system and server integrity, and to tailor our Services to your individual interests. You can set your Internet browser settings to stop accepting new cookies, to receive notice when you receive a new cookie, to disable existing cookies, and to omit images (which will disable pixel tags). Note that the opt-out will apply only to the browser that you are using when you elect to opt out of advertising cookies. Please note, without cookies or pixel tags, you may not be able to take full advantage of all features of our Services. For more information about cookies, visit We use Google Analytics to help us understand how users engage with our Services. Google Analytics uses cookies, web beacons and other technologies to track your interactions with our Services, then collects that information and reports it to us, without identifying individual users. This information helps us improve our Services so that we can better serve users like you. For more information on Google Analytics, or to opt out of having your information used for such purposes, please visit

Please see the following section titled “How We Collect Your Information Through Our Apps” for app-specific information practices.

How We Collect Your Information Through Our Apps

Health App

  • The Health App collects your information when you are actively using the Health App, the Mindstrong Keyboard (on iOS devices), or when the Mindstrong Service (on Android devices) is running in the background. It will automatically collect information about the ways in which you interact with the touch screen on your mobile device, such as the patterns of your keystrokes, taps, swipes, and scrolls. The Health App will also automatically collect information about the other apps that you use, including the time of day that you opened each app. It may also collect Location Information and information from device sensors, such as accelerometers, gyroscopes, and other device functionality.
  • Outside of the Health App, (a) we will never collect any Personal Information typed when using your mobile device, such as names, addresses or credit cards, (b) without your express permission, we will not collect any specific letter, numbers, words or phrases typed when using your mobile device. Although the Mindstrong Keyboard will have visibility into the characters you type using the Mindstrong Keyboard, that information is stored locally on your device, and we do not process that information except as specified in this paragraph.
  • The Health App provides patients and members of Organizations with functionality to communicate with their healthcare providers remotely.
  • As described in the section titled, “How We Share Your Information”, we share information collected on the Health App with Organizations of which you are a patient or member. For example, if you use the Health App to communicate with your healthcare provider that is an Organization, we will share your information with such Organization.

Discovery App

  • The Discovery App supports academic medical centers and other Organizations in conducting clinical research studies to gather measurements about brain health or other information needed for their clinical research studies. The Discovery App is only used for participants of research studies, and only once the study participants have provided their written informed consent to participate in the study and any additional required privacy consent.
  • The Discovery App will collect information about the way you interact with the touch screen on your mobile device, such as the patterns of your keystrokes, taps and scrolls. Except for your response to questions and messages that you receive in the Discovery App, the Discovery App does not capture any other content from the use of your phone. It does not collect letters, numbers, words, or phrases that you type when using your phone. However, if you participate in an applicable study and have provided informed consent for the collection of additional information, the Discovery App may collect the following additional information:
    • Data relating to the frequency in which you type certain words using the Mindstrong Keyboard (“Histogram Data”);
    • Location Information and information from device sensors, such as accelerometers, gyroscopes, and other device functionality; and
    • Particular commands that you speak into your device (“Voice Data”) if prompted by the Discovery App in studies that require Voice Data.

If a research study does not require Histogram Data, Location Information or Voice Data we do not collect it.

  • On iOS devices, the Discovery App requires the installation of the included Mindstrong Keyboard. On Android devices, the Discovery app requires the activation of the Mindstrong Service. Please note that not providing consent to download the Mindstrong Keyboard or activate the Mindstrong Service, or subsequently disabling the Mindstrong Keyboard or Mindstrong Service, will affect certain features of the Discovery App.
  • As described in the section titled, “How We Share Your Information”, if you participate in a clinical research study, we share information collected during your use of the Discovery App with the Organization is conducting or sponsoring the research study.

Care App

  • The Care App is intended for use by Organizations, particularly healthcare professionals who will use the Care App to communicate with their patients.
  • If you are an employee, agent or contractor of an Organization and access or use the Care App on behalf of an Organization, we may ask you to provide information regarding your professional licensure or other qualifications.
  • The Care App does not use cookies or web beacons, and does not collect Location Information relating to the precise location of your mobile device.

Information We Collect from Other Sources

We may also obtain information about you from other sources and combine that information with information we collect from you directly. For example, if you are a health plan member or patient of an Organization, we receive Personal Information about you from your Organization so that we can provide Services to you. In addition, if you link your account to another service (like a social media platform, Apple HealthKit, or another third-party service), we may receive information from the other service, like how you use that service. Lastly, we may collect information about you when you post content to our pages and/or feeds on third party social media platforms.

By using the Services or contacting Mindstrong, you consent to be recorded, and for us to analyze and share such information for the purposes described in the section titled, “How We Use Your Information.” For example, when you conduct a virtual session with one of our Healthcare Professionals, we may record the session.


We may use your information in the following ways:

  • Administer your account: We may use your information to register you to use our Services, administer your account, and display and monitor your Service history, such as the sessions you have had with a Healthcare Professional.
  • Provide you the Services: We may use your information to provide our Services to you.
  • Fulfill your requests: We may use your information to provide you the information that you request. For example, we respond to your questions when you contact us, assist with any problems you report about our Services.
  • Communicate with you: We may contact you to share information and materials that we think might be of interest to you, including information about our Services and other products and services that promote health and wellness. You may unsubscribe from receiving emails about these products and services by using the unsubscribe link included in an email.
  • Enhance your experience: We use your information to personalize and enhance your experience when you use the Services, such as tailoring and remembering your preferences.
  • Improve our Services and Develop New Services: Your information helps us evaluate our Services and improve the content and functionality of our Services. In addition, your information may help us add new functionality to our existing Services or research and develop new products and services. For example, we may measure, research, and analyze trends, usage and activities in connection with the Services to create new features and content.
  • Protect Mindstrong and our Users: We may use information about you to detect, investigate and prevent fraudulent transactions and other illegal activities and protect the rights and property of Mindstrong and others.
  • Creation of De-Identified Information: We may use your Personal Information to create information that is de-identified in accordance with HIPAA, other applicable laws and our Organization Agreements with applicable Organizations. This de-identified information is not Personal Information, because it cannot be used to identify you, and may be used by us for any lawful purpose.

In addition to those purposes listed above, we may use your information for any other purpose disclosed to you at the time of collection. If any applicable law requires us to obtain your consent or other permission to use your Personal Information for a particular purpose, then we will request and obtain your permission before using your Personal Information for that purpose.


We may share your information as follows or as otherwise described in this Privacy Policy:

  • With Organizations: If you are a health plan member or patient of an Organization, then we will share your information with the Organization in accordance with the Organization Agreement and applicable law. You should review the Notice of Privacy Practices and/or other privacy policies of the Organization to understand how the Organization uses your information.
  • Clinical Service Providers. We may share your information with Mindstrong Clinical Services, PC, or any other medical groups or healthcare professionals who provide physician or other clinical services to you through our Services.
  • Other Service Providers: We may share your information, in an encrypted format, with third-party hosting and information security providers that provide computer, storage and information security resources to Mindstrong.
  • In the Event of a Corporate Transaction: In the event we go through a business transition, such as a merger, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy or sale of all or a portion of our assets, we may disclose your information to the party or parties to such transaction.
  • For Legal Purposes: We will disclose your information when we think it is necessary to investigate or prevent actual or expected fraud, information security breaches, criminal activity, injury or damage to us or others or when otherwise required by law, regulation, subpoena, or court order, or if necessary to protect our rights.
  • At Your Direction: We will share your information with third parties if and when you direct us to.
  • With Your Permission: If any applicable law requires us to obtain your consent or other permission to share your Personal Information for a particular purpose, then we will request and obtain your permission before sharing it for that purpose.

We may share de-identified information and other De-identified Non-Personal Information in all legally permissible ways.

Our Services may contain links to other sites that are not owned or controlled by us. Please be aware that we are not responsible for the privacy practices or content of such other sites. We encourage you to be aware when you leave our Sites. We encourage you to review the privacy policies of each and every website that collects Personal information as the privacy policy may differ from ours.


The security of your Personal Information is important to us. We have implemented and maintain reasonable technical, physical and administrative security measures intended to protect against unauthorized use, disclosure, alteration or destruction of the Personal Information we collect and maintain. You should keep in mind, however, that no information transmitted over the Internet is 100% secure and any information disclosed online can potentially be collected and used by persons other than the intended recipient. As a result, while we strive to protect your Personal Information, we cannot guarantee or warrant the security of any information you transmit to or from our Services.


Some web browsers incorporate a “Do Not Track” feature (“DNT”) that signals to the websites that you visit that you do not want to have your online activity tracked. Many websites and applications, including our Services, do not currently respond to web browser DNT signals because such signals are not yet uniform. For more information about DNT signals, please visit


If you access or use our Services or contact us from outside of the United States of America, please be advised that (i) any information you provide to us or that we automatically collect will be transferred to the United States of America; and (ii) that by using our Services or submitting information, you explicitly authorize its transfer to and subsequent processing in the United States of America in accordance with this Privacy Policy.


Account Information

Subject to any restrictions in our Organization Agreements, you may update, correct or otherwise modify information that we maintain about you at any time by logging into your online account or by emailing us at [email protected] If there are restrictions in an applicable Organization Agreement, we will provide contact information for the Organization so that you can ask the Organization to modify your information. If you wish to deactivate your account, please email us at [email protected] but note we may continue to store information about you as required by law or for our legitimate healthcare business purposes.

Location Information

If you do not want us to collect Location Information from your device, please disable the location setting(s) on your device or delete the Apps. Please note that disabling the location setting may affect certain features of the Apps.

Push Notifications

With your consent, we may send push notifications or alerts to your mobile device. You can deactivate these notifications at any time by changing the notification settings on your mobile device or within our Apps.


We reserve the right to change or replace this Privacy Policy at any time. Please check back from time to time to ensure that you are aware of any changes or updates to the notice. We will indicate the Privacy Policy’s effective date at the top of this page. Your continued use of the Services after changes have been posted indicates your consent to and amended terms of the Privacy Policy.

If we make material changes that would impact your use of the Services, we will endeavor to notify you of the changes, such as by posting a notice directly on the Services, by sending an email notification (if you have provided your email address to us), or by any other reasonable method.


If you have any questions or comments about this Privacy Policy, please contact us at [email protected] or by mail at:

Mindstrong, Inc.

101 Jefferson Dr,  Suite 228

Menlo Park, CA 94025

(650) 850-7050


  • HIPAA” is the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations.
  • Personal Information” is information that can be used to identify, contact or locate you. Examples of Personal Information such as your name, address, email address, telephone number, unique device identifier of the device you use to access the Services and other information you choose to provide as well as Protected Health Information under HIPAA.
  • Protected Health Information” is a subset of Personal Information that is protected by HIPAA. Your Personal Information is generally Protected Health Information if you are a health plan member or a patient of an Organization that is a “covered entity” under HIPAA and we are a “business associate” of the Organization under the Organization Agreement.
  • Location Information” is information that can be used to locate the device you use to access the Services. Location Information may include: (i) with your consent, the location of the device derived from GPS or WiFi use; (ii) the IP address of the device or internet service used to access the Services, and (iii) other information made available by a user or others that indicates the current or prior location of the user. Generally, we consider Location Information to be Personal Information unless the information is not Personal Information under applicable law. For more information about how you can control the collection of Location Information, please see “Your Choices” above.
  • Non-Personal Information” is information that we collect, but it cannot be used to identify, contact or locate you. For example, your web browser type, operating system and mobile device model are Non-Personal Information. However, if we link Non-Personal Information to your Personal Information, we will treat such linked information as Personal Information in accordance with this Privacy Policy.
  • Log Data” is information that we automatically collect about your use of the Services and your mobile device. This type of information does not usually, by itself, uniquely identify an individual. It may include your IP address, web browser and operating system, device model and manufacturer, hardware or other device model number, mobile network information and time spent connected via an App or viewing a webpage. Generally, we do not consider Log Data to be Personal Information unless the Log Data is Personal Information under applicable law or linked to Personal Information for so long as it is linked.