1. Introduction and Commitment

Mindid LLC (“we,” “us,” “our”) is deeply committed to protecting the privacy and security of your personal data, especially your sensitive mental health information. This Privacy Policy details how we collect, use, process, and safeguard your information when you engage with our mental health and wellness app services, use our website (mindid.us), or communicate with us. We process your data in accordance with applicable U.S. privacy laws, including the California Consumer Privacy Act (CCPA), Health Insurance Portability and Accountability Act (HIPAA) where applicable, and other relevant state and federal regulations.

It is important that you read this policy, together with any other privacy notices we may provide, so that you are fully aware of how and why we are using your data. This policy applies to all information collected by us, whether through our website, mobile app, in-person interactions, phone calls, or any other communication method.

2. The Data We Collect About You

We collect various types of personal data to provide and improve our mental health and wellness app services. We have grouped these as follows:

• Identity Data: Includes first name, last name, date of birth, gender, and preferred pronouns.
• Contact Data: Includes billing address, mailing address, email address, telephone numbers, and emergency contact information.
• Financial Data: Includes payment card details, transaction history, billing information, bank account information, and subscription details. (Note: Full payment card details are processed and stored by our secure third-party payment processors, not by us).
• Mental Health Data: Includes information about your mental health status, symptoms, mood patterns, stress levels, sleep patterns, and other health-related information you choose to share with us.
• Wellness Profile Data: Includes information about your wellness goals, preferences, challenges, and progress tracking data from our app services.
• Usage Data: Includes information about how you use our website and app, such as which features you use, how long you spend on each activity, your IP address, device information, and app performance data.
• Marketing and Communications Data: Includes your preferences in receiving marketing from us, your communication preferences, newsletter subscriptions, and your responses to surveys or feedback forms.
• Professional Data: Includes information about your profession, employer, and any professional relationships relevant to mental health services.

3. How Your Personal Data is Collected

We use different methods to collect data from and about you, including through:

• Direct Interactions: You may give us your Identity, Contact, Financial, Mental Health, and Wellness Profile Data by filling in forms (such as assessment forms, wellness questionnaires, or contact forms) or by corresponding with us in person, by phone, or by email.
• App Usage: As you interact with our mental health and wellness app, we may automatically collect Usage Data about your activities, progress, and engagement with our features and services.
• Automated Technologies: As you interact with our website, we may automatically collect Usage Data about your equipment and browsing actions by using cookies, web beacons, and other similar technologies.
• Third-Party Sources: We may receive data about you from third parties, such as analytics providers, advertising networks, social media platforms, and healthcare providers (with your consent).
• Public Records: We may collect information from public records and other publicly available sources relevant to our services.
• Professional Networks: We may collect information through professional networks, healthcare associations, and business referrals.

4. Legal Basis and Purpose for Using Your Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• To Perform a Contract: To fulfill our contractual obligations to you as a user, such as providing mental health and wellness app services, personalized recommendations, and delivering digital wellness solutions.
• Legitimate Interests: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. This includes improving our services, conducting research, and preventing fraud.
• Legal Obligation: To comply with a legal or regulatory obligation, such as maintaining health records, reporting requirements, or responding to legal requests.
• Consent: We rely on your explicit consent to process your Mental Health Data and Wellness Profile Data for the purpose of providing personalized mental health services and recommendations.
• Vital Interests: To protect your vital interests or those of another person, such as in emergency situations where your safety may be at risk.

5. Specific Uses of Your Data

We use your personal data for the following specific purposes:

• Service Delivery: To provide mental health and wellness app services, personalized recommendations, and therapeutic interventions.
• Mental Health Support: To analyze your mental health patterns, provide insights, and offer evidence-based interventions and support.
• Progress Tracking: To monitor your wellness journey, track progress, and provide feedback on your mental health improvements.
• Personalization: To customize your experience, provide relevant content, and adapt our services to your specific needs and preferences.
• Communication: To send wellness updates, service notifications, and respond to your inquiries and support requests.
• Research and Development: To improve our services, develop new features, and contribute to mental health research (with your consent and in anonymized form).
• Business Operations: To improve our services, conduct analytics, and maintain our business records.
• Compliance: To comply with regulatory requirements, maintain health records, and ensure legal compliance.

6. Data Security and Retention

We have implemented comprehensive security measures to protect your personal data, especially your sensitive mental health information:

• Technical Safeguards: SSL encryption, secure servers, firewalls, regular security updates, and advanced encryption for sensitive data.
• Administrative Safeguards: Access controls, staff training, regular security audits, and strict data handling procedures.
• Physical Safeguards: Secure storage of physical records and restricted access to our facilities.
• Mental Health Data Protection: Special additional protections for mental health data, including enhanced encryption and access controls.

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. By law, we are required to keep basic information about our users (including Contact, Identity, Financial, and Mental Health Data) for seven years after they cease being users for tax and legal purposes. Mental health records are retained for a minimum of seven years for legal and regulatory purposes.

7. Data Sharing and Third Parties

We may share your personal data with the following categories of third parties:

• Service Providers: Payment processors, cloud storage providers, email service providers, and IT support services.
• Professional Advisors: Lawyers, accountants, and other professional advisors who assist us in running our business.
• Healthcare Professionals: Mental health professionals, therapists, and other healthcare providers (only with your explicit consent).
• Research Partners: Academic institutions and research organizations (only with your consent and in anonymized form).
• Legal Requirements: When required by law, court order, or to protect our rights and the rights of others.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new entity.

We do not sell, rent, or trade your personal data to third parties for marketing purposes. We never share your mental health data without your explicit consent, except as required by law or to protect your safety.

8. Your Legal Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data. You have the right to:

• Request access to your personal data (commonly known as a “data subject access request”).
• Request correction of the personal data that we hold about you.
• Request erasure of your personal data (commonly known as the “right to be forgotten”).
• Object to processing of your personal data where we are relying on legitimate interests.
• Request restriction of processing of your personal data.
• Request transfer of your personal data to another party.
• Withdraw consent at any time where we are relying on consent to process your personal data.

If you wish to exercise any of these rights, please contact us using the information provided below. We will respond to your request within 30 days.

9. Cookies and Tracking Technologies

Our website and app use cookies and similar tracking technologies to enhance your experience, analyze usage patterns, and personalize content. You can control cookie settings through your browser preferences. However, disabling cookies may affect the functionality of our website and app.

10. Children’s Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children under 18. If we become aware that we have collected personal data from a child under 18, we will take steps to delete such information immediately.

11. Mental Health Data Special Protections

We recognize that mental health data is particularly sensitive and requires special protection. We have implemented additional safeguards for mental health data, including:

• Enhanced encryption for mental health data in transit and at rest
• Strict access controls and audit trails for mental health data
• Regular security assessments and vulnerability testing
• Staff training on mental health data protection
• Compliance with applicable mental health privacy regulations

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website and app, and updating the “Last Updated” date. We encourage you to review this policy periodically.