Home

Privacy Policy

MindWise DBT Privacy Policy

Last updated: January 1, 2026

1. Information We Collect

We collect information you provide directly to us, including:

  • Personal information (name, email, phone number)
  • Health information (mood tracking, diary entries, crisis plans)
  • Usage data (exercises completed, progress tracking)
  • Emergency contact information
  • Device information and usage analytics (with your consent)
2. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), UK, and other GDPR-applicable regions, we process your data based on:

  • Consent: For health data processing and optional analytics
  • Contract: To provide the App services you requested
  • Legitimate Interest: For security, fraud prevention, and service improvement
  • Legal Obligation: To comply with applicable laws
  • Vital Interest: In emergency situations to protect your safety
3. How We Use Your Information

Your information is used for:

  • Providing personalized DBT therapy support
  • Tracking your progress and achievements
  • Emergency contact notifications when needed
  • Improving our services (with your consent)
  • Secure account authentication
4. Information Sharing

We do not sell your personal health information. We may share information only:

  • With your explicit consent
  • In emergency situations to protect your safety
  • As required by law
  • With service providers under strict confidentiality agreements (and HIPAA Business Associate Agreements where applicable)
  • With caregivers or therapists you explicitly authorize
5. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States. For transfers from the EEA/UK, we use Standard Contractual Clauses approved by the European Commission and implement appropriate safeguards to protect your data.

6. Data Security

We implement industry-standard security measures:

  • End-to-end encryption for sensitive data (AES-256)
  • Secure data storage with regular backups
  • Regular security audits and penetration testing
  • Limited access on a need-to-know basis
  • HTTPS/TLS encryption for all data in transit
7. Your Rights

Under GDPR and applicable laws, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a structured, machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time without affecting prior processing
  • Lodge Complaint: File a complaint with your local data protection authority
8. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy, or as required by law. You can configure your data retention preferences in the App settings. Upon account deletion, we will delete or anonymize your data within 30 days, except where retention is required by law.

9. HIPAA Compliance (United States)

For users in the United States, MindWise DBT is committed to compliance with the Health Insurance Portability and Accountability Act (HIPAA):

  • We treat mood tracking, diary entries, and crisis plans as Protected Health Information (PHI)
  • We maintain appropriate administrative, physical, and technical safeguards
  • Service providers with access to PHI sign Business Associate Agreements (BAAs)
  • We will notify you of any data breach affecting your PHI within 60 days as required by law
  • You have the right to request an accounting of disclosures of your PHI
  • You may request restrictions on how we use or disclose your PHI
10. GDPR Compliance (EEA/UK)

For users in the European Economic Area and United Kingdom:

  • Health data is processed as "special category data" with explicit consent
  • We process data lawfully, fairly, and transparently
  • Data is collected for specified, explicit, and legitimate purposes
  • We implement data minimization and storage limitation principles
  • You may contact your local Data Protection Authority to lodge complaints
  • UK users: Information Commissioner's Office (ICO) - ico.org.uk
  • Spain users: Agencia Española de Protección de Datos (AEPD) - aepd.es
11. Cookies and Tracking

We use only session cookies that are essential for App functionality. These cookies are temporary and are automatically deleted when you close the App or end your session. We do not use persistent cookies or third-party tracking cookies.

12. Children's Privacy

MindWise DBT is intended for users 18 years and older. We do not knowingly collect personal information from children under 18. If we learn we have collected such information, we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or in-app notification. Continued use after changes constitutes acceptance.

14. Contact Us

For privacy concerns, data requests, or to exercise your rights:

Email: info@mindwisedbt.com

We will respond to requests within 30 days (or 45 days for complex requests under HIPAA).