CredibleMind, Inc. (“CredibleMind”, “Company”, “We”, “Our”) respects your privacy and fully acknowledges the great responsibility that comes with safeguarding sensitive data, such as information about your mental health and life journey. We are committed to protecting it through our compliance with this policy.

This document describes the types of information we may collect or that you may provide when you access, use or register with CredibleMind’s website and mobile application (collectively “Services”) and our practices for using, maintaining, protecting and disclosing that information.

Please read this carefully to understand our policies and practices regarding your information and how we will treat it. By using or registering with our Services, you agree to this Privacy Policy. Your continued use of our Services after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates as it may change from time to time.

Information We Collect and How We Collect It

We collect information from and about users of our Services:

• Directly from you when you provide it to us.

• Automatically when you use the Services.

Information You Provide to Us

When you use or register with the Services, we may ask you provide information by which you may be personally identified, such as your name, telephone number, postal address, email address, location, credit card information and any other identifier by which you may be contacted online or offline (“Personal Information”).

This information includes:

• Information that you provide by filling in forms in the Services. This includes information provided at the time of registering to use the Services, completing questionnaires and assessments, posting material and requesting services. Depending on the data you provide, it may also contain information about your general health (e.g. other health conditions) and lifestyle information (e.g., nutrition, exercise, if you smoke).

• Details of transactions you carry out through the Services and of the fulfillment of your orders. You may be required to provide financial information before placing an order through the Services.

• Records and copies of your correspondence (including e-mail addresses and phone numbers), if you contact us. We may also ask you for information when you report a problem with the Services.

• Your responses to surveys that we might ask you to complete for research purposes.

Automatic Information Collection

When you download, access and use the Services, it may use technology to automatically collect:

• Usage Details. When you access and use the Services, we may automatically collect certain details of your access to and use of the Services, including traffic data, location data, logs and other communication data and the resources that you access and use on or through the Services.

• Device Information. We may collect information about your computer, mobile device and internet connection, including the computer or mobile device’s unique device identifier, IP address, operating system, browser type, mobile network information and the device’s telephone number.

Cookies, Web Beacons, and Tracking

Our website uses cookies, which are small text files that are intended to make the Services better for you to use. In general, cookies are used to retain preferences, store information for things like shopping carts, and provide tracking data to third-party applications like Google Analytics. You may, however, disable cookies on the Services. The most effective way to do this is to disable cookies in your browser. We suggest consulting the help section of your browser or doing your own web research on how to disable cookies.

Please note that linked third-party websites may also use cookies. We cannot control the use of cookies by these third-party websites. For example, when you link from our website or app to a third-party website, that website may have the ability to recognize that you have come from CredibleMind by using cookies. If you have any questions about how third-party websites use cookies, you should contact such third parties directly.

We may also employ software technology known as “web beacons” or “clear GIFs,” which helps us keep track of what content on our service is effective. Web beacons are small graphics with a unique identifier that are used to track the online movements of Internet users. Web beacons are embedded in the web pages you review, so they are not stored on your hard drive. The web beacons we may use will not track or collect any personally identifiable information about you and they are in no way linked to your personally identifiable information.

The Services also use third-party analysis and tracking services to track the performance of our services, understand how you use our services, and offer you an improved and safer experience.

Information on your usage of our Services may be collected and processed by CredibleMind, Inc. or a third party engaged by CredibleMind using a unique identification number assigned to you. Such usage information will be deleted as soon as this information is no longer required for the purpose collected, and will not be shared with third parties until after being anonymized.

Your Consent for CredibleMind Tracking and Analysis

By using our app and our website you consent that CredibleMind may use cookies and third-party services, and collect your usage data under a unique identifier, for the purposes of tracking, analysis, and improvement of our Services.

You may withdraw your consent at any time, by either disabling cookies on your device or following the instructions on how to withdraw your consent individually for each third-party provider CredibleMind uses for its third party tracking and analysis services.

For the purpose of tracking the performance of our services and to improve our Services, CredibleMind uses the following third-party services:

Google Analytics

Our website uses Google Analytics, a web analysis service operated by Google Inc. (“Google”). Google Analytics uses cookies (text files) stored on your computer to allow for analysis of your visits to websites and interactions with them in order to personalize your experience and improve our services. Information produced via cookies will be transferred to and stored on a server in the USA operated by Google.

Google analyzes this information to offer reports for CredibleMind on website usage and online usage of associated services. Google may also transfer this information to third parties either when this is required by law or when third parties are contracted by Google to process this data. Google will not allow your IP address to be linked to any other personal data. You can prevent cookies from being stored on your computer by changing your browser settings; however, if you choose to do this, your experience when visiting our website or using some of our features may be altered.

By using the Services, you consent to have non-personal data used and processed by Google as described above. You can withdraw consent for this use of your data at any time, but this withdrawal only applies to future activities.

Facebook Lookalike Audience

If you have communicated to Facebook that you are using the Services, CredibleMind may use this information via a Facebook advertising service called “lookalike audiences” to identify potential new CredibleMind users based on the Facebook characteristics of certain existing CredibleMind users (e.g. what they liked on Facebook). We use this service in order to reach more people with similar attributes or behavior to our existing users. For this purpose we may share your email address with Facebook if you log in to CredibleMind using your Facebook account or if you downloaded CredibleMind via a Facebook advertisement. In other words, if you never told Facebook you use CredibleMind, we will not share that information. Additionally, CredibleMind does not in any way share data you are tracking in the app (e.g. what symptoms you experience) or any other personal information with Facebook.

Social Media or Third Party Platforms

As described in the Terms of Use, if you connect your CredibleMind account with your account on a Social Media or third party platform, we may use the information that you make available through the applicable Social Media or third party platform and that the applicable Social Media or third party platform has made available to CredibleMind, in accordance with the privacy or other settings that are applicable to your Social Media or third party platform account.

The above-mentioned companies are either EU-based or compliant with the EU-US Privacy Shield Framework that ensures that European data privacy requirements are met. The privacy policy of these services can be found on their respective websites. Read more about the EU-US Privacy Shield Framework.

Use of Personal Information We Collect

We may use the information we collect from you in the following ways:

• To set up your account with us. You may also choose to provide us with access to certain personal data stored by third parties including social media, such as Facebook and Google+. • To personalize your user experience and to allow us to deliver the type of content and offerings in which you are most interested.

• To deliver service messages and other services and content you request and send information related to accounts and services, including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages.

• To conduct an aggregated analysis of the performance of our Services, including referral data if you arrive at our website from an external source.

• To store your credit card information in order to expedite future orders and automate the billing process.

All the data we collect at CredibleMind is necessary for CredibleMind to deliver the services you use. The amount we collect has been minimized wherever possible to respect your privacy.

CredibleMind does not store sensitive personal data about your health and activities without your explicit permission. It is only when you give us explicit consent by creating a CredibleMind account that we start storing all your health and sensitive data on our secured servers, alongside the personal data necessary to create an account.  You can withdraw your consent at any time by simply deleting your account in the app or on our website. Here is the type of data we collect and store when you take our assessment and create an account:

Should you still disagree with the collection and processing of this data, we recommend you stop using our services or contact us at privacy@crediblemind.com to delete your account.

Personal data without registration

If you visit our website, we may record your activities, preferences, and transactional data (such as your IP address and browser type), as well as the content you view during your use of the Services. You may also take our assessment, which asks questions about your health, symptoms, and lifestyle information. We may use this data (to the extent de-identified or aggregated) for any purpose unless we tell you otherwise in connection with a particular Service. While we may collect or log this information, we do not identify you individually with it unless you voluntarily provide us with your email address to receive a link to your assessment results.

Forums

We may make available your personal data through the the Services (for example, discussion boards, blogs, activities, polls, games and other communication forums) (each, a “Forum”) to which you post information and materials. Any information, text, and images posted or disclosed by the user on or through such Forums may be visible to the user’s group(s) and authorized personnel, administrators, visitors to the Services, and other users of the website or the app. Specifically, personal information such as the picture you’ve uploaded and your screen name may be available for other users to view when you make a posting to such Forums. Information regarding your activities in such services may also be available for view by other users. (For example, other users may be able to view a list of all postings you have made in all available Forums.) Any postings you have made to a Forum may also be available for view later by users of the website or the app by scrolling to older posts on the Forum. We urge you to exercise discretion and caution when deciding to disclose your personal data, such as your health information, or any other information, through a Forum or otherwise through the website.

In the case of your use of Forums, as described above, we are not responsible for the use by others of any information, including personal information, that is disclosed by you or on your behalf by your system in such Forums. By disclosing any of your information via Forums, you acknowledge and accept any risk and damage arising from disclosure of such information.

Scientific Research and Spiritual Growth

The vision of CredibleMind is to help improve access to credible high-quality resources to move people on the scale of languishing to flourishing. Mental and spiritual health has historically been underserved as a field of research. CredibleMind is on a mission to contribute to mental and spiritual health research by sharing user data for the purposes of scientific and medical research.

We plan to collaborate with academic researchers. We want to make it very clear that we will personally select our scientific collaborators with the utmost care and, most importantly, that we only provide data for scientific research after it has been anonymized following a strict protocol that involves the removal of any information that could be used to identify any specific user.

Finally, because we believe that research should benefit everyone, CredibleMind will publish the results of our academic, clinical, or internal research in ways that are easy to read for all our users.

Once again, you can withdraw your consent to use of your data for these purposes at any time by deleting your account. If you do this, your data won’t be included in any future research partnerships.

Legal Basis for Processing Personal Information

Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.

However, we will normally collect personal information from you only (i) where we need the personal information to perform a contract with you; (ii) where the processing is in our legitimate interests and not overridden by your rights; or (iii) where we have your consent to do so.  We have a legitimate interest in operating our Services and communicating with you as necessary to provide these Services, for example when responding to your queries, improving our platform, undertaking marketing, or for the purposes of detecting or preventing illegal activities.

In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.

If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).

Your Consent for Processing Health and Sensitive Data

If you create an account with CredibleMind., your personal data—including sensitive data and data related to your health—is stored and processed on CredibleMind servers. By creating an account with CredibleMind you explicitly consent that:

i. CredibleMind may store and process personal data you provide through the usage of the Services, and through the account creation process solely for the purpose of providing CredibleMind services to you and to improve CredibleMind’s service features. Such CredibleMind services may include sending you information and reminders through the CredibleMind app, the email address you provided to CredibleMind, or by SMS/text message to the mobile phone number you provided to CredibleMind.

ii. Personal data you provide to CredibleMind through assessments and the account creation process includes personal data you enter into the CredibleMind app, such as your account data (e.g. your name and email address), and your personal profile data. Depending on the data you provide, it may also contain information about your general health (e.g. other health conditions) and lifestyle information (e.g., nutrition, exercise, if you smoke).

iii. CredibleMind will not transmit any of your personal data to third parties, except if it is required to provide the CredibleMind service to you (e.g. technical service providers), unless CredibleMind has asked for your explicit consent.

Your Rights and General Data Protection Regulation (GDPR) Compliance

We believe that privacy—including data privacy—is a fundamental right that we all possess. At CredibleMind we strive to ensure that your rights are respected. Here are some key facts about your privacy that we would like you to know:

i. Our products and services have been designed to minimize the use of your personal data. We only collect and process your data for the purposes that have been previously outlined.

ii. The security of our servers is routinely verified by experts to protect your data from unauthorized access. You can contact us at privacy@crediblemind.com if you have any questions about the security of our services.

iii. We do not retain your data in an identifiable format for longer than necessary to deliver our services.

iv. CredibleMind is not a clinical decision-making or clinical profiling system.

As a user of CredibleMind’s services and website, you may exercise your user rights to:

i. Request information on your personal data processed by CredibleMind. Upon your request, this information will be provided to you electronically. If you reside in the EU or Switzerland, you may access your information by sending a request to CredibleMind at the address specified in “Contacting Us” information below. If you reside in California and have provided your personally identifiable information to us, you may request information once per calendar year about our disclosures of certain categories of your personally identifiable information to third parties for their direct marketing purposes. Such requests must be submitted in writing using the email address in the “Contacting Us” section below.

ii. Gain access to your information by requesting a backup of your data in a format that is readable by other companies or organizations (data portability).

iii. Correct your personal information and health data in your profile settings and in the tracking categories available in the CredibleMind app and/or website.

iv. Withdraw your consent from data processing at any time by deleting your account and/or unsubscribing from our newsletter by clicking the link at bottom of the email or by contacting support@crediblemind.com.

v. Request the complete deletion of your data, including all past data sent to third-party services used for tracking and analysis, by reaching out to privacy@crediblemind.com. Your data will be deleted within 30 days. We will not delete the posts or comments you’ve written and shared publicly, including on social media or in any Forum.

vi. Log a complaint with the relevant supervising authority if you believe CredibleMind is processing your personal data under violation of applicable data protection regulations.  For more information, please contact your local data protection authority.We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

Your Data Protection Rights under the California Consumer Privacy Act (CCPA)

The California Consumer Privacy Act (“CCPA”) provides consumers with specific rights regarding their Personal Information. If you are a California resident, you have the right to:

• Request we disclose to you free of charge the following information covering the 12 months preceding your request: (a) the categories of Personal Information about you that we collected; (b) the categories of sources from which the Personal Information was collected; (c) the purpose for collecting Personal Information about you; (d) the categories of third parties to whom we disclosed Personal Information about you and the categories of Personal Information that was disclosed (if applicable) and the purpose for disclosing the Personal Information about you; and (e) the specific pieces of Personal Information we collected about you;

• Request we delete Personal Information we collected from you, unless the CCPA recognizes an exception;

• If the business sells Personal Information, you have a right to opt-out of that sale.

Consistent with California law, if you choose to exercise your applicable CCPA rights, we won’t charge you different prices or provide you a different quality of services. If we ever offer a financial incentive or product enhancement that is contingent upon you providing your Personal Information, we will not do so unless the benefits to you are reasonably related to the value of the Personal Information that you provide to us. If you are a California resident and wish to exercise your rights under the CCPA, please contact us at privacy@crediblemind.com.

Data Security

We apply security measures to protect against the misuse, loss, and/or alteration of personal information under our control. We follow industry best practices when transferring and storing your data. Though we cannot ensure or guarantee that misuse, loss or alteration of information will never occur, we use all reasonable efforts to prevent it. No storage facility, technology, software, security protocols or data transmission over the Internet can be guaranteed to be 100% secure. Computer hackers that circumvent our security measures may gain access to certain portions of your personal data, and technological bugs, errors and glitches may cause inadvertent disclosures of your personal data; provided, however, that any attempt to breach the security of the network, our servers, databases or other hardware or software constitutes a crime punishable by law. For the reasons mentioned above, we cannot warrant that your personal data will be absolutely secure. Any transmission of data at or through the CredibleMind website and app is at your own risk.

How CredibleMind Stores Your Personal Data

If you have an account with CredibleMind, your personal profile data is stored separately from your health data and your service settings. This allows us to ensure the highest possible level of privacy for your information. Your password is stored using one-way encryption (“hashing” plus “salting”) and it cannot be read by us. Your data is transmitted between your device and CredibleMind’s servers using the HTTPS protocol for encryption. HTTPS is the same technology used to create secure connections for your web browser and is indicated by a padlock icon in the URL bar of your browser.

The Services are operated in the United States of America. If you are located in another jurisdiction, please be aware that information you provide to us may be transferred to, stored and processed in the U.S.A. By using the Services or providing us with any information, you consent to this transfer, processing, and storage of your information in the U.S.A., a jurisdiction in which the privacy laws may not be as comprehensive as those in the country where you reside or are a citizen. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

CredibleMind’s Recommendations for Protecting Your Data

We believe the biggest threat to the security and privacy of your data is if someone—probably someone you know—gains access to any of your devices. The data you enter into CredibleMind is private and it should stay that way. We have outlined some ways to keep your devices secure below.

Protect your CredibleMind account:

For any CredibleMind-related account, we recommend choosing passwords that are:

• Unique (not re-used anywhere else)

• Complex (a mix of letters, numbers, symbols, uppercase, and lowercase; not easily guessed)

• Long (greater than 5 characters)

• Changed regularly (at least once a year)

Protect your device: 

i. Activate either PIN, TouchID (iPhone 5S-8), or FaceID (iPhone X) authentication for your device. This automatically encrypts your CredibleMind data and prevents any person from using your device without your permission.ii. Set up a feature that will allow you to erase all the data from your device if it’s been lost or stolen. For iOS, activating this feature is a two-step process: first, you need to Activate “Find My iPhone” via iCloud (see instructions on Apple Support pages) and then enable “Erase your device” (see instructions on Apple Support pages).For Android, download and set up Find My Device (formerly Android Device Manager) from the Google Play Store and, if needed, use the connected web interface to lock or wipe your phone remotely.

Data transfer to third-party applications

Any personal data collected from you may only be transferred to countries outside the United States and European Union / the European Economic Area (EEA) observing applicable privacy regulations and ensuring that your privacy rights remain protected.

Apple Health (iOS)

CredibleMind will not exchange any personal data with Apple’s Health app without your prior approval. Approval is given by you in the relevant settings of the Health app or within the CredibleMind app during initial user profile setup or via app settings and can be revoked by you at any time. If you have given your approval, CredibleMind may interact with the Health app on your iOS device and read and/or write information between the CredibleMind app and Health. This may include a transfer of your personal data to Apple servers located outside the European Union.

You can choose if and to what extent your personal data is exchanged between CredibleMind by granting or revoking appropriate permissions in Health app settings. Please refer to the Privacy Information of Apple Health for further information.

Google Fit

CredibleMind will not exchange any personal data with Google Fit without your prior approval, such approval is given by you in the relevant settings of Google Fit or within the CredibleMind app during initial user profile setup or via app settings and which can be revoked by you at any time. If you have given your approval, CredibleMind may interact with Google Fit on your Android device and read and/or write information between the CredibleMind app and Google Fit. This may include a transfer of your personal data to Google servers located outside the European Union.

You can choose whether or not your personal data is exchanged between CredibleMind and Google Fit by granting or revoking appropriate permissions in Google Fit settings. Please refer to the Privacy Information of Google Fit for further information.

Third-party wearable devices (Fitbit, Ōura, and others)

CredibleMind will not exchange any personal data with third-party wearable devices you own and/or use, such as Fitbit, Ōura, and others, without your prior approval. Such approval is given by you in the relevant settings of your wearable device or in CredibleMind app settings and can be revoked by you at any time. If you have given your approval, CredibleMind may interact with the respective third-party services in order to read the data they store.

You can choose whether or not your personal data is exchanged between CredibleMind and these third-party devices by granting or revoking appropriate permissions in their respective settings. Please refer to the Privacy Information of your wearable device provider for further information.

Other Third Parties. We may permit our third-party agents, service providers, vendors and subcontractors (such as vendors and suppliers that provide us with technology, services, advertising and marketing assistance or content in connection with our operation and maintenance of the website and app and CredibleMind offerings) to access usage data, but they are only permitted to do so in connection with performing services for us or to operate the website, app, and offerings. Third parties are not authorized to use your personal data for their own benefit.

We may also supplement the information that we collect with information from other sources to assist us in evaluating and improving the website, app, and offerings, and to determine your preferences so that we can tailor the website, app, and offerings to your needs.

Information that we collect about you also may be combined by us with other information available to us through third parties for research and measurement purposes, including measuring the effectiveness of content, advertising or programs. This information from other sources may include age, gender, demographic, geographic, personal interests, product purchase activity or other information. We may report aggregate information, which is not able to be identified back to an individual user of the website, to our current or prospective advertisers and other business and research partners.

Our website and app contains links to third-party owned and/or operated websites. CredibleMind is not responsible for the privacy practices or the content of such websites. In some cases, you may be able to make a purchase through one of these third-party websites. In these instances, you may be required to provide certain information, such as a credit card number, to register or complete a transaction at such website. These third-party websites have separate privacy and data collection practices and CredibleMind has no responsibility or liability relating to them.

We reserve the right to release current or past personal data: (i) in the event that we believe that the website, app, or offerings is/are being or has/have been used in violation of the Terms and Conditions or to commit unlawful acts; (ii) if the information is subpoenaed; provided, however, that, where permitted by applicable law, we shall provide you with e-mail notice, and opportunity to challenge the subpoena, prior to disclosure of any personal data pursuant to a subpoena; or (iii) if CredibleMind is sold, merged or acquired; provided, however, that if CredibleMind is involved in a merger, acquisition or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on the website of any change in ownership or uses of your personal data, as well as any choices that you may have regarding your personal data.

Updating and Accessing Your Personal Information

If your Personal Information changes, we invite you to correct or update your information. We will retain your information for as long as your account is active or as needed to provide you services. If you wish to cancel your account, request that we no longer use your information to provide you services, or delete your Personal Information, you may do so through your account settings, or contact us at privacy@crediblemind.com. We will respond to your request to have your Personal Information updated as soon as possible. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Communications and Newsletter Activities

CredibleMind uses your personal information, such as your email address, to contact you with messages, emails, and newsletters. These include push notifications and in-app messages, informational content about health delivered to you via email, as well as occasional promotional materials that may be of interest to you, also sent via email.

Such services are only provided to you if you have signed up for the newsletter service or given your consent for these notifications. You can withdraw your consent at any time from either or both of the two—you can unsubscribe from our newsletter by clicking the unsubscribe link at the bottom of the message and disable notifications sent by CredibleMind in your account settings.

Notwithstanding the foregoing, we may continue to contact you for the purpose of communicating information relating to your request for CredibleMind services, as well as to respond to any inquiry or request made by you. To opt-out of receiving CredibleMind service-related and inquiry response-related messages from CredibleMind, you must stop requesting and/or utilizing the Services and stop submitting inquiries to CredibleMind, as applicable.In order to provide these services, CredibleMind may forward information such as your email address to third-party providers in order to carry out such newsletter service or notification. These providers include the Rocket Science Group LLC (“MailChimp”), located in Atlanta, USA, which may process your email address, name and usage data to send you informational and occasional commercial content via email.The privacy policy of these services can be found on their respective websites. These three companies are compliant with the EU-US Privacy Shield Framework that ensures that European data privacy requirements are met.

If you choose to send a link to refer CredibleMind to a friend or family member, that person will receive an email from your email address that has a link to CredibleMind. If you do not want that person to know your email address you should not send such a link.

If you’d like to enter a promotion or contest we’re running, we may ask you to provide personal data so that we can let you know if you won a prize. The specific rules and regulations governing the particular promotion or contest will vary, and your participation constitutes your agreement to abide by those rules and regulations.

Notice Concerning The Information Of Children

CredibleMind does not knowingly collect or use personal data from children under the age of 13. By registering to a CredibleMind account you are required to confirm that you are at least 13 years old.

If CredibleMind gains actual knowledge that the information has been collected from children under the age of thirteen in the United States in contradiction with the Children’s Online Privacy Protection Act of 1998 and the regulation thereunder, CredibleMind will not disclose this data and reserves the right to immediately delete the account and wipe all related information, including health and sensitive data of the user, from our servers.

If you are located in the EU, you can only use our services if you are over the relevant age at which you can provide explicit consent to the processing of your data under the laws of your country or if you have the consent of your parent or legal guardian. If you are a parent and learn that your child is using CredibleMind without your permission or if you have any specific question about data privacy at CredibleMind, do not hesitate to get in touch with us at privacy@crediblemind.com.

Changes to this Privacy Policy

CredibleMind reserves the right to amend this Privacy Policy from time to time to reflect changes in the law, our data collection and data use practices, the features of CredibleMind’s services, or advances in technology. Please check this page periodically for changes. If we make a change to this Privacy Policy that, in our sole discretion, is material, we will notify you by posting notice of these changes in this Privacy Policy.

Contact Us

If you have any questions about this Privacy Policy, please contact us by email at privacy@crediblemind.com or by regular mail at:

CredibleMind., 130 Liberty Ship Way, #3200, Sausalito, CA 94965

Last Update: February 22, 2021