Privacy Policy

Last Updated: 26/10/2024

Mindset Health Pty Ltd (ABN 11 617 368 957) (Mindset, us or we) understands the importance of protecting the privacy of an individual’s personal information.

This Privacy Policy applies to people located in Australia and describes how we aim to protect the privacy of your personal information, your rights in relation to your personal information that we manage and the way we collect, hold, use and disclose your personal information.

In handling your personal information, we will comply with the Privacy Act 1988 (Cth) (Privacy Act) and with the Australian Privacy Principles in the Privacy Act and applicable health records legislation. This policy may be updated from time to time.

Personal information we collect

Personal information is information or an opinion about an identified, or reasonably identifiable, individual.  During the provision of our services and products, we may collect your personal information.

Generally, we collect the following kinds of personal information:

  • contact and identification details, such as your name, telephone number, email address, date of birth, and postal address;
  • service and product usage information, such as the information you provide to us when you interact with our services and products;
  • sensitive information including  health information that you may choose to provide in connection with accessing and using our services and products and to personalize your program, for example, information pertaining to IBS, menopause, pain, whether or not you smoke, or information about your worry and anxiety (including, but not limited to, self-reported symptoms or difficulties associated with worry, anxiety, mood, sleep, and stress);  
  • payment information needed to complete any purchases (including name, payment card information, billing information), and your transaction history. Payment information is processed by our third-party payment processor Stripe, in accordance with Stripe’s privacy policy and terms of service. We do not have access to payment card numbers;
  • communications that we exchange with you, including when you contact us with questions, feedback, or otherwise;
  • marketing information, such as your preferences for receiving communications about our services, products and publications, and details about how you engage with our communications; and
  • other information required for our functions and activities, including where required by law.

How we collect personal information

Generally, we collect your personal information directly from you, through your use of our services and products, including our app and our website, when you complete an online form, or where you interact with us by way of telephone, email, or post, for example:  

  • When you complete forms on our app or website. This includes information provided at the time of registering to use our services and products;
  • whenever you provide your personal information to us when reporting a problem with our services or products, making a complaint, making an enquiry, or contacting us for any other reason. If you contact us, we may keep a record of that correspondence;
  • details of your visits to our app or website, including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise, and the resources that you access (see our ‘Marketing and cookies’ section below); and
  • whenever you disclose your personal information to us, or we collect your personal information from you in any other way, through our app, website or otherwise.

There may be occasions when we collect your personal information from other sources such as from:

  • social media platforms. When you visit or interact with our pages on social media platforms such as Facebook, Instagram, Twitter, and LinkedIn, we may obtain your personal information from or through the platform; and
  • third-party logins. When you link, connect, or login to use our services and products through a third party service (e.g. Auth0), you direct the third party service to disclose to us personal information as controlled by that service or as authorized by you via your privacy settings at that service.

Generally, we will only collect your personal information from sources other than you if it is unreasonable or impracticable to collect your personal information from you.  

How we use personal information

We collect, hold, use and disclose personal information where it is reasonably necessary for the purposes of:

  • providing our services and products to you, including enabling you to create an account on our app,  administering, hosting, and operating our services and products; communicating with you and responding to any inquiries you may have, and analyzing your use of our services and products to allow us to evaluate and improve the services and products;
  • accounting, billing, quality assurance, and other internal administrative purposes;
  • notifying you about changes to our services and products;
  • enabling us to market or promote our services or products to you;
  • processing and dealing with any complaints or enquiries made by you;
  • research, development, benchmarking, and improving our services and products. We may use your personal information to analyze and improve our services or products, identify trends, and operate and expand our business activities. We may also create aggregated, anonymized, or other de-identified statistics, which we may use for lawful business purposes, including for analytics, forecasting, and strategic planning; and  
  • compliance and protection, including to enforce any applicable terms and conditions, comply with legal obligations, defend against legal claims or disputes, protect the security and integrity of our services and products, and identify and investigate fraudulent, harmful, unauthorized, unethical or illegal activity.
  • To improve and personalise your experience within the app using automated systems, including artificial intelligence (AI). These systems may tailor content, coaching, and features based on the information you provide.

We may also use your personal information for purposes related to the above purposes and for which you would reasonably expect us to do so in the circumstances, or where you have consented, or the use is otherwise in accordance with law.

Where personal information is used or disclosed, we take steps reasonable in the circumstances to ensure it is relevant to the purpose for which it is to be used or disclosed.

You are under no obligation to provide your personal information to us.  However, without certain information from you, we may not be able to provide our services and/or products to you.

To whom we disclose your personal information

We disclose your personal information for the purpose for which we collect it.  That is, generally, we will only disclose your personal information for a purpose set out in the ‘How we use your personal information’ section. This may include disclosing your personal information to:

  • clinicians. We may share your  personal information with your designated clinician at your direction and with your consent, including your log of events and other relevant personal information in order to allow the clinician to provide you with the appropriate level of assistance. You can stop the sharing of your personal information with a clinician member at any time by deleting that clinician on the app;
  • third party service providers. We share your personal information with companies and individuals that provide services on our behalf or help us operate our services and products or our business (such as hosting services, communications, data and cyber security services, billing and payment processing services, fraud detection, investigation and prevention services, web and mobile analytics, email and communication distribution and monitoring services, and customer relation management systems);
  • advertising partners. We may share your personal information that we collect on our website with third party advertising companies (including for interest-based advertising purposes), lead generation partners, and channel partners, resellers, and distributors that allow us to explore and pursue growth opportunities;
  • professional advisors. We may share your personal information with professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us;
  • regulatory bodies if and as necessary;  
  • business transferees. We may share your personal information with acquirers and other relevant participants in business transactions (or negotiations for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, Mindset or our affiliates (including, in connection with a bankruptcy or similar proceedings); and
  • as required by law.

Overseas disclosure

We may disclose personal information to overseas recipients in order to provide our services and/or products and for administrative or other business management purposes.

It is impracticable to list all countries in which recipients may be located. However, we are likely to disclose personal information to our parent company in the United States of America and to other related bodies corporate.

Overseas recipients may have different privacy and data protection standards. However, before disclosing any personal information to an overseas recipient, we take steps reasonable in the circumstances to ensure the overseas recipient complies with the Australian Privacy Principles or is bound by a substantially similar privacy scheme unless you consent to the overseas disclosure or it is otherwise required or permitted by law. If you have any queries or objections to such disclosures, please contact our Privacy Officer on the details set in the ‘Contact us’ section below.

Marketing and cookies

We may use and disclose your personal information for direct marketing in order to inform you of products and services that may be of interest to you. In the event you do not wish to receive such communications, you can opt-out by contacting us via the contact details set out in the ‘Contact us’ section below or through any opt-out mechanism contained in a marketing communication to you.

We may use your personal information for marketing and advertising, including for interest-based advertising. We engage our advertising partners, including third party advertising companies and social media companies, to advertise our services and products.

Cookies

We and our service providers may use cookies and other similar technologies to automatically log information about you, your computer or mobile device, and your interaction over time with our services and products, such as:

  • Device data, such as your computer’s or mobile device’s operating system, manufacturer and model, browser type, IP address, unique identifiers, language settings, mobile device carrier, and general location information such as city, state or geographic area; and
  • Usage data, such as pages or screens you viewed, how long you spent on a page, browsing history, and access times.

Cookies are text files that websites store on your device or in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, and helping us understand user activity and patterns.

Opt-out

Opt-out of push notifications. If you opt in to receive push notifications within the app, we may send push notifications or alerts to your mobile device from time to time. You can deactivate push notifications and alerts at any time by changing your device settings, changing the push notification settings within the application, or deleting the app. You may contact us if you wish to opt-out of personalised content or data suggestions via automated systems, including artificial intelligence (AI).

Opt-out of interest-based advertising. You may limit online tracking by:

  • Blocking cookies in your browser. Most browsers let you remove or reject third-party cookies, including cookies used for interest-based advertising. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org.
  • Blocking advertising ID use in your mobile settings. Your mobile device settings may provide functionality to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.
  • Using privacy plug-ins or browsers. You can block our websites from setting cookies used for interest-based ads by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, Ghostery, or uBlock Origin, and configuring them to block third party cookies/trackers. You can also opt out of Google Analytics by downloading and installing the browser plug-in available at: https://tools.google.com/dlpage/gaoptout.  
  • Platform opt outs. The following advertising partners offer opt out features that let you opt out of use of your information for interest-based advertising:
    • Google: www.adsettings.google.com    
    • Facebook: https://www.facebook.com/about/ads
    • Advertising industry opt out tools. You can also use these opt out options to limit use of your information for interest-based advertising by participating companies:
    • Digital Advertising Alliance for Websites: outout.aboutads.info  
    • Digital Advertising Alliance for Mobile Apps: https://youradchoices.com/appchoices
    • Network Advertising Initiative: optout.networkadvertising.org

Note that because these opt out mechanisms are specific to the device or browser on which they are exercised, you will need to opt out on every browser and device that you use.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to "Do Not Track" or similar signals. To find out more about "Do Not Track," please visit http://www.allaboutdnt.com.

Research participation

We may engage in clinical research and trials that use only aggregated and de-identified data we have collected.  If you would not like your personal information used in our studies, please contact us via the contact details set out in the ‘Contact us’ section below.

Data security

We take steps reasonable in the circumstances to ensure that the personal information we hold is protected from misuse, interference and loss and from unauthorised access, modification or disclosure.  

We hold personal information in electronic form on secure servers, including by means of firewalls, encryptions, logins and password protection, accessible only by authorised users.  

We also hold personal information in hard copy form, accessible only by authorised users with an office access pass.  

We will destroy or de-identify personal information on request, unless we are otherwise required or authorised by law to retain the information. We may delete or de-identify personal information in circumstances where it is no longer required.

Children

Our services and products are not intended for use by children without the consent of their parents or guardians. If we learn that we have collected personal information through our services or products from an individual under 15 without the consent of the child’s parent or guardian as required by law, we will delete or destroy it.

Can you access and correct the personal information that we hold about you?

We take steps reasonable in the circumstances to ensure personal information we hold is accurate, up-to-date, complete, relevant and not misleading.  Under the Privacy Act and applicable health records legislation, you have a right to access and seek correction of your personal information that we collect and hold.  

If at any time you would like to access or correct the personal information that we hold about you, or you would like more information on our approach to privacy, please contact our Privacy Officer on the details set out in the ‘Contact us’ section below.

We will grant access to the extent required or authorised by the Privacy Act and applicable health records legislation and take steps reasonable in the circumstances to correct personal information where necessary and appropriate.  

To obtain access to your personal information:

  • you will have to provide proof of identity to ensure that personal information is provided only to the correct individuals and that the privacy of others is protected;
  • we request that you be reasonably specific about the information you require; and
  • we may charge you a reasonable administration fee, which reflects the cost to us, for providing access in accordance with your request.

If we refuse your request to access or correct your personal information, we will provide you with written reasons for the refusal and details of complaint mechanisms. We will also take steps reasonable in the circumstance to provide you with access in a manner that meets your needs and our needs.

We will endeavour to respond to your request to access or correct your personal information within 30 days from your request.  

Contact us

For further information or enquiries regarding your personal information, or if you would like to opt-out of receiving any promotional or marketing communications, please contact our Privacy Officer at: privacy@mindsethealth.com.

Privacy complaints

Please direct all privacy complaints to our Privacy Officer.  At all times, privacy complaints:

  • will be treated seriously;
  • will be dealt with promptly;
  • will be dealt with in a confidential manner; and
  • will not affect your existing obligations or affect the commercial arrangements between you and us.

Our Privacy Officer will commence an investigation into your complaint.  You will be informed of the outcome of your complaint following completion of the investigation. If you are dissatisfied with the outcome of your complaint, you may refer the complaint to the Office of the Australian Information Commissioner.

Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy. We may also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via e-mail (if you have an account where we have your contact information) or another manner.

A digital therapeutic
by Mindset health
Fax: 212-377-0271
Try Nerva
Start QuizBlogClinician Directory
For Clinicians
Share with a patientLog in to ConnectClinicians' Course
Research & Resources
ResearchMechanism of ActionArticlesResourcesWebinars
About
Mindset HealthJoin the teamMedia & PressOrganizationsSupport & Contact
AICPA SOC badge
Nerva’s data is securely managed in compliance with SOC-2 standards
AICPA SOC badge
Nerva’s data is securely managed in compliance with SOC-2 standards
Mindset Health logo
*Disclaimer: Nerva is a self-guided apps that may help people self-manage and live well with their diagnosed irritable bowel syndrome. Nerva has not been evaluated by the FDA, TGA, MHRA or similar regulatory bodies. Users are directed to not make any changes to their prescribed medication or other type of medical treatment without seeking professional medical advice. Some in-app coaching content may be generated by an AI system for educational and wellness purposes only and does not replace professional medical care, diagnosis, or treatment.
® Nerva
© 2025 Mindset Health Pty Ltd
Cookies
Data collection Policy
Terms & Conditions
Privacy Policy
Preferences saved