← Back to Blog

Privacy, Transcripts, and Trust: Mental Health Data in the Age of AI

3 min read

Privacy, Transcripts, and Trust: Mental Health Data in the Age of AI

People disclose secrets to mental wellness apps that they hide from family, employers, and sometimes even therapists. That intimacy makes data governance inseparable from product quality. A slick interface cannot compensate for murky retention rules or silent use of chats as training data.

The threat model is wider than hackers

Yes, breaches matter. But so do insider access, unclear subprocessors, law enforcement requests, accidental logging of secrets in third-party analytics tools, and business model pivots that retroactively change policies. WHO's AI ethics work stresses autonomy, confidentiality, and accountability precisely because these failures harm real people[^who].

Questions worth asking before you press send

  • Retention: How long are transcripts stored? Can you delete them permanently, not only hide from your UI?
  • Training: Are conversations used to improve models? If so, is that opt-in, anonymized, and contractually limited?
  • Location: Which countries host servers, and which privacy laws apply?
  • Human review: Do employees ever read sessions for quality control? Under what safeguards?
  • Export: Can you take your history with you if you leave?

Why "encrypted" is not a complete answer

Encryption in transit is table stakes. Ask about encryption at rest, key management, access controls, and whether vendors publish summaries of external audits. Small teams may not have SOC 2 yet, but they should still explain their roadmap honestly.

If you already shared too much

Many jurisdictions grant deletion or access rights, though enforcement varies. You can also rotate passwords, revoke OAuth tokens, and contact regulators when companies misrepresent practices. None of that replaces medical privacy with a clinician, but it matters for consumer apps.

Reflektion reminder

Treat any mental wellness product as a serious data relationship. Read policies slowly, use unique passwords, and avoid pasting highly identifying material you would regret if leaked.

Minors and shared family devices

Parental controls and shared tablets complicate privacy. Apps should warn when accounts are not private on a device and offer PIN or biometric locks for reopening transcripts.

Cross-border data flows

If your data can be replicated to another country for "latency," you inherit that country's surveillance laws. Ask vendors which regions are in scope and whether you can pin data to a preferred region if offered.

Vendor questionnaires you can paste into email

Ask: (1) Do humans read chats for moderation? (2) Minimum retention period? (3) SOC2 or ISO status? (4) Subprocessor list? (5) Model training opt-in defaults? Reasonable vendors answer plainly or say "not yet, roadmap is X." Evasive answers deserve skepticism.

Couples therapy for data: shared accounts

Partners sometimes share logins. If you separate, rotate credentials and request account splits where products support it. Emotional security and digital security overlap more than people admit.

Incident response: what good vendors say aloud

Ask whether the company has a published process for data breaches, including timelines for user notification and regulatory reporting where required. Silence here suggests immaturity, not stealth strength.

[^who]: WHO: Ethics and governance of artificial intelligence for health.