MentalPrism Privacy Policy

Effective Date: July 1, 2025

Your privacy is a top priority for us at NeuroPrism AB. This Privacy Policy explains exactly how we collect, use, store, protect, and (very carefully!) share your personal information when you use MentalPrism. We've written this with clarity in mind, especially regarding your rights under the General Data Protection Regulation (GDPR).

1. Who We Are

• Our Tool: MentalPrism

• Our Company: NeuroPrism AB

• Where We're Registered: Åkaregatan 14, 603 60 NORRKÖPING, Sweden

• Contact for Privacy Questions: If you have any questions about this policy or your data, please use the contact form on our website.

2. What Information Do We Collect?

To provide you with MentalPrism's services, we collect a few different types of information:

• Information You Give Us Directly:
  • Account Details: Your name, email, age, and gender.
  • Location: We ask for your general location.
  • Mental Health Condition: Your suspected or diagnosed mental health condition(s)
  • Your Responses: This includes your diagnostic responses, self-reported symptoms, and voice data. Please note: This is sensitive health data, which falls under "special categories of personal data" according to GDPR. We handle this with extra care.

• Information Collected Automatically:
  • Device Information: Details about the device you're using (e.g., type of phone, operating system).
  • IP Address: Your device's unique internet address.

3. How We Collect Your Data

We collect data in two main ways:

• Directly from You: When you input information (like creating an account or answering diagnostic questions).

• Automatically: Through your use of the MentalPrism app or website (like your IP address or device information).

4. Why We Collect Your Data and Our Legal Grounds (GDPR Explained!)

Under GDPR, we need a "legal basis" to process your personal data. Here's why we collect each type of information and our legal reason for doing so:

• To Provide You with Your Mental Health Screening & Monitoring (Our Main Service):
  • What we use: Your name, email, age, gender, location, diagnostic responses, self-reported symptoms, and voice data.
  • Why: To create your personal account, deliver your diagnostic results, and help you track your mental health over time.
  • Our Legal Ground (GDPR): This is necessary for us to perform the contract we have with you (to provide the service you signed up for). For your sensitive health data (responses, symptoms, voice data), we rely on your explicit consent. We will ask you for this consent clearly when you start using our tool.

• To Improve MentalPrism (for everyone!):
  • What we use: Your diagnostic responses, self-reported symptoms, and voice data.
  • Why: After you've received your personal results and the data has served its immediate purpose, we want to make MentalPrism even better for future users. To do this, we'll take your data and anonymize it completely. This means all identifying information (like your name or email) is permanently removed, making it impossible to link the data back to you. This anonymized data then helps us train and improve our AI models and systems.
  • Our Legal Ground (GDPR): For this specific use of your data for AI training (after anonymization), we again rely on your explicit consent. We'll ask for this consent separately and clearly, so you're fully aware and in control.

• For Analytics and Personalization (Improving Your Experience):
  • What we use: Device information, IP address, and how you interact with the app/website.
  • Why: To understand how MentalPrism is being used, identify areas for improvement, and potentially tailor the app experience to your preferences (like remembering your settings).
  • Our Legal Ground (GDPR): Our legitimate interest in improving our services and your experience, where this does not override your fundamental rights. For certain analytics cookies, we rely on your consent (see our Cookie Policy).

5. How We Store and Protect Your Data

• Where Your Data Lives: Your data is stored securely on cloud servers located within the European Union (EU). We don't transfer your data internationally outside of the EU.

• Our Security Measures: We take data security very seriously! We implement industry-standard technical and organizational security measures to protect your data. This includes:
  • Encryption: Your data is encrypted both when it's moving between your device and our servers, and when it's stored.
  • Access Controls: Only authorized personnel have access to your data, and only when necessary for their job roles.
  • Regular Security Audits: We regularly check our systems for vulnerabilities and make improvements to keep your data safe.

6. Anonymization and Data Retention

• Anonymization: After your personal diagnostic results have been delivered and the data has served its primary purpose of providing our service to you, we will anonymize your user data. This is a robust process designed to irreversibly prevent anyone from linking the data back to you. Once truly anonymized, this data is no longer considered "personal data" under GDPR and helps us improve our AI models forever.

• How Long We Keep Your Data:
  • Anonymized Data: Once your data is anonymized, it will be stored indefinitely for ongoing AI model training and research.
  • Identifiable Data: If you decide to delete your account, we will remove your identifiable user data from our active systems within 30 days, unless we have a legal obligation to retain it for a longer period.

7. Sharing Your Data with Others

• No Sharing with Third Parties (for marketing/analytics): We do not share your personal, identifiable data with any third parties for marketing, analytics, or research purposes. We don't deal with external data processors that would require Data Processing Agreements (DPAs) for your personal data. Your data stays with us.

8. Your Rights Under GDPR (Your Data, Your Control!)

The GDPR gives you powerful rights over your personal data. We're committed to helping you exercise these rights:

• Right to Be Informed: You have the right to know how your data is collected and used (which is what this policy is all about!).

• Right of Access: You can ask us for a copy of the personal data we hold about you.

• Right to Rectification: If you believe any of the personal data we hold about you is inaccurate or incomplete, you have the right to ask us to correct it.

• Right to Erasure ("Right to Be Forgotten"): You can ask us to delete your personal data under certain circumstances (e.g., if you withdraw your consent and we have no other legal reason to keep it).

• Right to Restriction of Processing: You can ask us to limit how we use your data in specific situations (e.g., if you're disputing its accuracy).

• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transfer that data to another service provider.

• Right to Object: You can object to us processing your personal data in certain circumstances (e.g., if we process it based on our legitimate interest).

• Rights in Relation to Automated Decision-Making and Profiling: You have the right not to be subject to a decision based solely on automated processing (including profiling) that significantly affects you.

How to Exercise Your Rights: To exercise any of these rights, please contact us using the contact form on our website. We will respond to your request within 30 days, as required by GDPR.

9. Children's Privacy

MentalPrism is not intended for children under 16. If we become aware that we have collected personal data from a child under 16 without appropriate parental consent, we will take steps to delete that information promptly.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make significant changes, we'll notify you when you log in to the service next time. The most current version will always be available on our website.