Privacy Policy

MIND Mobile Application Privacy Policy

 

  1.  Introduction

 

Seattle Children’s Hospital (“Hospital,” “we,” or “us”) respects your and your child’s privacy and is committed to protecting it through our compliance with this Privacy Policy. This Policy describes how we collect, use, and protect information when you download, access, or use the MIND mobile application (the “App”).

 

The App is a research tool used under parental or caregiver supervision to support developmental research through study of eye tracking and gaze preference. The App is not intended to provide clinical services, diagnosis, treatment, or medical advice.

 

This Privacy Policy applies only to information collected through the App and related communications initiated through the App. It does not apply to information collected by other Hospital websites or applications, or by any third parties, including through any third-party content or services that may be linked to or accessible from the App.

 

By using the App, you agree to the terms of this Privacy Policy and our Terms of Use. If you do not agree, you should not access or use the App.

 

The App is available only to users located in the United States and is not marketed to or intended for individuals outside the U.S., including residents of the European Union or European Economic Area.

 

  1. Children’s Privacy

 

The App is designed for use by children under 13, but only under the active supervision of a parent or legal guardian. We comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and other applicable laws.

 

Children are not permitted to create accounts or submit information on their own. A parent or caregiver must initiate account creation, provide verifiable consent, and oversee all use of the App.

 

The App does not collect personal identifiers such as names, email addresses, or full birth dates. Instead, it collects limited demographic and behavioral data (e.g., age in months, sex, gaze coordinates, and facial landmarks).

 

The App temporarily collects and transmits short video recordings of your child’s face to a HIPAA-compliant server operated by a third-party service provider (“Vendor”) for automated analysis. These video recordings are used solely to generate non-identifiable data points (e.g., facial landmarks, gaze coordinates) used in research.

 

The videos are not stored in a retrievable format by the Hospital, are not accessible to the research team, and are automatically deleted from the Vendor’s system following processing. Only the de-identified data derived from these videos is retained for research purposes. Vendors will only use videos as directed by the Hospital research team for the express purpose of their research mission, and will not retain, use, or share the video for any other purpose.

 

We obtain parental consent prior to the collection of any such data. This consent is obtained through the App’s sign-up process.

 

The Hospital is a nonprofit corporation and is not subject to the Children’s Online Privacy Protection Act (COPPA).

 

  1. Information We Collect

 

We collect limited, non-identifiable information from and about users of the App. The App is designed to support research and does not collect personally identifiable information (PII) or protected health information (PHI) as defined by HIPAA. Specifically, we collect the following categories of information:

 

  1. Information Provided by the Parent or Caregiver

 

  • Child’s age in months
  • Child’s sex assigned at birth
  • Racial or ethnic background (optional)
  • Responses to consent forms, research questionnaires, or feedback requests
  • Technical support inquiries or user-initiated contact
  • This information is collected to support research eligibility screening and data analysis.

 

  1. Automatically Collected Information

 

The App uses built-in camera capabilities to analyze and record:

 

  • Eye movements and gaze behavior
  • Facial orientation and positioning
  • Facial videos for automated processing (specifically: the App temporarily transmits short video recordings of the child’s face to a HIPAA-compliant server for automated analysis. The video is processed to extract non-identifiable data (e.g., facial landmarks, gaze coordinates) and is then permanently deleted. The research team does not access, view, or store these videos.)

 

All collected data is used solely for research and quality improvement purposes.

 

Additionally, the App may automatically collect device-related information, such as:

 

  • Device type and operating system version
  • App performance metrics (e.g., crashes, loading times)

 

This data is collected solely to improve App performance and user experience and to inform the research project. It is not used to track users across different websites, apps, or platforms.

 

  1. How We Collect Information

 

We collect information in the following ways:

 

  1. From Parent or Caregiver Input

 

Parents or legal guardians provide limited demographic and consent information when they:

 

  • Register for the App
  • Complete an electronic consent form
  • Respond to optional research questions
  • Contact us for support

 

  1. Through App-Based Data Collection Tools

 

The App presents a series of stimuli (such as images or videos) to the child, during which the front-facing camera captures:

 

  • Facial orientation
  • Eye movement behavior

 

This process generates structured data (e.g., gaze preference, fixation points, attention span) and results in temporary transmission of video files to a secure third-party server for automated analysis. These video files are deleted after processing and are never accessed by the research team. Only the data derived from these inputs is retained.

 

  1. On the User’s Device

 

Prior to being uploaded, data may be temporarily stored on the parent or caregiver’s device. Users control when and whether to upload this data. No background data collection occurs without user action.

 

  1. How We Use Information

 

The information collected through the App is used exclusively for research and application support purposes. Specifically, we use the collected data in the following ways:

 

  • To support approved research studies focused on child development, gaze preference, and related topics.
  • To analyze user interaction and app performance, including evaluating gaze patterns, facial positioning, and attention responses during presented tasks.
  • To maintain and improve the functionality and user experience of the App.
  • To respond to user-initiated support requests, troubleshoot technical issues, and provide help as needed.
  • To comply with legal and ethical research obligations, including those imposed by Institutional Review Boards (IRBs) and federal regulations.
  • To process video data through a HIPAA-compliant vendor platform for automated extraction of non-identifiable gaze and facial data, with no research team access to raw video files.

 

We do not use the information for:

 

  • Clinical diagnosis or treatment decisions
  • Personalized advertising or behavioral marketing
  • Selling or licensing to third parties for commercial purposes

 

The App does not establish a doctor-patient relationship, and nothing within the App should be interpreted as medical advice or treatment.

 

  1. How We Share Information

 

We limit the sharing of information collected through the App to only those purposes that are consistent with our research goals and legal obligations. Specifically:

 

  1. Research Collaborators

 

We may share information collected through the App with:

 

  • Academic research institutions
  • Independent researchers
  • Institutional Review Boards (IRBs)

 

Such data sharing supports research advancement and adheres to ethical and legal research standards. No identifiable personal information is shared.

 

  1. Third-Party Service Providers

 

We may share the information collected through the App with our third-party vendors who provide services necessary to maintain and support the App, including:

 

  • Cloud hosting
  • Technical development and maintenance
  • Analytics and performance monitoring

 

This includes Vendors who provide HIPAA-compliant platforms to perform automated analysis on facial video data. These Vendors do not retain video files after processing and do not share them with the research team.

 

All such vendors are bound by confidentiality and data security agreements and may not use the data for any purpose other than supporting the App.

 

  1. Legal and Compliance Disclosures

 

We may disclose informed collected through the App if required to do so by law, regulation, subpoena, or court order, or to:

 

  • Comply with applicable legal obligations
  • Respond to lawful government or regulatory inquiries
  • Protect the safety, rights, or property of our users or the public

 

We do not:

 

  • Sell or rent any data
  • Share data for advertising or marketing
  • Transfer data outside the United States

 

Only information necessary for the identified research or operational purposes will be shared, and in all cases, we take care to maintain data privacy and security as required by applicable law.

 

  1. Third-Party Services

 

We use certain third-party service providers to support the functionality and security of the App. These providers are carefully selected and contractually bound to protect user data in accordance with applicable privacy laws, including HIPAA.

 

  1. Hosting and Infrastructure

 

The App is hosted on servers located in the United States. All stored data is encrypted at rest and in transit. Hosting providers have no access to user data beyond what is required to operate and secure the platform.

 

  1. App Development and Support

 

We may contract with third parties for technical services and user interface enhancements related to the App. These services are limited to application maintenance and feature development and do not include access to user data beyond what is necessary for troubleshooting and improvements.

 

  1. Analytics and Authentication

 

The App does not use third-party behavioral analytics tools (e.g., Google Analytics). Aggregate app usage data (such as crash reports or loading times) may be collected using internal tools or third-party vendors for quality improvement. User login is handled locally without requiring external authentication services or the use of email or social media credentials. We do not permit any third-party advertising networks, marketing providers, or data brokers to collect or access information through the App. We do not track users across devices or platforms, and no cookies or behavioral profiling technologies are used.

 

  1. Data Retention and Storage

 

We retain research data only as long as necessary to fulfill the scientific and operational purposes for which it was collected. Specifically: we will retain data for a minimum of 10 years; any plan to retain data beyond this time frame will be submitted to the IRB for review along with any applicable waivers of consent should they be required for minors who may reach the age of majority.

 

  1. Data Retention for Research

 

Gaze data, facial landmark coordinates, and non-identifiable demographic data are retained for the duration of active research studies and may be used for secondary analyses or publication. Retention periods are governed by IRB protocols, federal research regulations, and internal research policies.

 

  1. User-Controlled Data on Devices

Data collected by the App may be temporarily stored on the parent/caregiver’s device until it is uploaded to secure servers. Users may delete the App at any time. Deleting the App will remove stored data from the device, but will not delete data already transferred for research use.

 

  1. Facial Video Files

 

Facial video recordings are not retained by the Hospital or the research team. They are temporarily transmitted to a HIPAA-compliant vendor platform for automated analysis and deleted after processing. Only non-identifiable data derived from these videos is retained for research purposes

 

  1. No Identifiable Information Retained

 

No PII or PHI is maintained through the App, there is no mechanism to link research data to individual identities. For this reason, requests to delete or retrieve individual records cannot be honored, as we are unable to associate stored data with any specific user. Data storage and handling procedures comply with industry standards and applicable law.

 

  1. User Accounts and Access

 

To use the App, a parent or caregiver must create an account by selecting a unique user ID. No email address, phone number, or other personally identifying information is required to create an account. All data collected through the App is associated only with the anonymous user ID and cannot be traced back to an individual or household. Users manage their participation and data submission through the App interface. You may withdraw your consent to the collection or use of your child’s personal information at any time by discontinuing use of the App by:

 

  • Deleting the App from the device, which removes any locally stored data.

 

  • Requesting that your account ID be deactivated by contacting us in accordance with Section 14 below.

 

Because the App does not collect or store personal identifiers, we are not able to link submitted research data to a specific individual for modification or deletion after submission.

 

Upon discontinuing use of the App, we will not collect additional data, but previously collected non-identifiable data cannot be associated with you and will not be deleted.

 

  1. Your Rights and Choices

 

The App is designed to protect user privacy by avoiding the collection of PII or PHI. However, users retain the following choices and rights:

 

  • Control Over Use: Users choose whether to participate in research by submitting responses and allowing data uploads. No automatic transmissions occur without user action.

 

  • Account Deactivation: Users may request account deactivation by contacting us.

 

  • Withdraw from Research: If a user chooses to stop participating, they may simply discontinue use of the App. Because the App does not collect or store identifiable personal information, previously submitted data cannot be linked to an individual and therefore cannot be deleted or withdrawn. By participating, users acknowledge and agree that submitted data will be retained for the duration of the research and any future data analysis. Users should not rely on the ability to retract data after submission.

 

  • No Marketing or Sale of Data: The App does not share user data for commercial, advertising, or affiliate marketing purposes.

 

  1. Security of Your Information

 

We take data security seriously and have implemented measures to safeguard the limited, non-identifiable information collected through the App. These include:

 

  • Use of servers located in the United States.
  • Encryption of data in transit and at rest.
  • Restricted access to data by authorized research and technical personnel only.
  • No storage or transmission of video or image data.

 

Users are encouraged to take appropriate precautions on their own devices, such as using secure passwords and maintaining device-level privacy settings. Please note that no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect data, we cannot guarantee absolute security.

 

Facial video recordings are processed using encrypted transmission and stored only temporarily in a secure environment compliant with HIPAA. The videos are deleted after analysis and are not retained or viewed by the Hospital.

 

  1. State-Specific Laws

 

State consumer privacy laws, including the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and Washington’s My Health My Data Act generally do not apply to our data practices because these laws either exempt nonprofit corporations, do not apply to the information collected by the App, or contain other applicable exemptions.

 

  1. Changes to This Privacy Policy

 

We may update this Privacy Policy from time to time to reflect changes in our research activities, legal requirements, or technical infrastructure. If material changes are made, we will notify users by:

 

  • Posting an updated notice within the App, and/or
  • Requiring re-acknowledgment of the revised Policy upon login.

 

The “Last Updated” date at the end of this Policy reflects the most recent changes. Continued use of the App after an update constitutes your acceptance of the revised Policy.

 

If we introduce new features that involve collecting additional types of personal information—such as email addresses or authentication data—we will provide prior notice and, where required by applicable law, obtain your consent before proceeding.

 

  1. Contact Information

 

If you have questions about this Privacy Policy, please contact us:

 

Mailing Address:

 

Seattle Children’s Innovative Technologies Lab

c/o Dr. Frederick Shic

4800 Sand Point Way NE

Seattle, WA 98105

 

Email: MINDapp@seattlechildrens.org

 

Phone: 206-884-1390

 

 

Last Updated: August 11, 2025

4932-5506-6462, v. 2