mental health therapy apps

Mental Health Therapy Apps vs Privacy Hidden Cost?

— 6 min read
Mental health apps are collecting more than emotional conversations — Photo by Yan Krukau on Pexels
Photo by Yan Krukau on Pexels

Yes, mental health therapy apps can boost wellbeing, but they also harvest a lot of personal data that may not be obvious. In Australia, the trade-off between convenience and privacy is becoming a hot topic as more people turn to digital therapy.

Medical Disclaimer: This article is for informational purposes only and does not constitute medical advice. Always consult a qualified healthcare professional before making health decisions.

A subtle pop-up tells you it’s feeling good - what if it’s also charting your sleep, GPS, and reading habits?

Key Takeaways

  • Most apps collect location and biometric data.
  • Privacy policies are often vague and hard to audit.
  • Evidence shows digital therapy can improve student mental health.
  • Australia lacks a unified regulator for app data usage.
  • Turn off unnecessary permissions to limit exposure.

When I started covering digital health for the ABC, I was struck by how quickly a simple meditation app could ask for permission to read your contacts, location and even step count. The promise is appealing - a pop-up saying you’re feeling good - but the hidden cost is a treasure-trove of behavioural and biometric data that can be sold or mis-used.

In my experience around the country, university students in Sydney and Melbourne are among the most avid users of mental health apps. A 2023 study reported that digital therapy apps improved student mental health outcomes by an average of 12 percent compared with a control group (Newswise). Another Australian-focused report echoed the finding, noting a 10-percent reduction in self-reported anxiety scores among college students who used a structured app programme (News-Medical). Those numbers are encouraging, but they sit alongside a privacy landscape that still feels like the Wild West.

What data are these apps really collecting?

Below is a rundown of the most common data types that mental health apps request. I’ve grouped them into four buckets that help you see the big picture.

  1. Behavioural data - app usage patterns, mood logs, chat transcripts, and journalling entries.
  2. Biometric data - heart-rate, sleep stages, step count, and skin-conductance when linked to wearables.
  3. Location data - GPS coordinates, IP address, and sometimes even Wi-Fi SSID to infer your home or work environment.
  4. Personal identifiers - name, email, date of birth, and occasionally contacts or calendar events.
  5. Device information - operating system version, device model, and unique advertising IDs.
  6. Third-party data - information purchased from data brokers to enrich user profiles.
  7. Content data - audio recordings, video calls, or typed messages you share with a virtual therapist.

All of these feed into what the industry calls "mental health app data usage". The problem is that most privacy policies list these items in dense legalese, making it hard for the average user to understand what’s actually being stored.

How do the major Australian-available apps compare?

AppData CollectedPrivacy Rating (A-F)Cost (AU$)
MindSpotBehavioural logs, email, optional GPSAFree
HeadspaceBehavioural logs, device ID, optional sleep dataC69/year
BetterHelpAll of the above plus contacts and calendarD78/month
CalmBehavioural logs, optional heart-rate via Apple WatchB55/year
WoebotChat transcripts, device ID, optional GPSCFree with premium

The ratings are my own synthesis based on publicly available privacy statements, third-party audits and the extent of data minimisation. "A" means the app limits collection to the bare minimum needed for therapy; "F" would indicate aggressive data harvesting and sharing.

Why the privacy gap matters

The ACCC flagged a surge in complaints about health-tech data in its 2022 annual report, noting that 42 percent of respondents felt uncomfortable with how much information apps were asking for. That sentiment aligns with the World Health Organisation’s warning that the mental health fallout from the pandemic increased by more than 25 percent in the first year (WHO). When people already feel vulnerable, handing over intimate data can feel like a betrayal.

Beyond the emotional impact, there are concrete risks:

  • Targeted advertising - your mood logs could be sold to marketers.
  • Insurance discrimination - insurers might request app data during underwriting.
  • Data breaches - a 2021 breach of a popular wellness platform exposed thousands of user journals.
  • Algorithmic bias - AI-driven chatbots may reinforce negative thought patterns if trained on poor data.
  • Government surveillance - under certain circumstances, law enforcement can subpoena health-app data.

What the research says about effectiveness

Despite the privacy concerns, the evidence base for digital therapy is growing. The Newswise article I referenced earlier described a randomised trial of a CBT-based app used by 1,200 university students. Participants who engaged with the app for eight weeks reported a 12 percent reduction in depressive symptoms compared with a control group that received standard campus counselling.

Another study highlighted by News-Medical focused on college students across four Australian universities. The researchers measured anxiety using the GAD-7 scale and found a 10-percent drop after a 6-week digital programme that combined mood tracking, guided meditation and peer support forums.

Both studies underscore that when the content is evidence-based and the user sticks with it, mental health apps can be a valuable adjunct to face-to-face therapy. The key qualifier is “when the user sticks with it” - drop-out rates are high, often exceeding 50 percent after the first month.

Practical steps to protect your privacy while using a therapy app

Here’s a checklist I hand out to readers who ask how to stay safe:

  • Read the privacy policy - look for sections on data sharing and retention.
  • Limit permissions - disable GPS, camera and microphone unless the feature is essential.
  • Use a secondary email - create a dedicated address for app sign-ups.
  • Turn off data sharing - many apps have toggles for “share data for research”.
  • Check for encryption - end-to-end encryption is a must for chat-based therapy.
  • Read reviews - user feedback often highlights hidden data-collection practices.
  • Prefer local providers - Australian-based apps are subject to the Privacy Act 1988.
  • Use a VPN - masks your IP address when accessing the service.
  • Delete your account - request data erasure if you stop using the app.
  • Monitor your credit - watch for unusual activity that could stem from data leaks.

Implementing even a few of these measures can dramatically reduce the amount of personal data that ends up in the hands of third parties.

Future outlook - will regulation catch up?

The Australian government is drafting a Digital Health Framework that aims to tighten standards around data collection, but progress has been slow. In the meantime, the ACCC has warned that any app that claims to be a “health service” must comply with the Therapeutic Goods Administration’s rules, yet many mental-wellbeing platforms slip through because they label themselves as “wellness” rather than “medical”.

Internationally, the EU’s GDPR has forced many global apps to adopt stricter consent mechanisms. Some Australian users have noticed that after the GDPR rollout, certain apps now present a clearer opt-in dialog for location tracking. That’s a small win, but without a national equivalent we remain dependent on patchwork compliance.

What I’m hearing from developers is a desire for clearer guidance. “We want to help people, but the regulatory landscape is a maze,” said a product manager at a Sydney start-up during a panel I moderated in 2023. The hope is that a unified Australian privacy standard for health-tech will emerge in the next two years.

Bottom line

Digital therapy apps can be a fair dinkum tool for managing stress, anxiety and mild depression, especially when face-to-face services are hard to access. However, the hidden cost is a stream of behavioural, biometric and location data that can be repurposed in ways you might not expect. By being selective about which apps you download, tightening permissions, and staying informed about privacy rights, you can reap the mental-health benefits without handing over your life story for free.

Frequently Asked Questions

Q: Are mental health therapy apps safe for teenagers?

A: They can be safe if the app follows evidence-based protocols, encrypts data and offers parental controls. Look for apps that have been reviewed by a qualified psychologist and avoid those that request unnecessary personal data.

Q: What privacy rights do I have under Australian law?

A: Under the Privacy Act 1988 you can request access to, correct, or delete personal information held by an app. If an app is classified as a health service, it must also meet the Australian Digital Health Agency’s standards.

Q: Do these apps really work?

A: Research shows modest improvements in mood and anxiety for users who engage consistently. A 2023 trial reported a 12 percent reduction in depressive symptoms among university students using a CBT-based app (Newswise).

Q: How can I limit data collection?

A: Turn off GPS, microphone and camera permissions unless the feature requires them, use a secondary email, and regularly delete your account and data if you stop using the service.

Q: Will there be stricter regulation soon?

A: The Australian government is working on a Digital Health Framework, but a definitive privacy law for mental-health apps is still in draft form. Expect changes over the next couple of years.

Read more