Trust Center

Your data, your control.

FaceofMind is engineered with privacy-first technical safeguards. Every control on this page is implemented and operational — and we are explicit about what is shipped vs still in progress.

Important disclaimer

FaceofMind is a wellness application, not a healthcare provider, EMR, or crisis service. We do not provide medical diagnosis, clinical treatment, or emergency crisis intervention. Always consult a licensed healthcare professional for medical advice.

Technical controls operational Formal certifications in progress

Privacy-first architecture today. Audit-ready operations on the roadmap.

Standards

Privacy & security alignment

FaceofMind is built to meet international privacy expectations. We claim alignment — never certification — until audits land.

Global

Enterprise-grade security

Industry best practices for sensitive data

  • Industry-standard encryption at rest
  • TLS 1.3 in transit
  • Role-based access controls
  • Comprehensive audit logging
  • Vendor security agreements
  • Data minimization principles
International

Global privacy standards

GDPR & UK GDPR aligned controls

  • Right to access personal data
  • Right to data portability
  • Right to erasure
  • Consent management
  • Data breach notification
  • Privacy by design
Philippines

Local privacy standards

Aligned with the Philippine DPA

  • Data protection guidelines
  • Data subject rights protection
  • Data breach notification
  • Consent-based processing
  • Secure storage & transmission
  • Privacy-by-design principles
Wellness

Wellness platform standards

Digital wellness best practices

  • Clinician collaboration tools
  • Wellness documentation standards
  • User confidentiality protection
  • Crisis resource information
  • Ethical use guidelines
  • Professional boundary maintenance

Security measures

Multi-layered protection for sensitive wellness data

Each layer below is implemented in production and visible in the codebase.

End-to-end encryption

End-to-end encryption in transit and at rest for sensitive data fields.

Role-based access control

Granular permission management gated by service-level roles and audit hooks.

Field-level secure storage

Sensitive PII/PHI fields are encrypted with managed key services.

Infrastructure security

Cloud infrastructure with security best practices, isolated services, and TLS-enforced traffic.

Audit logging

Append-only audit trails on auth, admin, RBAC, and shared access events.

Data minimization

Rolling data windows, privacy toggles, and consent-based collection by default.

For auditors

Security aligned with industry standards

Compact statements suitable for vendor questionnaires and security reviews.

Automatic logoff

Statement

Automatic logoff implemented with risk-based session policy.

Web and mobile clients implement risk-based session timeouts to protect sensitive access.

Audit controls

Statement

Audit controls implemented with persistent logs stored in a database with restricted write permissions and IAM-based access control.

Authentication events and sensitive actions are logged. Access to these logs follows the principle of least privilege.

Data encryption

Statement

Data encryption implemented for sensitive fields including audit-log identifiers.

Sensitive fields are encrypted at rest using managed key services. Access is restricted with strict isolation and security monitoring.

Access controls

Statement

Access controls implemented with role-based permissions and least privilege.

Role-based access control with granular permissions and secure isolation between user types.

Session management

Statement

Session management with token rotation and reuse detection.

Secure session management with token rotation, reuse detection, and active monitoring for potential breaches.

Note: FaceofMind is a wellness application, not a healthcare provider. Our platform implements robust security controls as industry best practice. For deeper technical documentation, see our internal compliance directory.

Crisis support resources

If you are in crisis right now

FaceofMind is not a crisis service or emergency monitoring platform. If you are experiencing thoughts of suicide, self-harm, or are in physical danger, please contact emergency services immediately.

US

National Suicide Prevention Lifeline

988

PH

Philippines Crisis Hotline (USAP)

0917-899-8727

US

Emergency services

911

PH

Emergency services

911 / 112

Your rights

You own your mind. You should own your data.

Exercising any of the rights below is a single email away.

Right to access

Request a copy of your personal data at any time.

Right to deletion

Request deletion of your data, subject to legal requirements.

Right to correction

Request correction of inaccurate information.

Right to portability

Export your data in a portable, machine-readable format.

Right to withdraw consent

Withdraw consent for data processing where applicable.

Right to object

Object to certain types of data processing.

Our data usage commitment

No selling

We never sell your personal or wellness data to third parties.

No targeted ads

We do not use your emotional states to target advertisements.

Minimal collection

We only collect data necessary to provide your wellness insights.

Status

Strong technical foundations. Honest about what is next.

A live snapshot of what is shipped vs what is on the compliance roadmap.

Technical infrastructure

  • Industry-standard encryption at rest and in transit
  • Role-based access control
  • Comprehensive audit logging
  • Data minimization windows
  • Privacy toggles & consent management
  • Field-level encryption
  • Time-limited access controls

Roadmap in progress

  • Privacy agreements & ROPA
  • Formal certifications & SOC 2 Type I
  • Third-party vendor BAAs and DPAs
  • Legal entity registration updates

Status: our platform aligns with high-security technical safeguard principles. Legal documentation and formal certifications are in progress.

Compliance alignment

FaceofMind aligns with international privacy and security frameworks.

Global privacy

Privacy-by-design & data portability

Data protection

Encryption & access control

OWASP

Web security best practices

Exercising your rights

Reach a real human.

To exercise any of your data rights, email us. We respond within 30 days.

support@faceofmind.com

Subject: Data Rights Request

FaceofMind is a digital wellness platform — not a healthcare provider or clinic. For medical advice, diagnosis, or treatment, consult a licensed healthcare professional. For emergencies, call 911 (US) or your local emergency number.

Last updated: May 2026