Security & Trust
Protecting sensitive information is central to how StillMind is designed and operated. We use layered safeguards intended to support confidentiality, appropriate access, and service reliability.
1. How we approach security
We recognize that mental-health workflows involve sensitive context. StillMind is designed with privacy-conscious access boundaries and clear role-based visibility to reduce unnecessary exposure of personal information.
We continuously improve safeguards as the product evolves, including access control, secure transport, operational monitoring, and accountability practices.
Core Principles
- Least necessary access
- Privacy-conscious system design
- Monitoring and accountability
- Ongoing improvement
2. Data handling and protection
In transit
Data moving between user devices and StillMind is protected in transit using modern encrypted transport protocols.
System access
Internal system access is controlled and limited to authorized personnel with a legitimate operational need.
3. Role-based access and visibility
StillMind uses strict Role-Based Access Control (RBAC) to ensure that users only have access to the data necessary for their specific role.
Can only access their own profile, messages, and appointments. Cannot see any counselor notes or institutional stats.
Can see assigned student details and clinical notes. Cannot see data for students not in their caseload without explicit transfer.
High-level visibility into institutional capacity and demand. No access to individual student clinical narratives or messages.
4. Monitoring and reliability
Operational monitoring
We use monitoring and logging practices to support incident detection, service integrity, and accountability.
Service resilience
We work to maintain reliability through infrastructure controls, operational review, and continuous improvement.
Security Infrastructure
Traffic protection and filtering mechanisms are used to help preserve service availability.
Security controls are periodically reviewed and improved as product and infrastructure needs evolve.
5. Responsible disclosure
If you believe you have identified a security issue, please report it to us directly. We review reports promptly and work in good faith to investigate and respond.
Security Concerns?
For security questions or to report a concern, contact our security team.