The Mighty

Warning: *Privacy Not Included with this product

The Mighty

Review date: April 25, 2022

|
|

Mozilla says

|
People voted: Very creepy

The Mighty calls itself "the world’s largest digital health community." The idea behind The Mighty is to connect people struggling with similar mental and physical health challenges to find support and community. It's like a free social network for people facing similar health challenges and welcomes people of all ages, including teens, into the community. Users are able to join a group to connect with like-minded people, post your thoughts or questions to help find support or encouragement, create a profile, and create a personalized feed of other people's posts and stories. All that sounds good. Unfortunately, The Might's privacy policy doesn't sound so good to us.

What could happen if something goes wrong?

First reviewed April 20, 2022. Review updated, April 25, 2023

Last year we had some pretty significant privacy concerns about The Mighty and the "digital health community" they say they are building through the app. In 2023, we have even more concerns about this mental health app. A couple of things really grind our gears this time around. First, their Google Play Store Data Safety information section claims they don't share data with third parties where they state, "The developer says this app doesn't share user data with other companies or organizations." A read through their privacy policy shows this is simply not true (granted, part of the problem is Google's own rules for this self-declared information). The Mighty shares a lot of data with third parties. In fact, after your intrepid privacy researcher downloaded this app to try it out, he spotted nearly 550 trackers tracking his information immediately. This included trackers from Facebook, Google, Doubleclick, and many more. Ugh.

The Mighty does say they can share lots of your with advertising partners, including identifiers, device data, and online activity data, including any personal sensitive information you might share publicly. All in all, we think users should be very careful using or sharing any personal or sensitive health information with this app. Indeed,this line from The Mighty's own privacy policy is a good rule to follow, "We ask that you not provide us with any sensitive personal information through the Service or otherwise that is unnecessary. If you do not consent to our processing and use of such sensitive personal information, you must not provide it to us." Don't provide these apps with sensitive information!

Oh, one more gripe about The Mighty. They signed our privacy researcher up for their email list without his explicit consent to join that list. That is always a major privacy research pet peeve. Companies, please ask for explicit consent to add people to your email list! This is especially ironic to us, as they never replied to any of the emails we sent to the email listed in their privacy policy for privacy related questions. Bad form, The Mighty. Bad form.

Read our review from 2022:

The Mighty says they can collect a pretty large amount of personal information on you such as name, email. mailing address, gender, location, photographs, interests, and information about your or others’ medical condition that you choose to share and lots of app usage data.They go on to say they may combine the personal information they get from you with personal information they get from other sources such as data licensors, social media platforms like Facebook, and companies they partner with for research. That's a whole lot of information they gather on you from a pretty wide variety of sources. So far, not good.

The Mighty uses all that information for things including interest-based advertising, direct marketing, and research purposes. They may share your personal information with third party advertising partners for marketing and advertising purposes. Again, not good. They also say they can share your information with research partners, business partners, professional advisors, and their corporate affiliates and subsidiaries. Basically. they say they can share your personal information with a whole bunch of people. Not super uncommon, but also not great considering how much information they collect and combine about you, including what you chose to share publicly about your medical conditions. Remember, the more places your information is shared, the more chances there are for your information to leak or be compromised.

Couple this with the fact we couldn't confirm if The Mighty meets our Minimum Security Standards and we're concerned about both the privacy and security of anything you might share on this app. It's great to find a community to support you online through mental health challenges. It'd be nice if the company providing that community did a little more to protect their user's privacy.

Tips to protect yourself

  • Opt out from receiving marketing emails! You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by completing the Personal Data Rights Request Form.
  • Do not provide data about others (your relationships, family, etc.) without their permission.
  • Do not log in using third-party accounts
  • Do not connect to any third party via the app, or at least make sure that a third party employs decent privacy practices
  • Do not give consent for sharing of personal data for marketing and advertisement.
  • Choose a strong password! You may use a password control tool like 1Password, KeePass etc - Do not use social media plug-ins.
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
  • Keep your app regularly updated
  • Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
  • Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
  • When starting a sign-up, do not agree to tracking of your data if possible.
  • mobile

Can it snoop on me? information

Camera

Device: N/A

App: Yes

Microphone

Device: N/A

App: No

Tracks location

Device: N/A

App: Yes

What can be used to sign up?

Facebook, Apple, Google sign-up possible

What data does the company collect?

How does the company use this data?

We ding this product as it may share personal data with third parties for advertisement purposes, including interest-based advertisement. And also for combining personal data with data obtained from other sources.

"We and our third party advertising partners may collect and use your personal information for marketing and advertising purposes:

- Direct marketing. We may send you The Mighty-related or other direct marketing communications as permitted by law, including by email. You may opt-out of our marketing communications as described in the Opt-out of marketing communications section below. - Interest-based advertising. We may contract with third-party advertising partners to display ads on our Service and other online services. These partners may use cookies and other technologies to collect information about you (including the device data and online activity data described above) over time across our Service and other online services, as well as your interaction with our emails. They use that data and other information they collect to try to help advertisers reach their desired audience on the Service and/or tailor the ads you see on the Service and other online services to your interests. You can learn more about your choices for limiting interest-based advertising, in the Your choices section of the Cookie Notice."

"We may combine personal information we receive from you with personal information we obtain from other sources. The sources may include:

- Data providers, such as information services and data licensors.

- Public sources, such as social media platforms.

- Research partners, such as universities, companies and other organizations with whom we partner on research initiatives."

How can you control your data?

We ding this product since it is unclear if all users regardless of location can get their data be deleted.

"We retain personal information where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested; to comply with applicable legal, tax or accounting requirements; to establish or defend legal claims; or for fraud prevention). Whether the retention period is sufficient to fulfill such purposes is the primary criteria for determining the duration of the retention period. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will store your personal information and isolate it from any further processing until deletion is possible."

"You can choose to delete certain content through your account. If you wish to request to close your account, please contact us, or you can initiate account deletion on the mobile app version of the Service from the user preferences screen."

"European data protection laws give you certain rights regarding your personal information. If you are located within the United Kingdom or European Economic Area, you may ask us to take the following actions in relation to your personal information that we hold:

Access. Provide you with information about our processing of your personal information and give you access to your personal information.

Correct. Update or correct inaccuracies in your personal information.

Delete. Delete your personal information.

Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.

Restrict. Restrict the processing of your personal information.

Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights."

What is the company’s known track record of protecting users’ data?

Average

No known privacy or security incidents discovered in the last 3 years.

Child Privacy Information

The Service is not intended for use by children under 16 years of age. If we learn that we have collected personal information through the Service from a child under 16 without the consent of the child’s parent or guardian as required by law, we will delete it.

Can this product be used offline?

Yes

User-friendly privacy information?

No

Links to privacy information

Does this product meet our Minimum Security Standards? information

No

Encryption

Can’t Determine

The Mighty says they encrypt data in transit, however, we cannot confirm that the app employs encryption of your data at rest.

Strong password

N/A

Instead of password, an email authentication is used.

Security updates

Yes

Manages vulnerabilities

Yes

Anyone can report vulnerability to [email protected]

Privacy policy

Yes

Does the product use AI? information

Can’t Determine

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

Is the company transparent about how the AI works?

Can’t Determine

Does the user have control over the AI features?

Can’t Determine

*Privacy Not Included

Dive Deeper

  • Mental health apps have terrible privacy protections, report finds
    The Verge Link opens in a new tab
  • 'Creepy' Mental Health And Prayer Apps Are Sharing Your Personal Data
    Forbes Link opens in a new tab

Comments

Got a comment? Let us hear it.