Warning: *Privacy Not Included with this product
The Mighty calls itself "the world’s largest digital health community." The idea behind The Mighty is to connect people struggling with similar mental and physical health challenges to find support and community. It's like a free social network for people facing similar health challenges and welcomes people of all ages, including teens, into the community. Users are able to join a group to connect with like-minded people, post your thoughts or questions to help find support or encouragement, create a profile, and create a personalized feed of other people's posts and stories. All that sounds good. Unfortunately, The Might's privacy policy doesn't sound so good to us.
What could happen if something goes wrong?
First reviewed April 20, 2022. Review updated, April 25, 2023
Last year we had some pretty significant privacy concerns about The Mighty and the "digital health community" they say they are building through the app. In 2023, we have even more concerns about this mental health app. A couple of things really grind our gears this time around. First, their Google Play Store Data Safety information section claims they don't share data with third parties where they state, "The developer says this app doesn't share user data with other companies or organizations." A read through their privacy policy shows this is simply not true (granted, part of the problem is Google's own rules for this self-declared information). The Mighty shares a lot of data with third parties. In fact, after your intrepid privacy researcher downloaded this app to try it out, he spotted nearly 550 trackers tracking his information immediately. This included trackers from Facebook, Google, Doubleclick, and many more. Ugh.
The Mighty does say they can share lots of your with advertising partners, including identifiers, device data, and online activity data, including any personal sensitive information you might share publicly. All in all, we think users should be very careful using or sharing any personal or sensitive health information with this app. Indeed,this line from The Mighty's own privacy policy is a good rule to follow, "We ask that you not provide us with any sensitive personal information through the Service or otherwise that is unnecessary. If you do not consent to our processing and use of such sensitive personal information, you must not provide it to us." Don't provide these apps with sensitive information!
Oh, one more gripe about The Mighty. They signed our privacy researcher up for their email list without his explicit consent to join that list. That is always a major privacy research pet peeve. Companies, please ask for explicit consent to add people to your email list! This is especially ironic to us, as they never replied to any of the emails we sent to the email listed in their privacy policy for privacy related questions. Bad form, The Mighty. Bad form.
Read our review from 2022:
The Mighty says they can collect a pretty large amount of personal information on you such as name, email. mailing address, gender, location, photographs, interests, and information about your or others’ medical condition that you choose to share and lots of app usage data.They go on to say they may combine the personal information they get from you with personal information they get from other sources such as data licensors, social media platforms like Facebook, and companies they partner with for research. That's a whole lot of information they gather on you from a pretty wide variety of sources. So far, not good.
The Mighty uses all that information for things including interest-based advertising, direct marketing, and research purposes. They may share your personal information with third party advertising partners for marketing and advertising purposes. Again, not good. They also say they can share your information with research partners, business partners, professional advisors, and their corporate affiliates and subsidiaries. Basically. they say they can share your personal information with a whole bunch of people. Not super uncommon, but also not great considering how much information they collect and combine about you, including what you chose to share publicly about your medical conditions. Remember, the more places your information is shared, the more chances there are for your information to leak or be compromised.
Couple this with the fact we couldn't confirm if The Mighty meets our Minimum Security Standards and we're concerned about both the privacy and security of anything you might share on this app. It's great to find a community to support you online through mental health challenges. It'd be nice if the company providing that community did a little more to protect their user's privacy.
Tips to protect yourself
- Opt out from receiving marketing emails! You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by completing the Personal Data Rights Request Form.
- Do not provide data about others (your relationships, family, etc.) without their permission.
- Do not log in using third-party accounts
- Do not connect to any third party via the app, or at least make sure that a third party employs decent privacy practices
- Do not give consent for sharing of personal data for marketing and advertisement.
- Choose a strong password! You may use a password control tool like 1Password, KeePass etc - Do not use social media plug-ins.
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
- Keep your app regularly updated
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
- When starting a sign-up, do not agree to tracking of your data if possible.
Can it snoop on me?
Camera
Device: N/A
App: Yes
Microphone
Device: N/A
App: No
Tracks location
Device: N/A
App: Yes
What can be used to sign up?
Yes
Phone
No
Third-party account
Yes
Facebook, Apple, Google sign-up possible
What data does the company collect?
Personal
Contact data, location, date of birth, gender, ethnicity, biographical details, occupation, country, photograph, your profiles on social networks, interests, and information about your or others’ medical condition that you choose to share. Providing profile data is voluntary and you can update or delete such data at any time.
Body related
Social
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
No known privacy or security incidents discovered in the last 3 years.
Child Privacy Information
Can this product be used offline?
User-friendly privacy information?
Links to privacy information
Does this product meet our Minimum Security Standards?
Encryption
The Mighty says they encrypt data in transit, however, we cannot confirm that the app employs encryption of your data at rest.
Strong password
Instead of password, an email authentication is used.
Security updates
Manages vulnerabilities
Anyone can report vulnerability to [email protected]
Comments
Got a comment? Let us hear it.