Advertencia: *Privacidad no incluida con este producto
The Mighty
The Mighty calls itself "the world’s largest digital health community." The idea behind The Mighty is to connect people struggling with similar mental and physical health challenges to find support and community. It's like a free social network for people facing similar health challenges and welcomes people of all ages, including teens, into the community. Users are able to join a group to connect with like-minded people, post your thoughts or questions to help find support or encouragement, create a profile, and create a personalized feed of other people's posts and stories. All that sounds good. Unfortunately, The Might's privacy policy doesn't sound so good to us.
¿Qué podría pasar si algo falla?
First reviewed April 20, 2022. Review updated, April 25, 2023
Last year we had some pretty significant privacy concerns about The Mighty and the "digital health community" they say they are building through the app. In 2023, we have even more concerns about this mental health app. A couple of things really grind our gears this time around. First, their Google Play Store Data Safety information section claims they don't share data with third parties where they state, "The developer says this app doesn't share user data with other companies or organizations." A read through their privacy policy shows this is simply not true (granted, part of the problem is Google's own rules for this self-declared information). The Mighty shares a lot of data with third parties. In fact, after your intrepid privacy researcher downloaded this app to try it out, he spotted nearly 550 trackers tracking his information immediately. This included trackers from Facebook, Google, Doubleclick, and many more. Ugh.
The Mighty does say they can share lots of your with advertising partners, including identifiers, device data, and online activity data, including any personal sensitive information you might share publicly. All in all, we think users should be very careful using or sharing any personal or sensitive health information with this app. Indeed,this line from The Mighty's own privacy policy is a good rule to follow, "We ask that you not provide us with any sensitive personal information through the Service or otherwise that is unnecessary. If you do not consent to our processing and use of such sensitive personal information, you must not provide it to us." Don't provide these apps with sensitive information!
Oh, one more gripe about The Mighty. They signed our privacy researcher up for their email list without his explicit consent to join that list. That is always a major privacy research pet peeve. Companies, please ask for explicit consent to add people to your email list! This is especially ironic to us, as they never replied to any of the emails we sent to the email listed in their privacy policy for privacy related questions. Bad form, The Mighty. Bad form.
Read our review from 2022:
The Mighty says they can collect a pretty large amount of personal information on you such as name, email. mailing address, gender, location, photographs, interests, and information about your or others’ medical condition that you choose to share and lots of app usage data.They go on to say they may combine the personal information they get from you with personal information they get from other sources such as data licensors, social media platforms like Facebook, and companies they partner with for research. That's a whole lot of information they gather on you from a pretty wide variety of sources. So far, not good.
The Mighty uses all that information for things including interest-based advertising, direct marketing, and research purposes. They may share your personal information with third party advertising partners for marketing and advertising purposes. Again, not good. They also say they can share your information with research partners, business partners, professional advisors, and their corporate affiliates and subsidiaries. Basically. they say they can share your personal information with a whole bunch of people. Not super uncommon, but also not great considering how much information they collect and combine about you, including what you chose to share publicly about your medical conditions. Remember, the more places your information is shared, the more chances there are for your information to leak or be compromised.
Couple this with the fact we couldn't confirm if The Mighty meets our Minimum Security Standards and we're concerned about both the privacy and security of anything you might share on this app. It's great to find a community to support you online through mental health challenges. It'd be nice if the company providing that community did a little more to protect their user's privacy.
Consejos para protegerte
- Opt out from receiving marketing emails! You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by completing the Personal Data Rights Request Form.
- Do not provide data about others (your relationships, family, etc.) without their permission.
- Do not log in using third-party accounts
- Do not connect to any third party via the app, or at least make sure that a third party employs decent privacy practices
- Do not give consent for sharing of personal data for marketing and advertisement.
- Choose a strong password! You may use a password control tool like 1Password, KeePass etc - Do not use social media plug-ins.
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
- Keep your app regularly updated
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
- When starting a sign-up, do not agree to tracking of your data if possible.
¿Me puede espiar?
Cámara
Dispositivo: No aplica
Aplicación: Sí
Micrófono
Dispositivo: No aplica
Aplicación: No
Rastrea la ubicación
Dispositivo: No aplica
Aplicación: Sí
¿Qué se puede usar para registrarse?
Correo electrónico
Sí
Teléfono
No
Cuenta de terceros
Sí
Facebook, Apple, Google sign-up possible
¿Qué datos recopila la empresa?
Información personal
Contact data, location, date of birth, gender, ethnicity, biographical details, occupation, country, photograph, your profiles on social networks, interests, and information about your or others’ medical condition that you choose to share. Providing profile data is voluntary and you can update or delete such data at any time.
Información biométrica
Información social
¿Cómo utiliza la empresa estos datos?
¿Cómo puedes controlar el uso de tus datos?
¿Qué historial tiene la compañía en cuanto a la protección de los datos de los usuarios?
No known privacy or security incidents discovered in the last 3 years.
Información sobre privacidad infantil
¿El producto se puede usar sin conexión?
¿La información de privacidad es fácil de entender?
Enlaces a información de privacidad
¿El producto cumple nuestros estándares mínimos de seguridad?
Cifrado
The Mighty says they encrypt data in transit, however, we cannot confirm that the app employs encryption of your data at rest.
Contraseña fuerte
Instead of password, an email authentication is used.
Actualizaciones de seguridad
Gestiona las vulnerabilidades
Anyone can report vulnerability to [email protected]
Comentarios
¿Tienes algún comentario? Queremos escucharte.