The Mighty

Advertencia: *Privacidad no incluida con este producto

The Mighty

Fecha de la reseña: 25 de abril de 2022

|
|

Mozilla dice

|
La gente votó: Sumamente siniestro

The Mighty calls itself "the world’s largest digital health community." The idea behind The Mighty is to connect people struggling with similar mental and physical health challenges to find support and community. It's like a free social network for people facing similar health challenges and welcomes people of all ages, including teens, into the community. Users are able to join a group to connect with like-minded people, post your thoughts or questions to help find support or encouragement, create a profile, and create a personalized feed of other people's posts and stories. All that sounds good. Unfortunately, The Might's privacy policy doesn't sound so good to us.

¿Qué podría pasar si algo falla?

First reviewed April 20, 2022. Review updated, April 25, 2023

Last year we had some pretty significant privacy concerns about The Mighty and the "digital health community" they say they are building through the app. In 2023, we have even more concerns about this mental health app. A couple of things really grind our gears this time around. First, their Google Play Store Data Safety information section claims they don't share data with third parties where they state, "The developer says this app doesn't share user data with other companies or organizations." A read through their privacy policy shows this is simply not true (granted, part of the problem is Google's own rules for this self-declared information). The Mighty shares a lot of data with third parties. In fact, after your intrepid privacy researcher downloaded this app to try it out, he spotted nearly 550 trackers tracking his information immediately. This included trackers from Facebook, Google, Doubleclick, and many more. Ugh.

The Mighty does say they can share lots of your with advertising partners, including identifiers, device data, and online activity data, including any personal sensitive information you might share publicly. All in all, we think users should be very careful using or sharing any personal or sensitive health information with this app. Indeed,this line from The Mighty's own privacy policy is a good rule to follow, "We ask that you not provide us with any sensitive personal information through the Service or otherwise that is unnecessary. If you do not consent to our processing and use of such sensitive personal information, you must not provide it to us." Don't provide these apps with sensitive information!

Oh, one more gripe about The Mighty. They signed our privacy researcher up for their email list without his explicit consent to join that list. That is always a major privacy research pet peeve. Companies, please ask for explicit consent to add people to your email list! This is especially ironic to us, as they never replied to any of the emails we sent to the email listed in their privacy policy for privacy related questions. Bad form, The Mighty. Bad form.

Read our review from 2022:

The Mighty says they can collect a pretty large amount of personal information on you such as name, email. mailing address, gender, location, photographs, interests, and information about your or others’ medical condition that you choose to share and lots of app usage data.They go on to say they may combine the personal information they get from you with personal information they get from other sources such as data licensors, social media platforms like Facebook, and companies they partner with for research. That's a whole lot of information they gather on you from a pretty wide variety of sources. So far, not good.

The Mighty uses all that information for things including interest-based advertising, direct marketing, and research purposes. They may share your personal information with third party advertising partners for marketing and advertising purposes. Again, not good. They also say they can share your information with research partners, business partners, professional advisors, and their corporate affiliates and subsidiaries. Basically. they say they can share your personal information with a whole bunch of people. Not super uncommon, but also not great considering how much information they collect and combine about you, including what you chose to share publicly about your medical conditions. Remember, the more places your information is shared, the more chances there are for your information to leak or be compromised.

Couple this with the fact we couldn't confirm if The Mighty meets our Minimum Security Standards and we're concerned about both the privacy and security of anything you might share on this app. It's great to find a community to support you online through mental health challenges. It'd be nice if the company providing that community did a little more to protect their user's privacy.

Consejos para protegerte

  • Opt out from receiving marketing emails! You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by completing the Personal Data Rights Request Form.
  • Do not provide data about others (your relationships, family, etc.) without their permission.
  • Do not log in using third-party accounts
  • Do not connect to any third party via the app, or at least make sure that a third party employs decent privacy practices
  • Do not give consent for sharing of personal data for marketing and advertisement.
  • Choose a strong password! You may use a password control tool like 1Password, KeePass etc - Do not use social media plug-ins.
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
  • Keep your app regularly updated
  • Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
  • Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
  • When starting a sign-up, do not agree to tracking of your data if possible.
  • mobile

¿Me puede espiar? Información

Cámara

Dispositivo: No aplica

Aplicación:

Micrófono

Dispositivo: No aplica

Aplicación: No

Rastrea la ubicación

Dispositivo: No aplica

Aplicación:

¿Qué se puede usar para registrarse?

Facebook, Apple, Google sign-up possible

¿Qué datos recopila la empresa?

¿Cómo utiliza la empresa estos datos?

We ding this product as it may share personal data with third parties for advertisement purposes, including interest-based advertisement. And also for combining personal data with data obtained from other sources.

"We and our third party advertising partners may collect and use your personal information for marketing and advertising purposes:

- Direct marketing. We may send you The Mighty-related or other direct marketing communications as permitted by law, including by email. You may opt-out of our marketing communications as described in the Opt-out of marketing communications section below. - Interest-based advertising. We may contract with third-party advertising partners to display ads on our Service and other online services. These partners may use cookies and other technologies to collect information about you (including the device data and online activity data described above) over time across our Service and other online services, as well as your interaction with our emails. They use that data and other information they collect to try to help advertisers reach their desired audience on the Service and/or tailor the ads you see on the Service and other online services to your interests. You can learn more about your choices for limiting interest-based advertising, in the Your choices section of the Cookie Notice."

"We may combine personal information we receive from you with personal information we obtain from other sources. The sources may include:

- Data providers, such as information services and data licensors.

- Public sources, such as social media platforms.

- Research partners, such as universities, companies and other organizations with whom we partner on research initiatives."

¿Cómo puedes controlar el uso de tus datos?

We ding this product since it is unclear if all users regardless of location can get their data be deleted.

"We retain personal information where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested; to comply with applicable legal, tax or accounting requirements; to establish or defend legal claims; or for fraud prevention). Whether the retention period is sufficient to fulfill such purposes is the primary criteria for determining the duration of the retention period. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will store your personal information and isolate it from any further processing until deletion is possible."

"You can choose to delete certain content through your account. If you wish to request to close your account, please contact us, or you can initiate account deletion on the mobile app version of the Service from the user preferences screen."

"European data protection laws give you certain rights regarding your personal information. If you are located within the United Kingdom or European Economic Area, you may ask us to take the following actions in relation to your personal information that we hold:

Access. Provide you with information about our processing of your personal information and give you access to your personal information.

Correct. Update or correct inaccuracies in your personal information.

Delete. Delete your personal information.

Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.

Restrict. Restrict the processing of your personal information.

Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights."

¿Qué historial tiene la compañía en cuanto a la protección de los datos de los usuarios?

Promedio

No known privacy or security incidents discovered in the last 3 years.

Información sobre privacidad infantil

The Service is not intended for use by children under 16 years of age. If we learn that we have collected personal information through the Service from a child under 16 without the consent of the child’s parent or guardian as required by law, we will delete it.

¿El producto se puede usar sin conexión?

¿La información de privacidad es fácil de entender?

No

Enlaces a información de privacidad

¿El producto cumple nuestros estándares mínimos de seguridad? Información

No

Cifrado

No se puede determinar

The Mighty says they encrypt data in transit, however, we cannot confirm that the app employs encryption of your data at rest.

Contraseña fuerte

No aplica

Instead of password, an email authentication is used.

Actualizaciones de seguridad

Gestiona las vulnerabilidades

Anyone can report vulnerability to [email protected]

Política de privacidad

¿El producto usa IA? Información

No se puede determinar

¿Es poco confiable esta IA?

No se puede determinar

¿Qué tipo de decisiones toma la IA acerca de ti o por ti?

¿La empresa es transparente acerca del funcionamiento de la IA?

No se puede determinar

¿Tiene el usuario control sobre las características de la IA?

No se puede determinar

*Privacidad no incluida

Profundiza más

  • Mental health apps have terrible privacy protections, report finds
    The Verge El enlace se abrirá en una nueva pestaña
  • 'Creepy' Mental Health And Prayer Apps Are Sharing Your Personal Data
    Forbes El enlace se abrirá en una nueva pestaña

Comentarios

¿Tienes algún comentario? Queremos escucharte.