Privacy Policy

Effective date: January 1, 2023. View previous version here.

This Privacy Policy describes how Mighty Proud Media, Inc. and our subsidiaries and affiliates (collectively "The Mighty," "we", “us” or "our") handle personal information that we collect though our websites, mobile apps and other digital properties that link to this Privacy Policy (collectively, the “Service”), through social media, in connection with our marketing activities, and through other activities described in this Privacy Policy.

See the “State Law Privacy Rights” section below for important information about your personal information rights under applicable state privacy laws.

See the “Information regarding the European Economic Area and United Kingdom” section below for important information about your personal information rights under applicable law in the United Kingdom and European Economic Area.

Personal information we collect

Information you provide to us. Personal information you may provide to us through the Service or otherwise, includes:

  • Account data, such as your email and username that you set to establish an account on the Service, the groups you join, the topics you follow, and your account preferences.
  • Contact data, such as your first and last name, email, phone number, and mailing address you choose to provide.
  • Profile data that you choose to include in your profile. This information may include your date of birth, gender, pronouns, biographical details, occupation, country, photograph, profiles on social networks, interests, and information about your or others’ health situation and medical condition that you choose to share. Providing profile data is voluntary and you can update or delete such data at any time.
  • Content that you submit to us, such as Stories, Mighty Posts, Mighty Polls, and any other content that you upload or post to the Service, including text, photos, videos, posts, comments, direct messages, attachments and any associated metadata.
  • Communications that we exchange, including when you communicate with us via the Services chat features described here, or contact us with questions, feedback, or otherwise. 
  • Research data that you provide when you agree to participate in our surveys, polls, and other research activities, including your survey responses, your demographic information and your educational, medical or financial background information.
  • Marketing preference data, such as your preferences for receiving our marketing and other communications.
  • Other information that we may collect which is not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

Third party sources. We may combine personal information we receive from you with personal information we obtain from other sources. The sources may include:

  • Data providers, such as information services and data licensors.
  • Public sources, such as social media platforms.
  • Research partners, such as universities, companies and other organizations with whom we partner on research initiatives.

Automatic data collection.  We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and your activity over time on our sites and other sites and online services, such as:

  • Device data, such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., WiFi, LTE, 3G), and general location information such as city, state or geographic area.
  • Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Service, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access.
  • General location, such as country, state, and city, which is derived from your IP address. Your country is shown publicly on your account by default to help you connect with other members in your country (you can choose to make your location private in your account settings).

Cookies. Some of our automatic data collection is facilitated by cookies and similar technologies.  For more information, see our Cookie Notice.

Chat technologies. We use third party services, such as those provided by Intercom, that employ cookies and software code to operate chat features that you can use to communicate with us through the Service. Intercom and other third parties may access and use information about webpages visited on our website, your IP address, your general location (e.g., country, state, city), and other personal information you share through online chats for the purposes described in this Privacy Policy.

How we use your personal information

We use your personal information for the following purposes or as otherwise described at the time we collect it:

Service delivery.  We use your personal information to:

  • provide, operate and improve the Service and our business;
  • establish and maintain your user profile on the Service;
  • enable security features of the Service, such as by sending you security codes via email, and remembering devices from which you have previously logged in;
  • communicate with you about the Service, including by sending announcements, updates, security alerts, and support and administrative messages;
  • understand your needs and interests, and personalize your experience with the Service and our communications (for example, presenting relevant articles and content based on your condition information or gender); and
  • provide support for the Service, and respond to your requests, questions and feedback.

Research and development.  We may use your personal information to offer opportunities to participate in research surveys and other activities, conduct research and development, and develop user profiles and segmentation to provide you with personalized resources and opportunities, and to analyze and improve the Service and our business. As part of these activities, we may create aggregated, de-identified or other anonymous data from personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business.

Marketing and advertising.  We and our third party advertising partners may collect and use your personal information for marketing and advertising purposes:

  • Direct marketing. We may send you The Mighty-related or other direct marketing communications as permitted by law, including by email. You may opt-out of our marketing communications as described in the Opt-out of marketing communications section below.
  • Interest-based advertising.  We may contract with third-party advertising partners to display ads on our Service and other online services. These partners may use cookies and other technologies to collect information about you (including the device data and online activity data described above) over time across our Service and other online services, as well as your interaction with our emails. They use that data and other information they collect to try to help advertisers reach their desired audience on the Service and/or tailor the ads you see on the Service and other online services to your interests. You can learn more about your choices for limiting interest-based advertising, in the Your choices section of the Cookie Notice.

Compliance and protection.  We may use your personal information to:

  • comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
  • protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); 
  • audit our internal processes for compliance with legal and contractual requirements and internal policies; 
  • enforce the terms and conditions that govern the Service; and 
  • prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.  

Retention. We retain personal information where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested; to comply with applicable legal, tax or accounting requirements; to establish or defend legal claims; or for fraud prevention). Whether the retention period is sufficient to fulfill such purposes is the primary criteria for determining the duration of the retention period. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will store your personal information and isolate it from any further processing until deletion is possible.

How we share your personal information

We may share your personal information with the following parties and as otherwise described in this Privacy Policy or at the time of collection:  

Affiliates.  Our corporate parent, subsidiaries, and affiliates, for purposes consistent with this Privacy Policy.

Service providers.  Companies and individuals that provide services on our behalf or help us operate the Service or our business (such as information technology, customer relationship management and support, chat features described here, email delivery, advertising, marketing, and website analytics). 

Advertising partners.  Third party advertising companies that collect information about your activity on the Service and other online services to help us advertise products and services.

Professional advisors.  Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.

Authorities and others. Law enforcement, government authorities, crisis lines and private parties, as we believe in good faith to be necessary or appropriate for the purposes described above. 

Business transferees.  Acquiring and other relevant parties (and their advisors) to business transactions (or potential transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, The Mighty or our affiliates (including, in connection with a bankruptcy or similar proceedings).  

Other users and the public. Username and some optional profile data, such as biographical details, pronouns, profile picture, and links to your social media networks, are visible to the public and other users by default. The groups you lead and content that you post on the Service, including personally identifiable or medical information, is visible to other users and to the public as well in public communities. Any information you allow to be visible to the public or other users can be collected and used by others. We cannot control who reads the information that you make viewable or what they may choose to do with it.

Business partners. We may compile and share with our research partners and other business partners information that you make publicly available on the Service (e.g., all posts in a certain time period by users posting about a particular medical condition). We may also share information you provide when you participate in our surveys or other research activities with our research partners and other business partners as described to you when we collect that information. We may share the Content you submit to us for republication on our partners’ websites. 

Your choices

You have the following choices with respect to your personal information.

Access or update your information. If you have registered for an account with us, you may review and update certain account information by logging into the account.

Opt-out of marketing communications.  You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by completing the Personal Data Rights Request Form . You may continue to receive service-related and other non-marketing emails.  

Cookies. Most browsers let you remove and/or stop accepting cookies from the websites you visit. To do this, follow the instructions in your browser’s settings. Many browsers accept cookies by default until you change your settings. If you do not accept cookies, however, you may not be able to access all features of the Service or they may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org

Do Not Track.  Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals except where we expressly indicate otherwise. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Declining to provide information. We need to collect personal information to provide certain services.  If you do not provide the information requested, we may not be able to provide those services.

Third party platforms. If you choose to connect to the Service through your social media account, you may be able to use your settings in your account with that platform to limit the information we receive from it. If you revoke our ability to access information from a third party platform, that choice will not apply to information that we have already received from that third party.

Delete your content or close your account. You can choose to delete certain content through your account. If you wish to request to close your account, please contact us, or you can initiate account deletion on the mobile app version of the Service from the user preferences screen.

Other sites and services

The Service may contain links to websites, mobile applications, and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or in mobile applications or other online services that are not associated with us. We do not control websites, mobile applications or online services operated by third parties, and we are not responsible for their actions.

Security

We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information.

International data transfer

We are headquartered in the United States and may use service providers that operate in other countries. Your personal information may be transferred to the United States or other locations where privacy laws may not be as protective as those in your state, province, or country.

Children

The Service is not intended for use by children under 16 years of age. If we learn that we have collected personal information through the Service from a child under 16 without the consent of the child’s parent or guardian as required by law, we will delete it.

Changes to this Privacy Policy 

We reserve the right to modify this Privacy Policy at any time. If we make changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Service. If required by law we will also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via email or another manner through the Service. Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your continued use of the Service after the effective date of any modified Privacy Policy indicates your acceptance of the modified Privacy Policy.

How to contact us

State law privacy rights notice

Scope.  Except as otherwise provided, this section applies to residents of states where they have privacy laws applicable to us that grant their residents the rights described below.

For purposes of this section, “personal information” has the meaning given to “personal data”, “personal information” or similar terms under the applicable privacy laws of the state in which you reside. Please note that not all rights listed below may be afforded to all users and that if you are not a resident of the relevant states, you may not be able to exercise these rights. In addition, we may not be able to process your request if you do not provide us with sufficient detail to allow us to confirm your identity or understand and respond to it.

In some cases, we may provide a different privacy notice to certain categories of residents of these states, such as job applicants, in which case that notice will apply with respect to the activities it describes instead of this section.

Your Privacy Rights. You have the rights listed below. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law. 

  • Information/know.  You can request whether we have collected your personal information, and in certain cases, information about how we use and share it. For example, if you are a California resident, you can request information for the past 12 months about:
    • the categories of personal information that we have collected; the categories of sources from which we collected personal information; the business or commercial purpose for collecting, sharing and/or selling personal information;
    • categories of any personal information that we sold or disclosed for a business purpose. and;
    • the categories of any third parties with whom personal information was sold, shared or disclosed for a business purpose.
  • Access.  You can request a copy of the personal information that we have collected about you. 
  • Correction.  You can request that we correct inaccurate personal information that we have collected about you. 
  • Deletion.  You can request that we delete your personal information. Please note that once we process a deletion request, we may be unable to provide access or support to any past products or services.
  • Opt-out.
    • Opt-out of tracking for targeted advertising purposes.  You can opt-out of certain tracking activities for targeted advertising (also known as interest-based advertising) purposes. The CCPA defines this as “sharing” your personal information with the advertising partners.
    • Opt-out of profiling and limit the use of your sensitive personal information.  If we process your personal information for profiling purposes as defined by applicable privacy laws, you can opt-out of such processing.
  • Nondiscrimination. You are entitled to exercise the rights described above free from discrimination as prohibited by applicable privacy laws.
  • Sales. We do not “sell” personal information as defined by applicable state privacy laws and we have not sold personal information in the preceding 12 months.

How to Exercise Your Rights

  • Information/know, access, correction, and deletion. You may submit requests to exercise these rights at https://themighty.com/privacy-request/ or by mailing us at PO Box 12539, Glendale, CA 91224. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it. You can ask to appeal any denial of your request in the same manner through which you may submit a request.
  • Opt-out
    • Opt-out of tracking for targeted advertising purposes. While we do not sell personal information for money, like many companies, we use services that help deliver interest-based ads to you as described above. Applicable privacy laws may classify our use of some of these services as “sharing” your personal information with the advertising partners that provide the services, from which you have the right to opt-out. You can submit requests to opt-out of tracking for targeted advertising purposes here: Your Privacy Choices. Your request to opt-out will apply only to the browser and the device from which you submit the request. You can also broadcast the Global Privacy Control (GPC) to opt-out for each participating browser system that you use. Learn more at the Global Privacy Control website
    • Opt-out of profiling and limit the use of your sensitive personal information. You may receive marketing-related emails based on the topics that you choose to follow. You may follow a topic by clicking “follow” on the topic page, or we may enroll you into following topics that match your interests or profile data that you have chosen to share, such as your or others’ medical condition. Applicable privacy laws may classify sending such marketing emails based on your interests, profile data and the topics that you follow as “profiling”. You may limit this use of your sensitive personal information and opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by completing the Personal Data Rights Request Form . Note, you may continue to receive service-related and other non-marketing emails.

Verification of Identity. We may need to verify your identity in order to process your information/know, access, correction, or deletion requests and reserve the right to confirm your residency. To verify your identity, we may require you to authenticate into your Service account, provide personal identifiers we can match against information we may have collected from you previously, confirm your request using the email or telephone account stated in the request, provide government identification, provide a declaration under penalty of perjury, or provide other information, where permitted by law.

Authorized Agents. Your authorized agent may be able to make a request on your behalf. However, we may need to verify your authorized agent’s identity and authority to act on your behalf. We may require a copy of a valid power of attorney given to your authorized agent pursuant to applicable law. If you have not provided your agent with such a power of attorney, we may ask you to take additional steps permitted by law to verify that your request is authorized, such as by providing your agent with written and signed permission to exercise your rights on your behalf, the information we request to verify your identity, and confirmation that you have given the authorized agent permission to submit the request.

Additional information for California residents.

Personal Information that we collect, use and disclose. The table below describes our personal information practices by reference to the categories in the “Personal information we collect” section above and the categories described in the CCPA (Cal. Civ. Code Section 1798.140(v)). The table describes our practices currently and during the 12 months preceding the effective date of this Privacy Policy Information you voluntarily provide to us, such as in free-form webforms, may contain other categories of personal information not described below.

Personal Information (“PI”) we collect CCPA statutory category Categories of third parties to whom we disclose PI for a business purpose Categories of third parties to whom we share for interest-based advertising
 
  • Contact data
 
 
  • Identifiers
  • California customer records
 
 
  • Affiliates
  • Service providers
  • Professional advisors
  • Authorities and others
  • Business transferees
  • Other users and the public
  • Business partners
 
None
 
  • Account data
 
 
  • Identifiers
  • Commercial information
  • California customer records
  • Sensitive personal information
 
 
  • Affiliates
  • Service providers
  • Professional advisors
  • Authorities and others
  • Business transferees
  • Other users and the public
  • Business partners
 
None
 
  • Profile data
 
 
  • Identifiers
  • Commercial information
  • California customer records
  • Sensory information
  • Medical information
  • Protected classification characteristics
  • Sensitive personal information
 
 
  • Affiliates
  • Service providers
  • Professional advisors
  • Authorities and others
  • Business transferees
  • Other users and the public
  • Business partners
 
None
 
  • Content
 
 
  • Sensory information
  • Sensitive personal information
 
 
  • Affiliates
  • Service providers
  • Professional advisors
  • Authorities and others
  • Business transferees
  • Other users and the public
  • Business partners
 
None
 
  • Communications
 
 
  • Identifiers
  • California consumer records
  • Internet or Network information
 
 
  • Affiliates
  • Service providers
  • Professional advisors
  • Authorities and others
  • Business transferees
 
None
 
  • Research data
 
 
  • Identifiers
  • Medical information
  • Inferences
  • Protected classification characteristics
  • Sensitive personal information
 
 
  • Affiliates
  • Service providers
  • Professional advisors
  • Authorities and others
  • Business transferees
  • Business partners
 
None
 
  • Marketing preference data
 
 
  • Identifiers
  • Commercial information
  • California customer records
  • Internet or Network Information
 
 
  • Affiliates
  • Service providers
  • Advertising partners
  • Professional advisors
  • Authorities and others
  • Business transferees
  • Business partners
 
Advertising partners (to facilitate online advertising)
 
  • Device data
 
 
  • Identifiers
  • Internet or Network Information
 
 
  • Affiliates
  • Service providers
  • Advertising partners
  • Professional advisors
  • Authorities and others
  • Business transferees
  • Business partners
 
Advertising partners (to facilitate online advertising)
 
  • Online activity data
 
 
  • Identifiers
  • Commercial information
  • Internet or Network Information
  • Sensitive personal information
 
 
  • Affiliates
  • Service providers
  • Advertising partners
  • Professional advisors
  • Authorities and others
  • Business transferees
  • Business partners
 
Advertising partners (to facilitate online advertising)
 
  • Data derived from the above
 
 
  • Inferences
 
 
  • Affiliates
  • Service providers
  • Advertising partners
  • Professional advisors
  • Authorities and others
  • Business transferees
  • Business partners
  • Other users and the public
  • Business partners
 
Advertising partners (to facilitate online advertising)

For information about the categories of sources of this information, see the section above entitled Personal information we collect.
For information about the purposes for collecting, using, and disclosing personal information, see the section above entitled How we use your personal information.

Information regarding the European Economic Area and United Kingdom

This section applies only to individuals in the United Kingdom and the European Economic Area. 

Personal information: References to “personal information” in this Privacy Policy are equivalent to “personal data” governed by European data protection legislation. 

Controller: The Mighty is the controller of your personal information covered by this Privacy Policy for purposes of European data protection legislation. We have appointed a Data Protection Officer, who can be reached at privacy@themighty.com or at the contact details above.

EEA representative:  Our EU representative is VeraSafe Ireland Ltd., who can be reached at North Point Business Park, New Mallow Road, Cork T23AT2P, Ireland or https://verasafe.com/privacy-services/contact-article-27-representative/

UK representative: Our UK representative is VeraSafe United Kingdom Ltd., who can be reached at 37 Albert Embankment, London SE1 7TL, United Kingdom or https://verasafe.com/privacy-services/contact-article-27-representative/.

Legal bases for processing:  The legal bases of our processing of your personal information as described in this Privacy Policy will depend on the type of personal information and the specific context in which we process it. However, the table below sets out the legal bases on which we typically rely when we process personal information other than medical information or other special categories of data. We rely on our legitimate interests as our legal basis only where those interests are not overridden by the impact on you (unless we have your consent or our processing is otherwise required or permitted by law). If you have questions about the legal basis of how we process your personal information, contact us at privacy@themighty.com.

Processing purpose

(click link for details)
Legal basis
Service delivery Processing is necessary to perform the contract governing our provision of the Service or to take steps that you request prior to signing up for the Service.   

Where we cannot process your personal data as required to operate the Service on the grounds of contractual necessity, we process your personal information for this purpose based on our legitimate interest in providing you with the Service you access and request.
Marketing and advertising Processing is based on your consent where that consent is required by applicable law. 

Where such consent is not required by applicable law, we process your personal information for these purposes based on our legitimate interests in promoting our business.
Research and development Compliance and protection These activities are based on legitimate interests, if consent is not the basis of processing.
Compliance and protection Processing is necessary to comply with our legal obligations.
Actions we take with your consent Processing is based on your consent. Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or in the Service. 

Use for new purposes. We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis. 

Sensitive personal information

We always ask for your explicit consent before processing sensitive personal information like your medical conditions, gender, ethnicity, or other special categories, when collected through the Service (e.g., when building out your profile, participating in research surveys). Consent may not be sought for sensitive personal information you manifestly make available by sharing it in our public communities in Stories, Mighty Posts, and any other content.
We ask that you not provide us with any sensitive personal information through the Service or otherwise that is unnecessary. If you do not consent to our processing and use of such sensitive personal information, you must not provide it to us.

Your rights

European data protection laws give you certain rights regarding your personal information. If you are located within the United Kingdom or European Economic Area, you may ask us to take the following actions in relation to your personal information that we hold:

  • Access.  Provide you with information about our processing of your personal information and give you access to your personal information.
  • Correct.  Update or correct inaccuracies in your personal information.
  • Delete.  Delete your personal information.
  • Transfer.  Transfer a machine-readable copy of your personal information to you or a third party of your choice.
  • Restrict.  Restrict the processing of your personal information.
  • Object.  Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.  

You may submit these requests by completing our  Personal Data Rights Request Form  or sending them to our postal address provided above in the How to contact us section.  We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or our response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection regulator in your jurisdiction. If you are in the European Economic Area, you can find your data protection regulator here. If you are in the United Kingdom, you can reach the Information Commissioner’s Officer here.

Cross-Border Data Transfer

If we transfer your personal information from the United Kingdom or European Economic Area to another country such that we are required to apply additional safeguards to your personal information under European data protection laws, we will do so. Please contact us for further information about any such transfers or the specific safeguards applied.