Effective as of May 31, 2022.
Table of Contents
Personal information we collect
Information you provide to us. Personal information you may provide to us through the Service or otherwise, includes:
- Contact data, such as your first and last name, and email and mailing addresses.
- Account data, such as your username and password that you set to establish an account on the Service, the groups you join, the topics you follow, and your account preferences.
- Profile data that you choose to include in your profile. This information may include your date of birth, gender, biographical details, country, photograph, your profiles on social networks, interests, and information about your or others’ medical condition that you choose to share. Sensitive personal information you provide to us, like your condition details, non-binary gender, and ethnicity, are voluntarily and you can update or delete such data at any time.
- Content that you submit to us, such as Stories, Mighty Thoughts, or Questions, and any other content that you upload or post to the Service, including text, photos, videos, posts, comments, attachments and any associated metadata.
- Communications that we exchange, including when you contact us with questions, feedback, or otherwise.
- Research data that you provide when you agree to participate in our surveys and other research activities, including your survey responses, your demographic information and your educational, medical or financial background information.
- Marketing data, such as your preferences for receiving our marketing and other communications, and details about how you engage with them.
Third party sources. We may combine personal information we receive from you with personal information we obtain from other sources. The sources may include:
- Data providers, such as information services and data licensors.
- Public sources, such as social media platforms.
- Research partners, such as universities, companies and other organizations with whom we partner on research initiatives.
Automatic data collection. We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and your activity over time on our sites and other sites and online services, such as:
- Device data, such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., WiFi, LTE, 3G), and general location information such as city, state or geographic area.
- Country, derived from your IP address and shown publicly on your account by default to help you connect with other members in your country (you can choose to make your location private in your account settings)
- Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Service, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access.
Cookies. Some of our automatic data collection is facilitated by cookies and similar technologies. For more information, see our Cookie Notice.
How we use your personal information
We use your personal information for the following purposes or as otherwise described at the time we collect it:
Service delivery. We use your personal information to:
- provide, operate and improve the Service and our business;
- establish and maintain your user profile on the Service;
- enable security features of the Service, such as by sending you security codes via email, and remembering devices from which you have previously logged in;
- communicate with you about the Service, including by sending announcements, updates, security alerts, and support and administrative messages;
- understand your needs and interests, and personalize your experience with the Service and our communications (for example, presenting relevant articles and content based on your condition information or gender); and
- provide support for the Service, and respond to your requests, questions and feedback.
Research and development. We may use your personal information, including sensitive personal information like your condition details, non-binary gender, and ethnicity, to offer opportunities to participate in research surveys and other activities, conduct research and development, and develop user profiles and segmentation to provide you with personalized resources and opportunities, and to analyze and improve the Service and our business. As part of these activities, we may create aggregated, de-identified or other anonymous data from personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business.
Marketing and advertising. We and our third party advertising partners may collect and use your personal information for marketing and advertising purposes:
- Direct marketing. We may send you The Mighty-related or other direct marketing communications as permitted by law, including by email. You may opt-out of our marketing communications as described in the Opt-out of marketing section below.
Compliance and protection. We may use your personal information to:
- comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
- protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
- audit our internal processes for compliance with legal and contractual requirements and internal policies;
- enforce the terms and conditions that govern the Service; and
- prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.
How we share your personal information
Service providers. Companies and individuals that provide services on our behalf or help us operate the Service or our business (such as information technology, customer relationship management and support, email delivery, advertising, marketing, and website analytics).
Advertising partners. Third party advertising companies that collect information about your activity on the Service and other online services to help us advertise our services, and/or use customer lists that we share with them to deliver ads on their platforms on our behalf to those customers and similar users.
Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.
Authorities and others. Law enforcement, government authorities, crisis lines and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.
Business transferees. Acquiring and other relevant parties to business transactions (or potential transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, The Mighty or our affiliates (including, in connection with a bankruptcy or similar proceedings).
Other users and the public. Your username and profile picture are visible to the public and other users. Content that you post on the Service, including personally identifiable or medical information, is visible to other users and to the public as well in public communities. The groups and topics you follow and your country are visible to other users by default, but you can choose to make some of this profile information private in your account settings. Any information you allow to be visible to the public or other users can be collected and used by others. We cannot control who reads the information that you make viewable or what they may choose to do with it.
Business partners. We may compile and share with our research partners and other business partners information that you make publicly available on the Service (e.g., all posts in a certain time period by users posting about a particular medical condition). We may also share information you provide when you participate in our surveys or other research activities with our research partners and other business partners as described to you when we collect that information. We may share the Content you submit to us for republication on our partners’ websites.
You have the following choices with respect to your personal information.
Access or update your information. If you have registered for an account with us, you may review and update certain account information by logging into the account.
Opt-out of marketing communications. You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us. You may continue to receive service-related and other non-marketing emails.
Cookies. Most browsers let you remove and/or stop accepting cookies from the websites you visit. To do this, follow the instructions in your browser’s settings. Many browsers accept cookies by default until you change your settings. If you do not accept cookies, however, you may not be able to use all functionality of the Service may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org.
Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
Declining to provide information. We need to collect personal information to provide certain services. If you do not provide the information requested, we may not be able to provide those services.
Third party platforms. If you choose to connect to the Service through your social media account, you may be able to use your settings in your account with that platform to limit the information we receive from it. If you revoke our ability to access information from a third party platform, that choice will not apply to information that we have already received from that third party.
Other sites and services
The Service may contain links to websites, mobile applications, and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or in mobile applications or other online services that are not associated with us. We do not control websites, mobile applications or online services operated by third parties, and we are not responsible for their actions.
We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information.
International data transfer
We are headquartered in the United States and may use service providers that operate in other countries. Your personal information may be transferred to the United States or other locations where privacy laws may not be as protective as those in your state, province, or country.
The Service is not intended for use by children under 16 years of age. If we learn that we have collected personal information through the Service from a child under 16 without the consent of the child’s parent or guardian as required by law, we will delete it.
How to contact us
- Personal Data Rights Request Form
- Email: email@example.com
- Mail: PO Box 12539, Glendale, CA 91224, United States
Information for California residents
Scope. This section describes how we collect, use, and share the Personal Information of California residents as a “business” under the California Consumer Privacy Act (“CCPA”) and their rights with respect to their Personal Information. For purposes of this section, “Personal Information” has the meaning given in the CCPA but does not include information exempted from the scope of the CCPA. Additionally, this section does not apply to information we collect from you in the course of communicating with you in your capacity as an employee, controlling owner, director, officer or contractor of an organization (i.e., company, partnership, sole proprietorship, non-profit or government agency) in the context of performing due diligence on, or providing or receiving products or services to or from, that organization. In some cases we may provide a different privacy notice to certain categories of California residents, such as job applicants, in which case that notice will apply instead of this section.
Your California privacy rights. As a California resident, you have the rights listed below. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law.
- Information. You can request the following information about how we have collected and used your Personal Information during the past 12 months:
- The categories of Personal Information that we have collected.
- The categories of sources from which we collected the Personal Information.
- The categories of third parties with whom we share the Personal Information.
- The categories of Personal Information that we sold or disclosed for a business purpose.
- The categories of third parties to whom the Personal Information was sold or disclosed for a business purpose.
- The business or commercial purpose for collecting and/or selling Personal Information.
- Access. You can request a copy of the Personal Information that we have collected about you during the past 12 months.
- Deletion. You can ask us to delete the Personal Information that we have collected from you.
- Opt-out of sales. If we sell your Personal Information, you can opt-out of those sales.
- Nondiscrimination. You are entitled to exercise the rights described above free from discrimination as prohibited by the CCPA.
How to exercise your rights
You may submit requests to exercise your California privacy rights described above as follows:
- Right to information, access and deletion. You may submit requests to exercise your right to information, access or deletion by completing our Personal Data Rights Request Form or by mailing us at PO Box 12539, Glendale, CA 91224, United States
- Right to opt-out of the “sale” of your Personal Information. Like many companies, we use services that help deliver interest-based ads to you, and have done so during the past 12 months. Our use of these services may constitute a “sale” of your Personal Information for purposes of the CCPA because the advertising partners that provide the services collect information from our users (e.g., the device data and online activity data described above) to help them serve ads more likely to interest you. See the Do Not Sell My Personal Information section of our Cookie Notice to opt-out.
We will need to verify your identity to process your information, access and deletion requests and reserve the right to confirm your California residency. Authentication into your The Mighty account (if applicable), government identification or other information may be required. Your authorized agent may make a request on your behalf upon our verification of the agent’s identity and our receipt of a copy of valid power of attorney given to your authorized agent pursuant to California Probate Code Sections 4000-4465. If you have not provided your agent with such a power of attorney, you must provide your agent with written and signed permission to exercise your CCPA rights on your behalf, provide the information we request to verify your identity, and provide us with written confirmation that you have given the authorized agent permission to submit the request. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it.
Personal information that we collect, use and disclose
|Statutory category||Personal Information we collect in this category
(See “Personal information we collect” above for descriptions)
|Commercial Information||Profile data
Online activity data
|Online Identifiers||Account data
|Internet or Network Information||Marketing data
Online activity data
|Geolocation Data||Device data
|Inferences||May be derived from your:
|Protected Classification Characteristics||Profile data
|Sensory Information||Profile data
|Medical Information||Profile data
Sources. We describe the sources from which we collect this Personal Information in the section above entitled Personal information we collect.
Purposes. We describe the business and commercial purposes for which we collect this Personal Information in the section above entitled How we use your personal information.
Disclosure. We disclosed this Personal Information to the categories of third parties described in the section above entitled How we share your personal information.
Information regarding the European Economic Area and United Kingdom
Notice to European users
This section applies only to individuals in the United Kingdom and the European Economic Area.
EEA representative: Our EU representative is VeraSafe Ireland Ltd., North Point Business Park, New Mallow Road, Cork T23AT2P, Ireland. https://verasafe.com/privacy-services/contact-article-27-representative/
UK representative: Our UK representative is VeraSafe United Kingdom Ltd., 37 Albert Embankment, London SE1 7TL, United Kingdom. https://verasafe.com/privacy-services/contact-article-27-representative/
(click link for details)
|Service delivery||Processing is necessary to perform the contract governing our provision of the Service or to take steps that you request prior to signing up for the Service.
Where we cannot process your personal data as required to operate the Service on the grounds of contractual necessity, we process your personal information for this purpose based on our legitimate interest in providing you with the Service you access and request.
|Marketing and advertising||Processing is based on your consent where that consent is required by applicable law.
Where such consent is not required by applicable law, we process your personal information for these purposes based on our legitimate interests in promoting our business.
|Research and development
Compliance and protection
|These activities are based on legitimate interests, if consent is not the basis is processing|
|Compliance with legal obligations||Processing is necessary to comply with our legal obligations.|
|Actions we take with your consent||Processing is based on your consent. Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or in the Service.|
Sensitive personal information
We always ask for your explicit consent before processing sensitive personal information like your medical conditions, gender, ethnicity, or other special categories, when collected through the Services (e.g., when building out your profile, participating in research surveys). Consent may not be sought for sensitive personal information you manifestly make available by sharing it in our public communities in Stories, Mighty Thoughts, or Questions, and any other content.
We ask that you not provide us with any sensitive personal information through the Service or otherwise that is unnecessary. If you do not consent to our processing and use of such sensitive personal information, you must not provide it to us.
We retain personal information where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested; to comply with applicable legal, tax or accounting requirements; to establish or defend legal claims; or for fraud prevention). When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
European data protection laws give you certain rights regarding your personal information. If you are located within the United Kingdom or European Economic Area, you may ask us to take the following actions in relation to your personal information that we hold:
- Access. Provide you with information about our processing of your personal information and give you access to your personal information.
- Correct. Update or correct inaccuracies in your personal information.
- Delete. Delete your personal information.
- Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
- Restrict. Restrict the processing of your personal information.
- Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.
You may submit these requests by completing our Personal Data Rights Request Form or sending them to our postal address provided above in the How to contact us section. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or our response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.
Cross-Border Data Transfer
If we transfer your personal information from the United Kingdom or European Economic Area to another country such that we are required to apply additional safeguards to your personal information under European data protection laws, we will do so. Please contact us for further information about any such transfers or the specific safeguards applied.