Effective as of May 31, 2022.
Information you provide to us. Personal information you may provide to us through the Service or otherwise, includes:
Third party sources. We may combine personal information we receive from you with personal information we obtain from other sources. The sources may include:
Automatic data collection. We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and your activity over time on our sites and other sites and online services, such as:
Cookies. Some of our automatic data collection is facilitated by cookies and similar technologies. For more information, see our Cookie Notice.
We use your personal information for the following purposes or as otherwise described at the time we collect it:
Service delivery. We use your personal information to:
Research and development. We may use your personal information, including sensitive personal information like your condition details, non-binary gender, and ethnicity, to offer opportunities to participate in research surveys and other activities, conduct research and development, and develop user profiles and segmentation to provide you with personalized resources and opportunities, and to analyze and improve the Service and our business. As part of these activities, we may create aggregated, de-identified or other anonymous data from personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business.
Marketing and advertising. We and our third party advertising partners may collect and use your personal information for marketing and advertising purposes:
Compliance and protection. We may use your personal information to:
You have the following choices with respect to your personal information.
Access or update your information. If you have registered for an account with us, you may review and update certain account information by logging into the account.
Opt-out of marketing communications. You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us. You may continue to receive service-related and other non-marketing emails.
Cookies. Most browsers let you remove and/or stop accepting cookies from the websites you visit. To do this, follow the instructions in your browser’s settings. Many browsers accept cookies by default until you change your settings. If you do not accept cookies, however, you may not be able to use all functionality of the Service may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org.
Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
Declining to provide information. We need to collect personal information to provide certain services. If you do not provide the information requested, we may not be able to provide those services.
Third party platforms. If you choose to connect to the Service through your social media account, you may be able to use your settings in your account with that platform to limit the information we receive from it. If you revoke our ability to access information from a third party platform, that choice will not apply to information that we have already received from that third party.
The Service may contain links to websites, mobile applications, and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or in mobile applications or other online services that are not associated with us. We do not control websites, mobile applications or online services operated by third parties, and we are not responsible for their actions.
We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information.
We are headquartered in the United States and may use service providers that operate in other countries. Your personal information may be transferred to the United States or other locations where privacy laws may not be as protective as those in your state, province, or country.
The Service is not intended for use by children under 16 years of age. If we learn that we have collected personal information through the Service from a child under 16 without the consent of the child’s parent or guardian as required by law, we will delete it.
Scope. This section describes how we collect, use, and share the Personal Information of California residents as a “business” under the California Consumer Privacy Act (“CCPA”) and their rights with respect to their Personal Information. For purposes of this section, “Personal Information” has the meaning given in the CCPA but does not include information exempted from the scope of the CCPA. Additionally, this section does not apply to information we collect from you in the course of communicating with you in your capacity as an employee, controlling owner, director, officer or contractor of an organization (i.e., company, partnership, sole proprietorship, non-profit or government agency) in the context of performing due diligence on, or providing or receiving products or services to or from, that organization. In some cases we may provide a different privacy notice to certain categories of California residents, such as job applicants, in which case that notice will apply instead of this section.
Your California privacy rights. As a California resident, you have the rights listed below. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law.
How to exercise your rights
You may submit requests to exercise your California privacy rights described above as follows:
We will need to verify your identity to process your information, access and deletion requests and reserve the right to confirm your California residency. Authentication into your The Mighty account (if applicable), government identification or other information may be required. Your authorized agent may make a request on your behalf upon our verification of the agent’s identity and our receipt of a copy of valid power of attorney given to your authorized agent pursuant to California Probate Code Sections 4000-4465. If you have not provided your agent with such a power of attorney, you must provide your agent with written and signed permission to exercise your CCPA rights on your behalf, provide the information we request to verify your identity, and provide us with written confirmation that you have given the authorized agent permission to submit the request. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it.
Personal information that we collect, use and disclose
|Statutory category||Personal Information we collect in this category (See “Personal information we collect” above for descriptions)|
|Identifiers||Contact dataAccount dataResearch data|
|Commercial Information||Profile data Marketing data Online activity data Research data|
|Online Identifiers||Account data Profile data Device data|
|Internet or Network Information||Marketing dataDevice dataOnline activity data|
|Geolocation Data||Device data Profile data|
|Inferences||May be derived from your: Content Marketing data Device dataOnline activity dataResearch data|
|Protected Classification Characteristics||Profile dataResearch data|
|Sensory Information||Profile data Content Research data|
|Medical Information||Profile dataContentResearch data|
Sources. We describe the sources from which we collect this Personal Information in the section above entitled Personal information we collect.
Purposes. We describe the business and commercial purposes for which we collect this Personal Information in the section above entitled How we use your personal information.
Disclosure. We disclosed this Personal Information to the categories of third parties described in the section above entitled How we share your personal information.
Notice to European users
This section applies only to individuals in the United Kingdom and the European Economic Area.
EEA representative: Our EU representative is VeraSafe Ireland Ltd., North Point Business Park, New Mallow Road, Cork T23AT2P, Ireland. https://verasafe.com/privacy-services/contact-article-27-representative/
UK representative: Our UK representative is VeraSafe United Kingdom Ltd., 37 Albert Embankment, London SE1 7TL, United Kingdom. https://verasafe.com/privacy-services/contact-article-27-representative/
|Processing purpose (click link for details)||Legal basis|
|Service delivery||Processing is necessary to perform the contract governing our provision of the Service or to take steps that you request prior to signing up for the Service. Where we cannot process your personal data as required to operate the Service on the grounds of contractual necessity, we process your personal information for this purpose based on our legitimate interest in providing you with the Service you access and request.|
|Marketing and advertising||Processing is based on your consent where that consent is required by applicable law. Where such consent is not required by applicable law, we process your personal information for these purposes based on our legitimate interests in promoting our business.|
|Research and development Compliance and protection||These activities are based on legitimate interests, if consent is not the basis is processing|
|Compliance with legal obligations||Processing is necessary to comply with our legal obligations.|
|Actions we take with your consent||Processing is based on your consent. Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or in the Service.|
Sensitive personal information
We always ask for your explicit consent before processing sensitive personal information like your medical conditions, gender, ethnicity, or other special categories, when collected through the Services (e.g., when building out your profile, participating in research surveys). Consent may not be sought for sensitive personal information you manifestly make available by sharing it in our public communities in Stories, Mighty Thoughts, or Questions, and any other content.
We ask that you not provide us with any sensitive personal information through the Service or otherwise that is unnecessary. If you do not consent to our processing and use of such sensitive personal information, you must not provide it to us.
We retain personal information where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested; to comply with applicable legal, tax or accounting requirements; to establish or defend legal claims; or for fraud prevention). When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
European data protection laws give you certain rights regarding your personal information. If you are located within the United Kingdom or European Economic Area, you may ask us to take the following actions in relation to your personal information that we hold:
You may submit these requests by completing our Personal Data Rights Request Form or sending them to our postal address provided above in the How to contact us section. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or our response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.
Cross-Border Data Transfer
If we transfer your personal information from the United Kingdom or European Economic Area to another country such that we are required to apply additional safeguards to your personal information under European data protection laws, we will do so. Please contact us for further information about any such transfers or the specific safeguards applied.