Mighty provides core software and services legal and medical funding companies need to efficiently run and grow their businesses. We know that data security lies at the heart of our customers’ daily business operations, and we understand that our customers’ data is their business.
Behind Mighty’s modern, user-friendly interface is a secure, sophisticated infrastructure built to keep your proprietary information and files protected and confidential. Within the Mighty team, we’ve cultivated a culture of security and data privacy to guide our behaviors and customer interactions.
First and foremost: your data is your data.
Funders on Mighty’s platform only have access to their siloed instance of the application and the corresponding data. Furthermore, we provide our customers with the highest standards of data portability, data deletion, and access to continuous data backup.
Mighty is designed with multiple layers of protection to ensure that malicious agents cannot access your data. Here are just a few of the most important technological features we use to keep your data secure:
Hosted on Amazon Web Services (AWS) on a Virtual Private Cloud (VPC)
Data encryption in-transit and at-rest
Communications between you and AWS servers are encrypted via industry standard HTTPS and 256 bit Transport Layer Security (TLS). Your data is encrypted both when it is “at-rest” on AWS servers, as well as when it is being transmitted between the servers and your machines.
Hash and salt passwords
We use a PBKDF2 password hasher to securely store users’ passwords on AWS. This is recommend by the National Institute of Standards and Technology (NIST). Attackers would require tens of millions of years of computing time to break our customers’ passwords with known technologies.
The bedrock of the technology and legal controls we put in place to keep your data secure and private is Mighty’s culture of security. We instill the importance of security and best practices across our professional organization.
New team members undergo background checks
Onboarding and recurring security training
Confidentiality, non-solicit, and non-compete agreements
Data handling policies
Destruction of digital data once no longer a business necessity
Mandated computer sleep / password protect that are changed every 2 months
Randomized password generators
Proximity card reader devices are required to access Mighty’s floor
Floor locked on weekends and off-hours
CCTV video surveillance cameras at points of entry