Skip to main content

Data Security at Mighty Networks

Updated yesterday

Mighty Networks Security Overview

Mighty Networks is committed to protecting the privacy, security, and integrity of our customers’ data.


This overview answers common questions about how we safeguard your Network, your members, and your data.

For additional technical and legal details, please review:

Our Approach to Security

Mighty Networks’ software engineers follow strict security and code review processes to identify and address issues early.

  • Continuous Integration (CI) testing verifies that all existing security measures remain effective.

  • Regular API and code reviews ensure new features meet security, privacy, and performance standards.

  • Our engineering team includes experts with formal training from Microsoft, Symantec, and other organizations—experienced in threat modeling and security review.

Reporting Security Issues

If you suspect a security issue, please report it immediately to:
📧 security@mightynetworks.com

All security concerns are logged as tickets, promptly escalated to engineering, and investigated for resolution.

Penetration Testing and Vulnerability Management

  • Penetration Testing: Our most recent independent test was completed in April 2025.

  • Vulnerability Testing: We continuously test for proper security enforcement through our automated suite.

  • Third-Party Dependencies: All software packages are regularly updated to reduce the risk of vulnerabilities in third-party code.

API Security

API Access

Customer API access is available through Zapier and open APIs which supports commonly requested actions and triggers.
Learn more about available integrations here.

Authentication and Encryption

  • All Zapier API calls are authenticated using revocable API keys and operate only over HTTPS.

  • All mobile and web traffic (API and HTML) requires HTTPS and uses TLS 1.2 or higher.

  • Authentication levels vary by feature:

    • Public Networks and registration/search APIs are accessible without authentication.

    • Private, Secret, and Plan Access Networks—as well as all write operations—use OAuth/Session authentication on web and access tokens on mobile.

SAML Support

Mighty Networks does not support SAML 2.0 for user authentication at this time.

Code Review and Engineering Processes

  • Mobile code requires review by at least one other engineer.

  • Server code must be reviewed by two engineers before being merged into the master branch.

  • Reviews evaluate security, privacy, performance, maintainability, and test coverage.

Regulatory Compliance

Mighty Networks complies with major privacy and data protection laws:

  • GDPR (General Data Protection Regulation)

  • CCPA (California Consumer Privacy Act)

Mighty Networks does not store:

  • Financial instruments (e.g., credit cards or full billing addresses), so PCI DSS 3.0 and Sarbanes-Oxley do not apply.

  • Medical data, except when users voluntarily share it in health-related Networks. HIPAA compliance is not offered.

All payment transactions are processed securely by Stripe or Apple.

Data Security and Encryption

Data Storage

All data is hosted on Amazon Web Services (AWS). Learn more about AWS security here.

Data Deletion

Data is first soft-deleted (allowing recovery from errors) before being permanently purged on a regular schedule.

Encryption

  • All communications use HTTPS with TLS 1.2+.

  • Member and Host content is encrypted at rest on AWS.

  • All user passwords are stored with one-way hashing—they cannot be reversed.

  • Mighty Networks does not use or store physical media.

Backups and Disaster Recovery

Backups

Mighty Networks relies on Amazon’s world-class backup systems:

  • Amazon RDS Aurora: Daily snapshots and point-in-time recovery based on transaction logs.

  • AWS Elastic Cache: Backups configured automatically.

  • Amazon Redshift: Continuous backups to Amazon S3.

  • Elasticsearch: Regular snapshots to Amazon S3.

  • Amazon S3: Binary assets are geo-distributed and redundantly stored.

Disaster Recovery

Every layer of Mighty Networks’ infrastructure is redundant and fault-tolerant.

In the event of a major outage—such as the loss of an entire AWS data center—Mighty Networks can recover within 24 hours, though most incidents are resolved much faster.

Rebuild scripts for new environments are tested several times a year as part of our staging and performance testing process.

Summary

Mighty Networks takes a multi-layered approach to security that includes:

  • Rigorous code review and testing

  • Industry-standard encryption

  • Redundant AWS infrastructure and backups

  • Ongoing compliance with GDPR and CCPA

  • Regular third-party audits and penetration tests

We are committed to transparency and continuous improvement in protecting your data and your members’ trust.

Related Articles
How Does SEO Work for My Mighty Network?
Can I Use Zapier with Mighty Networks?
What's Mighty Networks' Privacy Policy?
Is Mighty Networks GDPR and CCPA Compliant?
Do I Own My Data and Members on My Mighty Network?
Did this answer your question?