Security and Reliability

All connections – both outside and internal – are secured using SSL Certificates which provide 256-bit encryption and company verification.
Verification includes:

• Legal personality, the physical and operational presence of the company
• The company complies with official documents
• The company has exclusive rights to use this domain

MightyCall uses Recurly as a billing system. Recurly is PCI-DSS Level 1 compliant and recognized on the Visa Global Registry of Service Providers. We meet or exceed all industry-standard payment security practices to protect our customers:

• The Payment Card Industry Data Security Standard (PCI-DSS) provides a framework for developing a robust security process for credit card transactions;
• Data Encryption – Adheres to the PCI Data Security Standard for Service Providers;
• Web Application Security – Follows industry-standard secure coding guidelines;
• Physical & Network Security Hosts data in dedicated facilities with 24×7 security.

Nobody at MightyCall can store or access sensitive payment information. MightyCall is PCI-DSS certified.

MightyCall uses Amazon Web Services (AWS) Data Centers.
AWS provides with data centers and a network architected to protect all the information, identities, applications, and devices.
AWS data protection services provide encryption and key management and threat detection that continuously monitors and protects the accounts and workloads.
AWS identifies threats by continuously monitoring the network activity and account behavior within the cloud environment.

MightyCall’s uptime is ~99.99%
MightyCall has N+1 redundancy, with infrastructure physically distributed in different data centers (Availability Zones).
Several underlying carriers provide industry-standard redundancy.

Status page 

MightyCall uses continuous backups and encryption for all sensitive data.
User data is stored in failover clusters that have real-time replication.
Backups of the entire database are done daily and are stored separately from the main data center.

National Do Not Call List integration

MightyCall is fully integrated with the National Do Not Call List, ensuring compliance for all outbound campaigns. This feature is automatically enabled for all MightyCall clients, allowing them to respect consumer preferences and avoid costly penalties. Key functionalities include:

• Automatic checking: Every number uploaded for outbound campaigns is automatically checked against the National DNC List. If a number is found on the list, it is immediately flagged and excluded from the campaign.
• Customizable per campaign: Clients have the flexibility to enable or disable DNC List checking for each campaign, providing control based on specific campaign needs.
• Real-time notifications: Upon uploading a contact list, clients are instantly notified if any numbers are registered on the DNC List, ensuring compliance before any calls are made.

STIR/SHAKEN verification 

MightyCall implements STIR/SHAKEN standards to protect users against Caller ID spoofing — a source of over 70% of scam calls.

STIR (Secure Telephony Identity Revisited) gives a special digital signature for a VoIP call, ensuring that the call is coming from the person registered with this Caller ID.

SHAKEN (Secure Handling of Asserted Information Using Tokens) is a set of standards for the service providers on how to manage STIR-authenticated calls in their networks.

Together, these protocols work to safeguard our customers against fraud. Every MightyCall user sees a checkmark next to verified incoming calls, showing that the call is coming from a legitimate source.

Sensitive information is stored using several layers of encryption in a segmented network with no public internet access. New encryption keys are generated on a daily basis, and existing keys are rotated on a regular basis. Sensitive information is encrypted by an SSL connection when in transit over public networks with SSL connections using TLS v1.2 or above.

Privacy Policy