Brightn Privacy Policy

If you are visually impaired, have another disability, or seek support in other languages, you may access this Privacy Policy by emailing us at support@brightnapp.com.

We at Brightn are committed to protecting and respecting your privacy. This Privacy Policy describes how Brightn collects, uses, and discloses your personal information, as well as the choices you have regarding our handling of your personal information. This Privacy Policy describes our data practices in connection with your use of our content and products that we make available via our websites, including www.brightnapp.com (“Websites”), our applications, including the Brightn mobile app (“Apps”), or other delivery methods (collectively, our “Products”). Throughout this Privacy Policy, we refer to all of our Products and the information and support we provide to contacts, partners, and customers as our “Services.”  By interacting with or using one of our Products, or otherwise communicating or interacting with us or our business, you consent to the information handling practices described in this Privacy Policy. If you do not wish for us to collect or use your personal information in the manner described herein, do not use our Services.

Important Information About this Policy

Some components or features of our Services may include additional privacy notices, such as optional features that utilize your personal information uniquely. Those additional notices supplement this Privacy Policy.

While we always aim to provide complete and transparent information about how we process your data, we reserve the right to amend or update this Privacy Policy from time to time, or to create additional policies as needed, to reflect changed circumstances or new legal requirements accurately.  To ensure we provide the most accurate information possible, please review this Privacy Policy for updates.

Important Information About Our Organizational Partners

Your employer, school, or a similar organization with which you are affiliated (collectively, our “Organizational Partners”) may have engaged us to make the Services available to you, including at a discount, as a benefit, or as part of some other program. In some cases, your interaction with our Services may be subject to the policies and terms of our Organizational Partner (e.g., when you are required to provide an ID number that originated with our Organizational Partner or when you use single sign-on (SSO) features to access our Services). Each Organizational Partner operates separately from Brightn. Please consult the Organizational Partner’s privacy policy to learn more about how they collect, use, and disclose your data. 

Your Protected Health Information under HIPAA

Certain features of our Services may allow you to consult or communicate directly with a medical or health professional. Your use of such features is subject to the medical or health professional’s Notice of Privacy Practices, which is different from this Privacy Policy and controls concerning any of your protected health information (as that term is defined and used in the Health Insurance Portability and Accountability Act). Contact your medical or health professional to learn more.

Table of Contents

This Privacy Policy is provided in a layered format. We provided summaries for each section, but we encourage you to read each section in detail.

1. Collection of personal information
2. Use of personal information
3. Disclosure of personal information
4. Data security and retention
5. Your choices regarding your personal information
6. Consumer health data
7. Rights afforded to specific individuals
8. Children's privacy
9. Changes
10. Contact us

1. Collection of personal information

For this Privacy Policy, “personal information” is any information that, either alone or in combination with other information, identifies, relates to, or can be used to contact a particular individual. We may collect or process the following personal information about you, which we receive directly from you, from others, and which we may automatically collect when you interact with our Services.

(a) Information you provide to us

• Contact information. Your first and last name and email address. We may also collect your social media account information if you choose to access the Services through a social media account.
• Account Information. Suppose you set up an account with us. In that case, you will need to provide your telephone number, mailing address, employer or company name, job title, student identification number, emergency contact information, as well as password and other authentication-related information. For individuals who participate in special subscriptions and features, including group plans, we may collect additional personal information, such as the names and email addresses of household members.
• Demographic information. To the extent inferred from your interactions with one of our Products, or when you choose to provide such information as part of your account profile or the Services, or when you otherwise choose to provide the information, your gender, birth date, marital status, employment status, parent status, race or ethnicity, military status, preferred pronouns, sexual orientation and sex life.
• Health information. To the extent inferred from your interactions with one of our Products, or when you choose to provide such information as part of your account profile or the Services, information about your physical or mental health status, condition, or diagnosis, including treatments you are receiving, medications you are taking, the type of care you are seeking, medical or health-related interventions you have received or are interested in, your health and wellness goals, and information related to your receipt of medical and health services, in each case, to the extent applicable. Please review the section below titled “Consumer Health Data, to learn more.   
• Fitness information. To the extent inferred from your interactions with one of our Products, or when you choose to provide such information as part of your account profile or the Services, information regarding dietary habits and activities you engage in, such as the food and drinks you consume and purchase, fitness level, activity, and goals, nutritional preferences, lifestyle information (e.g., sleeping data), body measurements (e.g., height, weight, and BMI), and other related information you choose to capture in notes or other fields within the  Services.
• Behavioral Data.  To the extent inferred from your interactions with one of our Products, or when you choose to provide such information as part of your account profile or the Services, information about your behaviors and habits, such as frequency of activity completion and engagement with wellness plans.
• Payment information. If you sign up for a paid product or service from us, you may be required to provide your payment card or bank account information. Please note that Brightn does not directly process payment card information; instead, we rely on third-party payment processors to do so on our behalf. Please note that third-party terms may apply to these payment services. Personal information collected for these purposes includes card number, type, expiration date, and billing address. Specific anonymized, limited, and/or truncated versions of this information may be provided to Brightn.
• Communication information. When you send or respond to emails, messages, chats, or other communications from Brightn, we may collect your email address, name, and any other personal information you choose to include in the body content of your communications. Additionally, when you interact with specific features of our Products, we may collect the content of those communications.
• Support information. When you submit a support request or otherwise engage with our support team, we collect the information you provide during that interaction. We also utilize live chat and/or chatbot technology, which allows you to communicate directly with our automated customer service system and/or customer service representatives via a chat window about our Products and Services. Text entered into any chat form or functionality is collected instantly and simultaneously by Brightn and the vendors who make the technology available. It may be retained and used by Brightn for our business purposes, including by our customer service and other personnel and service providers.
• Usage information. We collect device information, which includes data from the device used to access our services, such as device type, operating system, and mobile network information. We also gather log information that details how our services are used, including access times, pages viewed, and interactions with our content. Additionally, we collect location data, which consists of geographical location information collected from the user’s device to provide location-based services. We may collect information about the communication interfaces used for data transmission between user devices and our servers. Additionally, we collect data generated from user interactions with our mobile application, including user inputs, preferences, and settings.

We collect this information when you access, use, or navigate our Services, fill in forms on our Services, request information from us, communicate with us (including by phone, email, chat, or otherwise), interact with any chatbot or similar features available in our Products, visit or engage with our social media pages, participate in surveys or sponsored activities, or otherwise provide us with personal information.

Please note that we may aggregate or anonymize the foregoing types of information such that they are no longer capable of identifying you, in which case they are no longer considered “personal information.” 

(b) Information from others

In certain circumstances, we may collect personal information about you from others. This may include the following:

• Suppose you receive access to Brightn through one of our Organizational Partners. In that case, we collect your name, email address, and other information that your Organizational Partner submits to us to facilitate your enrollment in our Products and Services.
• We may collect the name, email address, content engagement, and preferences of individuals that our users identify through our sharing and referral features. We use this data to share content and refer individuals to join the Products.
• We may collect personal information from parents or guardians to operate accounts for their dependents aged 13-17, where supported.
• Suppose you have your account verified to confirm your eligibility for a select subscription offering. In that case, we may allow a third-party vendor to access the specific personal information you provide to perform the verification. Any failure to provide sufficient information or any response Brightn considers abnormal may result in Brightn refusing (or being unable) to verify your eligibility.

(c) Information we automatically collect

Our Products may collect information from you automatically during your use by employing the following technologies:

• Cookies: Cookies are small text files that websites use to make a user’s experience more efficient. Our Products use different types of cookies to, among other things, automatically recognize you when you return to our site, store information regarding your preferences, and analyze traffic to our Products. Please note that where cookies are essential to the operation of our Products, if disabled, you may not be able to enjoy certain features of the site. 
• Log Files and Device Identifiers.  We use log files to track actions occurring on our Products and collect data about visitors, including IP addresses, browser types, Internet service providers, referring/exit pages, date/time stamps, and device identifiers.
• Pixels, tags, web beacons, and other technologies.  Each of our Products may also use “pixels,” “tags,” “web beacons,” or other similar technologies. These technologies are small pieces of code that run when a page or email is loaded. They are used to monitor the behavior of the visitor or email recipient—such as what icons were clicked or whether links in an email were opened—and gather analytics.  For example, when you open the Brightn homepage, a pixel may run and generate information based on the visit, and then this information is processed by us or our vendors. Pixels work in conjunction with cookies to let us know what portions of our Products are of interest to you and to help us provide you with tailored information from our Products. IF YOU TURN OFF COOKIES, THE PIXELS, TAGS, AND WEB BEACONS WE USE MAY STILL DETECT CERTAIN INFORMATION ABOUT YOUR INTERACTION WITH OUR PRODUCTS AND DISREGARD ANY COOKIE-PROHIBITIVE MARKERS OR SIGNALS.
• Analytics.  Our Products may also use third-party analytics tools, such as Google Analytics.  You can find more information about how data is collected and processed in connection with the Google Analytics service here.  You can also read Google’s privacy policy here.

Please note that the vendors supplying us with these pixels, tags, web beacons, cookies, or similar tracking technologies collect your personal information simultaneously with our collection of such information, and they may use this information for their purposes.

The information collected through these technologies may be combined with personal information or aggregated with other information on website visits. We may share information about your use of our website with our advertising and analytics partners, who may combine it with other information that you previously provided to them.

We may use tracking technologies for a variety of purposes:

• Strictly Necessary. We may use tracking technologies required for system administration, to prevent fraudulent activity, improve security, or enable you to use shopping cart functionality. We are not required to inform you or to obtain your consent to tracking operationally necessary technologies.
• Analytical or performance. We may use cookies or other tracking technologies to assess the performance of the Products, including as part of our analytic practices to improve the content offered through the online services. During some visits, we may use software tools to measure and gather session information, including page response times, download errors, time spent on particular pages, and page interaction information.
• Functionality. We may use tracking technologies to tell us, for example, whether you have visited the Product before or if you are a new visitor and to help us identify the features in which you have the greatest interest.
• Targeting/Advertising. We may use tracking technologies to deliver content, including ads, relevant to your interests on our website or on third-party sites based on how you interact with our content or the content on third-party sites (e.g., including social media platforms), as well as track the content you access (including video viewing). We may also disclose this information to third parties for this purpose so that they can serve you with relevant advertising on their websites.

You have some choices concerning the use of analytical or performance technologies, functionality technologies, and targeting/advertising technologies:

• Declining Cookies – Depending on your browser or device, you may have the option to set the browser to accept all cookies, reject all cookies, notify you when a cookie is set, or delete cookies.  Each browser and device is different, so we recommend you evaluate the tools and settings available in your browser or device, as well as any available instructions for the same.  Please note that if you disable or delete cookies, you may not be able to access or use certain features of our website. The National Advertising Initiative also makes resources available to assist consumers in opting out of certain tailored online ads, which you can access here: https://optout.networkadvertising.org/?c=1. You can also use the Digital Advertising Alliance’s Consumer Choice Tool located at https://optout.aboutads.info/?c=2&lang=EN.
• Google Analytics – As discussed above, we use Google products in connection with the website.  If you would like to refrain from having your data collected by Google, Google has developed an opt-out browser that you can use – see 
• Do Not Track Mechanisms – Please note that our website does not honor “Do Not Track” signals, and such signals will not impact the operation of the website.   

Note that the information collected by us via tracking technologies may be combined with other information from or about you and disclosed to our vendors or service providers, who may combine the information with information they have collected.

‍

2. Use of personal information

We (and the service providers acting on our behalf) use your personal information for the following purposes:

• Tailoring content, recommendations, and wellness plans to meet individual user needs.
• Analyzing usage patterns to improve the performance and features of our Products.
• Conducting research and developing new features, including those based on aggregated information and analytics.  
• Processing the information so that it no longer identifies you and becomes “anonymized” or “de-identified” information.
• Sending notifications, updates, and relevant information to users.
• To provide our Services, including the delivery of content and interactive features.
• To communicate with you regarding our Services, including updates or changes.
• To provide you support, answer your questions or requests for information, or handle your complaints.
• To process payment, manage your orders, and account for applicable sales taxes.
• To inform our Organizational Partner, if applicable, about your registration and other information they require regarding your use of the Services.
• To fulfill our obligations under any agreements that we may have with you.
• To maintain and improve the quality of our Services, including to perform research and development, understand user trends, and, in a limited way, understand the effectiveness of our marketing and advertising, such as recording a sales conversion.
• To provide you with information about new Products, promotions, and other opportunities that may be of interest to you, whether offered by us or third-party partners, and to personalize, measure, and improve such offers.
• To personalize the advertisements you receive about our Services through third-party platforms, on other websites, and apps.
• To protect ourselves and others, we take actions to prevent fraud and other unlawful or unauthorized activity, and create and maintain a trusted, secure, and reliable online environment.
• To comply with our legal obligations, including meeting regulatory compliance obligations, responding to subpoenas, court orders, or other legal processes.
• To establish or exercise our legal rights or defend against legal claims.

3. Sharing of personal information

We disclose personal information to the following categories of third parties:

• Our service providers. In certain circumstances, we may need to disclose your personal information to a third party so that they can provide a service on our behalf, such as helping to deliver Services that you have requested. These service providers may include assistance with analytics, payment processing, advertising and marketing, website hosting, customer and technical support, and other services. Our service providers have access to your personal information solely to perform tasks on our behalf, as instructed. They are contractually obligated to maintain the confidentiality and security of your personal information and not to disclose or use your personal information for any other purpose inconsistent with this Privacy Policy and applicable law.
• Your integrations. You can connect your account through supported integrations with third-party services, and we will share your personal information with those third parties. If you do connect an integration, the third party’s terms and privacy policy may apply to the personal information shared as a result. We encourage you to review these before setting up the integration. For example, if you are using iOS, you can connect our Products to Apple’s HealthKit. If you do, iOS Privacy Policy and Terms of Use apply, and can be reviewed at www.apple.com/legal/privacy.
• Community Activity. Engage with other Services users using our community features. We will share some information about you, such as your name associated with your comment on a forum or other information you choose to share with other users.
• Our Organizational Partner. In limited cases, we may disclose specific personal information to our Organizational Partner, including your name, email address, registration date, and the date of your last use of our Services. Generally, we restrict this sharing to exclude specific details of your in-app activity or any details about your use of the Services, such as therapy. This restriction may not apply where sharing some of your activity is necessary for your treatment, payment, or healthcare operations, such as when your Organizational Partner is another healthcare provider, health insurance provider, or health plan.
• Third-party business partners. In limited cases, we may disclose specific personal information to third-party businesses with which we have a joint promotional relationship, a bundled subscription offer, or another trusted partnership. This type of sharing will most often be consistent with your notice, consent, direction, and/or reasonable expectations in light of the circumstances in which you provided the personal information.
• Third-party advertising platforms. We work with third-party platforms that provide us with analytics and advertising services. This includes helping us understand how users interact with our Services, serving advertisements on our behalf to those who may be interested, and measuring the performance of those advertisements.
• Compliance and harm prevention. Suppose we are under a duty to disclose or share your personal information to comply with any legal obligation, such as to comply with a subpoena, bankruptcy proceeding, similar legal process, or to enforce our agreements with you; or to protect the rights, property, or safety of Brightn, our customers, or others. This includes exchanging information with other companies and organizations to protect against fraud and reduce credit risk. We may also disclose personal information when we believe it is necessary to do so, or as required by any applicable law, regulation, or legal process.
• Affiliates and business transfer. Suppose Brightn, including any of our subsidiaries, brands, or affiliates, is involved in a merger, acquisition, asset sale, or other corporate combination. In that case, your personal information may be transferred to the acquiring or surviving entity. If such transfer results in a material change to the use of your personal information, we will provide notice before your personal information is transferred or becomes subject to a different privacy policy.
• According to your instructions or directions. Suppose you use our Services to communicate with another person, such as an Organizational Partner or a healthcare provider. In that case, you are instructing Brightn to disclose your personal information to such recipient and are solely responsible for our compliance with your instructions.

4. Data security and retention

The security of your personal information is a top priority for us. We follow generally accepted standards, practices, and procedures to protect the personal information submitted to us, both during transmission and once it is received. We maintain appropriate technical, administrative, and physical safeguards to help protect the security of your personal information against unauthorized access, destruction, loss, alteration, disclosure, or misuse.

No security can be fully guaranteed, though. We do not warrant the security of your personal information. If you have an account with us and suspect unauthorized use of your account or its credentials, please contact us immediately at support@brightnapp.com.

We will keep your personal information for as long as needed to perform our obligations to you, or fulfill the purposes for which the data was collected, or for as long as legally permitted. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you; (ii) whether there is a legal obligation to which we are subject; and (iii) whether retention is advisable in light of our legal position (such as regarding applicable statutes of limitations, litigation or regulatory investigations). For example, we retain your account information, including your name, email address, and password, as long as your account is active, so that you can access it.

5. Your choices regarding your personal information

We give our users control over their information and how we process it.

If you have an account with us, you can correct any outdated information in your account through the profile section of our Products.  If our Organizational Partner has incorrect information about you, please contact them to correct such information.

You can elect to “unsubscribe” from marketing communications by using the links available in the communication that is sent to you.

Please note that certain information is required to provide our Services (e.g., your contact information). If you decline to provide us such information, we may not be able to provide you with the Services.

Please contact us at the email address below to request changes to your personal information.  

6. Consumer Health Data

Specific state laws, like the Washington My Health My Data Act (2023 Wash. Laws 191; HB 1155) (the “MHMDA”), regulate the handling of the “consumer health data” of such state’s residents. Any terms defined by the MHMDA have the same meaning when used in this section.  

This section describes how Brightn collects, uses, and shares consumer health data, as well as how consumers can exercise their rights under applicable laws regarding such data. “Consumer health data” is any personal information that is linked or reasonably linkable to a consumer and that identifies the consumer’s past, present, or future physical or mental health status.

To the extent inferred from your interactions with one of our Products, or when you choose to provide such information as part of your account profile or the Services, Brightn collects information about your physical or mental health status, condition, or diagnosis, including treatments you are receiving, medications you are taking, the type of care you are seeking, medical or health-related interventions you have received or are interested in, your health and wellness goals, and information related to your receipt of medical and health services, in each case, to the extent applicable.

Brightn collects the above categories of consumer health data for:

• Improving its Services, including tailoring its platform to present relevant information to its users.
• Understanding and analyzing how users interact with our Services, including analyzing traffic and usage metrics, and how users search for, choose, and purchase various products.
• Marketing Brightn’s Services to current, former, and potential users.
• Preventing and detecting fraud, financial crime, hacking activities, security breaches, and other unlawful activities in connection with the Services or the use of our Services.

The consumer health data described above is collected from you, our Organizational Partners, our advertising vendors, and our service providers. Brightn may disclose or transfer your consumer health data to its vendors or service providers that process the information on its behalf (e.g., website hosting providers, email and communications vendors, data storage providers, etc.).

Additionally, Brightn shares consumer health data with the following categories of “third parties” (as applicable laws define that term):

• Parties to a corporate transaction or proceeding, such as in the event of a merger, financing, acquisition, bankruptcy, dissolution, or a transfer, divestiture, or sale of all or a portion of our business or assets, of which consumer health data is among the assets being disclosed or transferred.
• Law enforcement or other agencies when we believe doing so is necessary to comply with applicable law or respond to a valid legal process. 

Subject to certain exceptions, the MHMDA and similar laws provide consumers with the right to:

1. Confirm whether Brightn is collecting, sharing, or selling your consumer health data, and access such data, including a list of all third parties and affiliates with whom Brightn has shared or sold the consumer health data.
2. Withdraw consent from the collection or sharing of consumer health data.
3. Delete consumer health data.

To exercise the rights described above, you may submit your request by contacting Brightn at support@brightnapp.com.

Note that Brightn may deny your request if it is unable to authenticate you or your request using commercially reasonable efforts and may request that you provide additional information for authentication purposes. If Brightn can authenticate your request, it will comply with the request within 45 days of receipt of the request; provided that Brightn may extend its response period by an additional 45 days when reasonably necessary, in which case you shall be notified of the extension.

If your request to exercise a right is denied, you may appeal that decision by contacting Brightn. If your appeal is unsuccessful, you can raise a concern or complain with the attorney general of your state (e.g., the Washington State Attorney General at www.atg.wa.gov/file-complaint).

7. Rights afforded to specific individuals

Rights afforded to specific individuals 

1. California Residents

California Civil Code § 1798.83 (California’s Shine the Light Act) further permits California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. If you are a California resident, you may ask us to refrain from providing your personal information to certain of our affiliates and other third parties for their marketing purposes. Please let us know your preference by contacting us using the information below.

2. EU/UK/Swiss Residents 

The European Union’s General Data Protection Regulation and the United Kingdom’s and Switzerland’s versions of the same (collectively, the “GDPR”) afford certain rights to individuals in the European Economic Area (including Switzerland, Gibraltar, the United Kingdom, and similar, the “EEA”).  If you are in the EEA, you have the following rights.  Note, however, that not all rights apply in all circumstances. 

• Right of access: Subject to certain exceptions, you have the right to access the personal information that we hold about you. If you are requesting access to your data to protect the rights of others, we may require you to verify your identity before releasing that information to you. 
• Right to rectify your personal information: If you discover that the information we hold about you is inaccurate or incomplete, you have the right to have this information rectified (i.e., corrected). 
• Right to be forgotten: You may request that we delete the information we hold about you under certain circumstances. This right is not absolute, and it may not be possible for us to delete the information we hold about you, for example, if we have an ongoing contractual relationship or are required to retain information to comply with our legal obligations. 
• Right to restriction of processing: In some cases, you may have the right to have the processing of your personal information restricted. For example, where you contest the accuracy of your personal information, its use may be restricted until the accuracy is verified. 
• Right to object to processing: You may object to the processing of your personal information (including profiling) when it is based upon our legitimate interests. You may also object to the processing of your personal data for direct marketing and the purposes of statistical analysis. 
• Right to data portability: You have the right to receive, transfer, or copy your personal information to another controller when we are processing your personal information based on consent or a contract and the processing is carried out by automated means. 

Regarding the personal information discussed in this Policy, we are typically the “data controller” for such information under the GDPR.  As a result, if you wish to exercise one of the rights discussed above, you may do so by submitting a written request to the email address below with the subject line, “GDPR Request.”  This is usually free, unless the process is unduly complex or clearly unfounded, repetitive, or excessive, in which case we may charge a reasonable fee or decline to respond.  Once we have received your request, we will review it and contact you within thirty (30) days of receipt. We will notify you of any delay in processing your request and, in any event, respond to the request within three (3) months.  Please note that we may need to request specific information from you to verify your identity.  If you are located in the EEA or UK and have a concern about our processing of your data, you may have the right to make a complaint to the appropriate data protection authority in the EEA or UK.   

We will process different types of information under various lawful bases outlined in the GDPR, depending on the nature of the information and your relationship with us. The following table summarizes how we intend to use your personal information and the lawful basis for doing so.  We may process your personal information on multiple bases, depending on the specific purpose for which we have collected or are using your information. 

To enter into and subsequently to manage our business relationship with you or your company, including: 

• Negotiating, entering into, and performing agreements with you or your company  
• Responding to inquiries and providing customer support and service 
• Managing and processing transactions for our services 
• Notifying you about changes to our services, business terms, or this Policy 
• Communicating with you and responding to your inquiries regarding our services, agreements with you or your company, and other issues
• Contact Information
• Account information 
• Demographic information
• Health information
• Fitness information
• Behavioral data
• Payment information
• Communication information
• Support information 
• Usage information 
• Necessary for our legitimate interests (to manage our business relationships and administer our operations, including through the keeping of appropriate records)
• Performance of a contract with you 
• Necessary to comply with legal obligations

To administer and protect our business and services, including: 

• Maintaining business records for legal purposes and to comply with tax requirements 
• Defending and advancing legal claims  
• Enforcing our rights under any agreements 
• Ensuring effective security for our website and Services 
• Conducting website and platform maintenance   
• Identifying and addressing security risks and unlawful activity 
• Contact Information 
• Account information 
• Payment information
• Communication information
• Support information 
• Usage information 
• Necessary for our legitimate interests (running our business, facilitating administration and IT services, network security, to prevent fraud, and in the context of a business reorganization or group restructuring exercise) 
• Necessary to comply with legal obligations
• To make decisions about how best to deliver relevant content and advertisements to you, and otherwise market to you, and to better understand the effectiveness of our marketing efforts 
• Contact Information  
• Account information 
• Demographic information
• Payment information
• Communication information
• Support information 
• Usage information 
• Necessary for our legitimate interests (better understanding website and platform functionality and how website users navigate and interact with the site) to advance and promote our business interests, including contacting you regarding products, services, or promotions that may be of interest to your company, conducting surveys or soliciting feedback on our services, and updating, developing, and improving our products/services, customer service, and marketing efforts  

Necessary for our legitimate interests (to enhance our services, improve our marketing strategies, and develop our business)

Suppose we transfer personal information from the EEA, Switzerland, or UK to the United States or any other country. In that case, we will implement appropriate legal mechanisms to ensure an adequate level of personal data protection consistent with the GDPR’s requirements. For example, suppose the recipient country has not received an Adequacy Decision from the European Commission (such as the United States). In that case, we will rely on Standard Contractual Clauses (SCC) that the European Commission has approved as the lawful mechanisms for such transfers. Further, we will enter into appropriate data processing agreements with all non-EU (sub)processors that contain SCCs and define data protection standards to be employed by each (sub)processor. 

3. Nevada Residents 

Nevada residents have the right to direct us not to sell any of their personal information to third parties. We do not engage in any “sales” as defined by Nevada laws, but you may still contact us using the information below to make such a request.‍

4. Residents of Other U.S. States

The above sections of this Policy describe the categories of personal information processed by us, the purposes for the processing of such personal information, the categories of personal information that may be disclosed to third parties, and the categories of third parties to whom we may disclose personal information. We do not collect sensitive personal information or biometric information.

Under the law of your state of residence, you may have the right to request (1) that we confirm that we are processing your personal information, (2) access to the personal information we process, (3) correct inaccuracies in the personal information we process, taking into account the nature of the personal information and the purposes of the processing of such personal information, (4) delete the personal information provided by you or obtained about you, subject to certain exceptions under applicable laws, (5) a copy of the personal information that we process, subject to certain limitations and exceptions, or (6) opt out of the processing of your personal information for targeted advertising, the sale of personal information, or profiling in furtherance of a decision that produces a legal or similarly significant effect.

To exercise any of the above-described rights, you or an agent acting on your behalf must send an email to the email address below with the subject, “Privacy Request.”

We may require you or your agent to provide us information that enables us to authenticate your request. If we are not able to authenticate your request using commercially reasonable efforts, we may decline to comply with your request.

If we are not subject to the laws of your jurisdiction of residence that afford you the above-described rights, we may decline to act on your request.

If we refuse to take action on your request, we will notify you accordingly. If you wish to appeal our decision, please send us an email at the email address below with the subject, “Privacy Appeal.”

8. Children's privacy

At Brightn, we are committed to protecting and respecting children’s privacy. Children outside the United States under the age of 16 should not use our products.

Our Products are generally intended for individuals in the United States who are at least 13 years old. We do not intentionally collect personal information from individuals under 13 years old. Suppose you are in the US and participate in our Brightn for Family offering or through specific Organizational Partners’ offerings. In that case, you may register an account as long as you are at least 13 years old.

If you are a parent or guardian and are aware that a child under the age of 13 has provided us with their personal information without your consent, please contact us at support@brightnapp.com. We will take steps to remove that personal information from our servers.

9. Changes

This Privacy Policy is effective as of the date posted at the top. We may update this Privacy Policy from time to time to reflect changes in our Services, make corrections, improve clarity, reflect changes in our privacy practices, or as required by applicable laws. When we make a significant change, such as to how we use your personal information or your rights, we will notify you within the Services or through another channel, such as the email address you supplied during account registration, in addition to posting the revised version on our Website. Please periodically check this Privacy Policy to stay informed about how we handle your personal information.

10. Contact us

We invite you to contact us if you have any questions, concerns, or requests regarding this Privacy Policy. You can reach us by emailing support@brightapp.com.

‍