Brightn Privacy Policy

Effective: July 9, 2024

If you are visually impaired, have another disability, or seek support in other languages, you may access this Privacy Policy by emailing us at support@brightnapp.com.

As part of our company values, especially putting members first, we at Brightn are committed to protecting and respecting your privacy in connection with your use of our content and products via our websites, including www.brightnapp.com (“Websites”), our applications, including the Brightn mobile app (“Apps”), or other delivery methods (Websites, Apps, and other delivery methods are collectively referred to as our “Products”)Throughout this Privacy Policy, we will collectively refer to all of our Products and Services as our “Platform.” This Privacy Policy covers the “personal information,” meaning information about an identified or identifiable individual that is collected through our Product or Services.

Depending on how you interact with us, the following may also apply to you:

Some components or features of our Platform may include additional privacy notices, such as an optional feature that uses your personal information in a unique way. Similarly, you may have been given access to our Product or Services in a manner that includes additional terms or privacy notices such as from your employer. The language of those terms and privacy notices supplement this Privacy Policy unless there is a conflict, in which case those additional terms and privacy notices will apply.
You may follow links contained in our Platform or provided to you by other users to third-party websites or products not operated by us. This Privacy Policy does not apply to third-party websites or products. We strongly suggest you review their privacy policies to understand how your personal information is used and stored by those third parties.
Similar to the above point, you may use single sign-on (SSO) features to access our Platform, such as through your social media accounts or through your employer. That use may be subject to your SSO provider’s terms and privacy policies, and we encourage you to review them prior to using those features.
Please read the following carefully to understand our practices regarding your personal information. We also encourage you to review our
Brightn Terms & Conditions

This Privacy Policy is provided in a layered format. We provided summaries for each section, but we encourage you to read each section in detail.

Collection of personal information

We may collect your personal information through our Platform, or when you otherwise share your information with us. Our collection may require your input or can be automatically collected while you engage with us.

Use of personal information

We primarily use your personal information for our Products and Websites to function and to deliver you the Services. We also may use your personal information for other purposes like communicating to you about your interest in our Platform, processing payments, complying with legal obligations, or to develop new features or improvements.

Sharing of personal information

We may share your personal information with certain third-party service providers to help make our Platform function. We may also share personal information as directed by you, to provide you with opportunities we think may interest you, or as legally required, such as to comply with a court order.

Data security and retention

We are committed to protecting the security of your personal information. We retain your personal information for as long as necessary and maintain appropriate safeguards to protect it.

Your privacy rights

We want you to have choice in how your personal information is used. We provide you rights to request actions regarding your personal information including deletion, no matter where you reside. Further rights may be provided for your specific jurisdiction, which are outlined in Section 10.

Children's privacy

Our Platform is generally intended for adults, except in limited circumstances depending on your offering.

Cookies

When you visit our Websites, we may collect certain information from you automatically through cookies and other tracking technologies. You can decide what cookies are deployed using the cookies settings on our Websites.

Changes

We may change this Privacy Policy to reflect new services, changes in our data practices, or to comply with relevant laws.

Contact us

You may contact us for comments, questions, or to exercise your privacy rights in various ways including emailing support@brightnapp.com

Supplemental notices

This section provides additional information specific to certain jurisdictions. Please note, that our Platform is operated in the United States where your personal information will be primarily processed and stored.

‍

1. Collection of personal information

We may collect or process the following personal information about you from what you provide us directly, we receive from others, and personal information we may automatically collect when you interact with our Platform.

(a) Information you provide to us

Contact information and identifiers. When you use our Platform, we may ask you to provide certain contact information, including your first and last name and email address. We may also collect your social media identification number if you choose to access the Products via a social media account.
Account Information. If you decide to set up an account with us, we may ask you to provide certain additional contact information, including, for example, your first and last name, e-mail address (personal and/or work), telephone number, mailing address, employer or company name, job title, student identification number, emergency contact information, as well as password and other authentication-related information. For individuals who participate in special subscriptions and features, including group plans, we may collect additional personal information, such as home addresses and names and emails of household members.
Health and Wellness Data: We will collect the information you provide about your health and wellness as you use our Products or engage with the Services. This includes:
Health Information: Information related to physical and mental health, including user responses to health questionnaires, activities performed, and progress reports. You may provide this information through the Products, such as through survey or quiz responses about your current mental or physical health status, setting your health or wellness goals, or other inputs relating to your health or wellbeing. You may also provide this type of information through the Services, such as talking with your coach or therapist about your current health needs or during treatment. We understand that this information is very sensitive so we handle it with care, including treating this health information as protected health information under HIPAA where applicable.
Activity Data: Data related to user activities, such as exercise routines, dietary habits, and wellness goals, which are tracked to provide personalized recommendations.
Behavioral Data: Information on user behaviors and habits, such as frequency of activity completion and engagement with wellness plans.
Profile and demographic information. Through your account in our Product, you may have the opportunity to provide additional information about yourself, such as your age, race and ethnicity, sexual orientation, preferred pronouns, gender or gender identity, sex at birth, marital status, and details about your health and medical history.
Payment information. If you sign up for a paid product or service from us, you may be required to provide your payment card or bank account information. Please note that Brightn does not directly process payment card information but relies upon third-party payment processors to do so on our behalf. Please note that third-party terms may apply to these payment services. Personal information collected for these purposes includes card number, type, expiration date, and billing address, and certain anonymized, limited and/or truncated versions of this information may be provided to Brightn.
Survey information. We may present you with surveys for Product functionality, to provide you the Services, to provide you with information about our Products and Services that we think may interest you, or for research purposes. These surveys may allow you to describe certain things about you, your use of the Platform, or feedback on future improvements.
Communication information. When you send or respond to emails, messages, chats, or other communications from Brightn, we may collect your email address, name, and any other personal information you choose to include in the body content of your communications. In addition, when you interact with particular features of our Products, we may collect the content of those communications.
Support information. When you submit a support request or otherwise engage with our support team, we collect the information you provide as part of that interaction. We also utilize live chat and/or chatbot technology, which allow you to communicate directly with our automated customer service system and/or customer service representatives via a chat window about our Products and Services. Text entered into this form prior to submission may be collected, retained, and used by Brightn for our business purposes, including by our customer service and other personnel and service providers.
Usage data. We collect device information, which includes data from the device used to access our services, such as device type, operating system, and mobile network information. We also gather log information that details how our services are used, including access times, pages viewed, and interactions with our content. Additionally, we collect location data, which consists of geographical location information collected from the user’s device to provide location-based services.
Technical Data. We may collect information about the communication interfaces used for data transmission between user devices and our servers. Additionally, we collect data generated from user interactions with our mobile application, including user inputs, preferences, and settings.
AI and Machine Learning Data. We collect training data, which consists of user data that is anonymized to train and improve our AI algorithms and machine learning models. Additionally, we generate model outputs, including predictions and recommendations, based on user data.

(b) Information from others

In certain circumstances, we may collect personal information about you from others. This may include the following:

If you receive access to Brightn through your employer, health plan, or another party that sponsors your access (your “Benefit Sponsor”), we collect your name and email address and other information that your Benefit Sponsor submits to us to facilitate your enrollment in our Products and Services.
We may collect the name, email address, content engagement, and preferences of individuals that our users identify through our sharing and referral features. We use this data solely to share content and refer individuals to join the Products.
We may collect personal information from parents or guardians to operate accounts for their dependents aged 13-17, where supported.
If you choose to have your account verified to confirm your eligibility for a select subscription offering, we may allow a third-party platform to access the specific personal information you provide to perform the verification. Any failure to provide sufficient information or any response Brightn considers abnormal may result in Brightn refusing (or being unable) to verify your eligibility.

(c) Information we automatically collect

Our Products and Websites may collect information from you automatically during your use, which may include:

Browser and device data, such as IP address, device identifier, device type, operating system and Internet browser type, screen resolution, operating system name and version, device manufacturer and model, language, plug-ins, add-ons, and the language version of the Websites and Products you are visiting.
Usage data, such as time spent on the Products and Websites, including pages visited, links clicked, approximate location, language preferences, performance of features, patterns of use, and the pages that led or referred you to our Products and Websites.

(d) Aggregated, anonymous, and de-identified data We may create or collect aggregated, anonymous, or de-identified data from personal information by removing, masking, or otherwise altering data components that make the data personally identifiable, or potentially personally identifiable to you (“De-Identified Data”). De-identified data is not personal information and is not subject to this Privacy Policy.

2. Use of personal information

We may use your personal information in the following ways:

How We Use Your Data

Brightn uses the collected data to enhance and personalize your experience, ensure the functionality of our services, and improve our offerings.

Specific uses include:

Personalization: Tailoring content, recommendations, and wellness plans to meet individual user needs.
Service Improvement: Analyzing usage patterns to improve the performance and features of our app.
Research and Development: Conducting research and developing new features based on aggregated and anonymized data.
Communication: Sending notifications, updates, and relevant information to users.
To provide our Platform, including the delivery of content and interactive features;
To communicate with you regarding our Platform including updates or changes;
To provide you support, answer your questions or requests for information, or handle your complaints;
To process payment, manage your orders, and account for applicable sales taxes;
To inform your Benefit Sponsor, if you have one, about your registration and other information as described in Section 3 below;
To fulfill our obligations under any agreements that we may have with you;
To maintain and improve the quality of our Platform, including to perform research and development, understand user trends, and, in a limited way, understand the effectiveness of our marketing and advertising, such as recording a sales conversion;
To provide you with information about new Products and Services, promotions, and other opportunities that we believe may be of interest to you, whether offered by us or third-party partners, and to personalize, measure, and improve such offers;
To personalize the advertisements you receive about our Platform through third-party platforms, on other websites and apps;
To protect ourselves, you and others such as by taking actions to prevent fraud and other unlawful or unauthorized activity, and creating and maintaining a trusted, secure, and reliable online environment; and
To comply with our legal obligations including meeting regulatory compliance obligations, responding to subpoenas, court orders or other legal processes; and
to establish or exercise our legal rights or defense against legal claims.

3. Sharing of personal information

Data Sharing

Brightn does not share your personal data with third parties except in the following circumstances:

With your consent: When you provide explicit consent for data sharing.
For legal reasons: When required by law or to protect our rights and users.
With service providers: To third-party service providers who assist us in delivering our services, under strict confidentiality agreements.

We may disclose your personal information with the following categories of third parties:

Our service providers. In some circumstances we may need to disclose your personal information to a third party so that they can provide a service on our behalf, such as to help deliver Products or Services that you have requested. These service providers may include services such as analytics, payment processing, advertising and marketing, website hosting, customer and technical support, and other services. Our service providers have access to your personal information only to perform these tasks on our behalf, based on our instructions and are contractually obligated to maintain the confidentiality and security of your personal information, and to not disclose or use your personal information for any other purpose inconsistent with this Privacy Policy and applicable law.
Your integrations. You may connect your account through supported integrations with third parties and we will share your personal information with those third parties. If you do connect an integration, that third party’s terms and privacy policy may apply to the personal information shared as a result and we encourage you to review those before setting up the integration. For example, if you are on iOS, you may connect our Products to Apple’s Health Kit. If you do, iOS Privacy Policy and Terms of Use apply, and can be reviewed at www.apple.com/legal/privacy.
Community Activity. If you engage with other Platform users using our community features, we will share some information about you such as your name associated with your comment on a forum or other information you choose to share with other users.
Your Benefit Sponsor. In limited cases, we may provide certain personal information to your Benefit Sponsor, including your name, email address, your registration date, and the date on which you last used our Platform. Generally, we restrict this sharing to not include specific details of your in-app activity or any details about your use of Services, like therapy. This restriction may not apply where sharing some of your activity is necessary for your treatment, payment, or healthcare operations, such as if your Benefit Sponsor is your other healthcare provider, health insurance provider, or health plan.
Third-party business partners. In limited cases, we may provide certain personal information to third-party businesses with a joint promotional relationship, bundled subscription offer, or other trusted partnership. This type of sharing will most often be consistent with your notice, consent, direction, and/or reasonable expectations in light of the circumstances in which you provided the personal information.
Third-party advertising platforms. We work with third-party platforms that provide us with analytics and advertising services. This includes helping us understand how users interact with our Platform, serving advertisements on our behalf to those who may be interested, and measuring the performance of those advertisements.
Compliance and harm prevention. If we are under a duty to disclose or share your personal information in order to comply with any legal obligation, such as to comply with a subpoena, bankruptcy proceeding, similar legal process, or in order to enforce our agreements with you; or to protect the rights, property, or safety of Brightn, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction. We may also disclose personal information where we believe that doing so would be in accordance with or required by any applicable law, regulation, or legal process.
Affiliates and business transfer. If Brightn, including any of our subsidiaries, brands, or affiliates, is involved in a merger, acquisition, asset sale, or other corporate combination, your personal information may be transferred to the acquiring or surviving entity. If such transfer results in a material change to the use of your personal information, we will provide notice before your personal information is transferred or becomes subject to a different privacy policy.

4. Data security and retention

The security of your personal information is important to us. We follow generally accepted standards, practices, and procedures to protect the personal information submitted to us, both during transmission and once it is received. We maintain appropriate technical, administrative and physical safeguards to help protect the security of your personal information against unauthorized access, destruction, loss, alteration, disclosure or misuse.

No security can be fully guaranteed, though. If you have an account with us and you suspect unauthorized use of your account or its credentials, you should contact us immediately using the contact information in Section 9 below or contact our security team directly at support@brightnapp.com

We will keep your personal information for as long as needed to perform our obligations to you, or for as long as legally permitted. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you; (ii) whether there is a legal obligation to which we are subject; and (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations). For example, we keep your account information, like your name, email address, and password, for as long as your account exists so that you may access it.

5. Your privacy rights

We believe that you should have control of your personal information. To that end, we provide the following rights to make requests regarding your personal information. You may make these requests by contacting support@brightnapp.com or in some cases using features within the Platform:

Access. You have the right to know what personal information we collect about you and how we use it. This Privacy Policy serves to inform you about that collection and use. If we have personal information about you, you may also request a copy of that information.
Correction. You have the right to request the correction of your inaccurate personal information.
Portability. You may request an export of your personal information in a structured and machine-readable format such as a .csv or .pdf. We can send that export to a third party you identify where feasible.
Deletion. You have the right to request, under certain circumstances, the deletion of your personal information that we collect.
Restriction. You have the right to request that Brightn restrict the use of your personal information in certain circumstances. Please note that in some cases, we may not be able to place a restriction because the use is necessary for Product functionality or delivery of the Services.
No retaliation or discrimination. You have the right not to receive discriminatory or retaliatory treatment for making a request.

Upon receiving your request, we may ask for additional information to verify it or confirm how you would like to proceed. We endeavor to respond to a verifiable request without undue delay. If we require an extended amount of time, we will inform you using the email associated with your account or the email you used to make the request.

We do not charge a fee to process your verifiable request unless it is excessive, repetitive, or clearly unfounded. If we determine that your request requires a fee, we will tell you why and provide a cost estimate before completing your request.

Your rights are not absolute, and exceptions may apply. These exceptions can arise from different factors, including our legal obligations, the rights of others, your or another’s safety, and our ability to bring or defend against legal claims. Additionally, we will not fulfill your request if you do not provide sufficient information to verify your identity or to verify that a third party making the request is authorized to act as your representative.

Some US jurisdictions provide residents with certain rights with respect to their personal information as defined under applicable law. These rights are subject to the specific laws of that jurisdiction and that certain other rights might apply.

6. Children’s privacy

At Brightn, we are committed to protecting and respecting children’s privacy. Our Platform is generally intended for individuals at least 18 years old and we do not intentionally collect personal information from individuals under 18 years old. There are limited exceptions:

If you are in the US and participate in our Brightn for Family offering or through certain Benefit Sponsors’ offerings, you may register an account as long as you are at least 13 years old.
If you are a US user 13 to 17 years old who may have joined as noted above, you may enroll in the Services with verifiable parent or guardian consent.
If you are a parent under our employee assistance program (EAP), you may refer your child of at least 6 years old to our Care Providers for in-person care but cannot create an account for them.

You also may notice some content in our Products that appears geared towards children. This content is only meant for you to share with your child under your supervision, and does not require or allow your child to create an account.

If you are a parent or guardian and you are aware that a child under age 13 has provided us with their personal information without parental consent, please contact us at support@brightnapp.com and we will take steps to remove that personal information from our servers.

7. Cookies

When you visit our Websites, we may collect information from you automatically through cookies including cookies provided by third parties. We use cookies and the information they collect for a variety of purposes including functionality, analyzing performance, security, personalizing Website content, and advertising. We will get your consent in order to use such trackers or provide you with the opportunity to opt-out of cookies, to the extent required by applicable law. You may use an opt-out preference signal, such as the Global Privacy Control (GPC), to opt-out of the sale/sharing of your personal information. For more information on the types of cookies we use and your choices regarding them, please review that policy below:

Brightn Cookie Policy:

Does Brightn use cookies?

Yes. Brightn uses cookies and similar technologies to ensure everyone who uses the website has the best possible experience.

What is a cookie?

A cookie is a small text file placed on your hard drive by a web page server. Cookies contain information that can later be read by a web server in the domain that issued the cookie to you. You can find out more about each cookie by viewing our current cookie list below. We update this list every six months, so there may be additional cookies not yet listed. Web beacons, tags, and scripts may be used on the website or in emails to help us deliver cookies, count visits, understand usage and advertising campaign effectiveness, and determine whether an email has been opened and clicked on. We may receive reports based on the use of these technologies by our service/analytics providers on an individual and aggregated basis.

Why does Brightn use cookies?

When you visit our website, we may place a number of cookies in your browser. These are first-party cookies, and they allow us to hold session information as you navigate within the site. For example, we use cookies on our website to understand visitor and user preferences, improve their experience, and track and analyze usage, navigational, and other statistical information. You can control the use of cookies at the individual browser level. If you choose not to activate cookies or to later disable them, you can still visit our website, but your ability to use some features may be limited.

How do I disable cookies?

You can generally activate or later deactivate the use of cookies through your web browser. Find your browser below to learn more about how to manage your cookie settings.

Firefox: Click here to learn more about “Private Browsing” and managing cookie settings.
Chrome: Click here to learn more about “Incognito” and managing cookie settings.
Internet Explorer: Click here to learn more about “InPrivate” and managing cookie settings.
Safari: Click here to learn more about “Private Browsing” and managing cookie settings.

If you want to learn more about cookies or how to control, disable, or delete them, please visit www.aboutcookies.org for detailed guidance.

In addition, certain third-party advertising networks, including Google, allow users to opt out of or customize preferences associated with your internet browsing. To learn more about this feature from Google, click here.

Cookies Brightn uses

Many jurisdictions require or recommend that website operators disclose the types of cookies they use and occasionally get consent from users before placing certain cookies.

We may use any of the following categories of cookies on our website as detailed below. Each cookie falls within one of these four categories:

Essential cookies: Essential cookies (first-party cookies) are sometimes called “strictly necessary” as without them we cannot provide many services that you need on the website. For example, essential cookies help remember your preferences as you move around the website.
Analytics cookies: These cookies track information about website visits so we can make improvements and report our performance. For example, we analyze visitor and user behavior to provide more relevant content or suggest certain activities. These cookies collect information about how visitors use the website, which site the user came from, the number of each user’s visits, and how long a user stays on the website. We might also use analytics cookies to test new ads, pages, or features to see how users react to them.
Functionality or preference cookies: During your visit to the website, these cookies are used to remember information you have entered or choices you make such as your username, language, or region. They also store your preferences when personalizing the website to optimize your use of Brightn, for example, your preferred language. These preferences are remembered through the use of the persistent cookies, and the next time you visit the website you won’t have to set them again.
Targeting or advertising cookies: These third-party cookies are placed by third-party advertising platforms or networks in order to deliver ads and track ad performance, enabling advertising networks to deliver ads that may be relevant to you based upon your activities (this is sometimes called behavioral, tracking, or targeted advertising) on the website. They may subsequently use information about your visit to show you ads that you may be interested in on our website and other websites. For example, these cookies remember which browsers have visited the website.

8. Changes

This Privacy Policy is effective as of the date posted at the top. We may update this Privacy Policy from time to time to reflect Platform changes, make corrections, improve clarity, reflect changes in our privacy practices, or as required by applicable laws. When we may make a significant change, such as on how we use your personal information or your rights, we will notify you within the Platform or through another channel such as the email you supplied during account registration, in addition to posting the revised version on our Website. We encourage you to periodically check this Privacy Policy to stay informed about how we handle your personal information.

9. Contact us

We want to hear from you if you have questions, concerns, or requests regarding this Privacy Policy. You can reach us by emailing support@brightapp.com.

10. Supplemental notices

Depending on your jurisdiction, you have additional rights that apply to you under your jurisdiction's privacy laws. We provide the supplemental information in this section in our efforts to comply with those additional privacy laws and inform you about your rights. If you do not see your jurisdiction below please do not interpret that to mean that we do not respect your privacy and we encourage you to still contact us using the contact details above with your questions or concerns. Please note that Brightn is a US based company and your personal information will be stored within the US.

(a) Privacy Notice for EU and the UK

Data Transfers.

This section is for individuals in the European Union (EU), the United Kingdom (UK), and Switzerland. Brightn operates as a data controller under the General Data Protection Regulation (GDPR) for the majority of the personal information detailed in section 1 and as a data processor for the limited personal information we may receive from your Benefit Sponsor.

Brightn complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Brightn has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Brightn has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit

https://www.dataprivacyframework.gov/.

If you have any questions or concerns regarding our personal information collection, use, and sharing practices as described in this Privacy Policy you may reach us using emailing support@brightapp.com. We will investigate the matter and resolve any issues, if we can. In compliance with the EU-U.S. DPF, its UK Extension, and the Swiss-U.S. DPF, Brightn commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, its UK Extension, and the Swiss-U.S. DPF to the International Centre for Dispute Resolution/American Arbitration Association (ICDR/AAA), an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgement of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://go.adr.org/dpf_irm.html for more information or to file a complaint. The services of the ICDR/AAA are provided at no cost to you.

In the event that we are unable to resolve your issues through the above channels, you may be able to invoke binding arbitration, under certain conditions and as permitted by the EU-U.S. DPF, its UK Extension, or the Swiss-U.S. DPF. For more information, visit the Data Privacy Framework website. Brightn is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Brightn is mindful of its responsibility and potential liability for onward transfers of personal data to third parties where Brightn deems such transfers necessary and those transfers are subject to the applicable EU-U.S. DPF, its UK Extension, or the Swiss-U.S. DPF.

Legal basis. Brightn relies on one or more legal bases to process your personal information under applicable law, including:

(i) with your consent, which you may withdraw at any time;
(ii) when the processing is necessary to perform our contractual obligations to you, like under our Terms;
(iii) when necessary to pursue our legitimate interests as further detailed below;
(iv) when necessary for our compliance with our legal obligations such as a request or order from courts, law enforcement or other government authorities.

Legitimate business interests. We may collect, process, and maintain personal information to pursue the legitimate business interests outlined below. To determine these legitimate interests, we balance our legitimate interests against the legitimate interests and rights of you and others, and only process personal information in accordance with those interests where they are not overridden by your data-protection interests or fundamental rights and freedoms.

Our legitimate interests generally include:

Providing you with our Platform, including functionality of features or Websites you interact with or so that we can provide you the Services.
Providing you with customer service and support, including to send you messages and provide user support, and to facilitate other communications that you request or are required to render our Products and Services to you. This may include providing you with information about new products and other opportunities we offer that we believe may be of interest to you based upon your interactions with us, and to personalize, measure, and improve such offers.
Maintaining and improving the quality of the Products and Services that we offer, including to customize our features to better fit your needs as a user, develop new sites and products, to perform internal analytics for new and existing products (such as our user accounts and related features) and to conduct research and development. This also includes sharing personal information with our trusted service providers that provide services on our behalf.
Protecting you and others, as well as, to create and maintain a trusted environment, such as to ensure compliance our agreements with you and other third parties, to ensure safe, secure, and reliable sites and products, and to detect and prevent wrongdoing and crime, assure compliance with our policies, and protect and defend our rights, interests, and property.
To provide, personalize, measure and improve our marketing, including to send you promotional messages and other information that may be of interest to you with your consent. We may also use personal information to understand our user base and the effectiveness of our marketing. This processing is done pursuant to our legitimate interest in undertaking marketing activities to offer products or services that may be of interest to you.
For risk management purposes, including compliance with our legal and regulatory obligations and for fraud detection, prevention and investigation, including “know your customer,” anti-money laundering, conflict and other necessary onboarding and ongoing client checks, due diligence and verification requirements, credit checks, credit risk analysis, compliance with sanctions procedures or rules, and tax reporting.
Complying with laws and regulations applicable to us, including any legal or regulatory guidance, codes, or opinions and to other legal process and law enforcement requirements, including any internal policy based on or reflecting legal or regulatory guidance, codes, or opinions. We may also respond to subpoenas, court orders, or legal process, and establish and exercise our legal rights or defenses against legal claims.

Privacy rights. Individuals in the EU and UK have privacy rights under the GDPR and the UK equivalent. We will work to respond to your verified request within a month’s time unless we request an extension. Section 5 above generally covers these privacy rights but EU and UK residents also have the following:

Right to object to processing - You may have the right to request that Brightn Health restrict the use of your personal data in certain circumstances.
Right not to be subject to automated decision making - You have the right not to be subject to a decision based solely on automated processing. Please know that we do not currently make decisions about you in this manner.
Right to lodge a complaint - You may also have the right to lodge a complaint about our data collection and processing actions with the appropriate supervisory authority. If you are in the EU, you can view the contact information for your data protection authority here. If you are in the UK, please visit this page. We ask that you contact us first to see if we can resolve your issue.

Exceptions may still apply as described in Section 5.

Our data protection officer can be reached at support@brightapp.com.

(b) Privacy Notice for California

We include this section for residents of California in order to comply with the California Consumer Privacy Act of 2018, and its amendment, the California Privacy Rights Act of 2020 (together, the “

CCPA

This section is intended to comply with the CCPA by supplementing the information provided elsewhere in the Privacy Policy.

Categories of personal information.

The CCPA includes categories of personal information that businesses like us are required to tell you what of them we have collected from you. To comply with those requirements, we have provided the table below disclosing the categories of personal information we have collected through our Platform within the last twelve (12) months.

Brightn is not a data broker and does not sell your personal information to third parties for payment. However, as with many online companies, Brightn partners with third parties to manage our advertising on other platforms. For that purpose, we may disclose limited personal information to third parties for our cross-context behavioral and targeted advertising purposes and this activity may fall under broader concepts of “selling” and/or “sharing” under the CCPA.

Please also note that some of this personal information, especially in regards to the Products and Services, may be covered by federal laws like HIPAA.

Use of personal information. We may use your personal information in the following ways:

To provide our Platform, including the delivery of content and interactive features;
To communicate with you regarding our Platform including updates or changes;
To provide you support, answer your questions or requests for information, or handle your complaints;
To process payment, manage your orders, and account for applicable sales taxes;
To inform your Benefit Sponsor, if you have one, about your registration and other information as described in Section 3 below;
To fulfill our obligations under any agreements that we may have with you;
To maintain and improve the quality of our Platform, including to perform research and development, understand user trends;
To provide you with information about new Products and Services, promotions, and other opportunities that we believe may be of interest to you, whether offered by us or third-party partners, and to personalize, measure, and improve such offers;
To personalize the advertisements you receive about our Platform through third-party platforms, on other websites and apps;
To protect ourselves, you and others such as by taking actions to prevent fraud and other unlawful or unauthorized activity, and creating and maintaining a trusted, secure, and reliable online environment; and
To comply with our legal obligations including meeting regulatory compliance obligations, responding to subpoenas, court orders or other legal processes; and
To establish or exercise our legal rights or defense against legal claims.

Use of sensitive personal information. We use sensitive personal information for the same purposes listed above except for personalizing ads.

Retention. We will keep your personal information for as long as needed to perform our obligations to you, or for as long as legally permitted. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you; (ii) whether there is a legal obligation to which we are subject; and (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations). For example, we keep your account information, like your name, email address, and password, for as long as your account exists so that you may access it.

Your California privacy rights. The CCPA provides California residents with rights to receive certain disclosures regarding the collection, use, and disclosure of personal information and sensitive personal information. These disclosures are provided in Sections 1-3 and the chart in Section 10(b) above. If you are a California resident, you have the following rights under California law in relation to your personal information, subject to certain exceptions. We will respond to your verifiable request within 45 days.

Right to know and access. You have the right to know what personal information we collect, use, disclose, and sell and/or share, as those terms are defined under applicable law. You may ask us to provide you a portable copy of this information up to two times in a rolling twelve-month period.
Right to delete. You have the right to request under certain circumstances that we, as well as our service providers and contractors, delete the personal information that we collect about you.
Right to correct inaccurate personal information. You have the right to request the correction of inaccurate personal information.
Right to non-discrimination. You have the right not to receive discriminatory treatment for the exercise of the privacy rights described above.
Right to opt out of sale and/or sharing. You have the right to opt-out of the sale and/or sharing of your personal information by a business. Please see our Notice of Right to Opt-Out below for more information.
Right to limit use and disclosure. You have the right to limit the use or disclosure of your sensitive personal information to only the uses necessary for us to provide goods or services to you. We will not use or disclose your sensitive personal information after you have exercised your right unless you subsequently provide consent for the use of your sensitive personal information for additional purposes.
Sharing with third parties for their own direct marketing purposes. Brightn does not disclose personal information to third parties for their own direct marketing purposes. However, California residents additionally have the right to request information regarding such practices under California’s “Shine the Light” law. If you are a California resident and would like to inquire further, please email support@brightnapp.com.

Notice of right to Opt-Out.

As mentioned above, if you are a resident of California, Brightn “sells” and “shares” personal information under the CCPA’s broader definition of “sale” or “share.” California law provides you a right to opt-out of such “sales” and “shares.”. You may exercise this right and if you are an Apps user, by going within your mobile app settings. The opt-out link is also available our Website’s pages by clicking on the Your Privacy Choices link.

(c) Privacy Notice for Virginia, Connecticut, Colorado, Utah, and Nevada

We include this section for residents of other US states with privacy laws that may impact them. These privacy laws include the Virginia Consumer Data Privacy Act VCDPA, the Connecticut Data Privacy Act CTDPA, the Utah Consumer Privacy Act UCPA, the Colorado Privacy Act CPA, and the Nevada Privacy Law NPL.

This section is intended to comply with these laws by supplementing the information provided elsewhere in the Privacy Policy.

Collection of personal information. Brightn may collect the personal information described in Section 1 and as categorized in the table within Section 10(b) above. Please note that some of this personal information will be considered sensitive under your state’s legal definition which can vary across different states. The personal information we may collect depending on how you use our Platform includes mental or physical health information, racial or ethnic origin, and information about sexual orientation or gender identity.

Use of personal information. Brightn may collect, use, or disclose personal information about US state residents for purposes listed in Section 2 of our Privacy Policy. We use sensitive personal information for the same purposes except for personalizing ads.

Disclosure of personal information. We may disclose your personal information to the categories of service providers and third parties identified in Section 3 of this Privacy Policy, and in ways that are described in that section.

Your privacy rights. We generally provide the privacy rights described in Section 5 above to you regardless of your location. Your state may afford you additional privacy rights as noted below. To exercise your right, see the contact information in Section 9 or follow the instructions below for specific state rights. We will respond to your verifiable request within the time limit afforded under applicable law. Exceptions may still apply as described in Section 5.

Residents of Colorado, Connecticut, Virginia, and Utah have the right to opt out of targeted advertising and sales. If you are a resident of these states, you may opt-out by Your privacy choices and, if you are an Apps user, by going to your mobile app settings.
For users in Colorado, Connecticut and Virginia, you may opt out of profiling in furtherance of decisions that produce legal or similarly significant effects. While you may still make this request, Brightn does not currently use profiling in this manner.
Nevada provides its residents a limited right to opt out of the sale of personal information. Please know that we do not trigger this requirement because we do not sell your personal information for payment.