Brightly Software Privacy Policy

BRIGHTLY SOFTWARE, INC

Last modified: July 14, 2023

Introduction

This Privacy Policy (“Policy”) explains how Brightly Software, Inc. and its affiliates and subsidiaries (“Company,” “we,” “our” or “us”) collect, store, use, disclose and otherwise process the information about you in the course of our business. Our business (collectively, our “Services”) includes when you visit our websites that link to this Policy, use our software-as-a-service (“SaaS”) services, application and programs as a Subscriber and through other means including partner programs, sales and marketing activities.

We provide our Services to our Subscribers under an Agreement located on our “Terms of Use” webpage; it governs use by a Subscriber’s Authorized Users only and allows those Authorized Users to enter data into the Service. Because the Service is SaaS-based, the Authorized Users may access and use the Service from anywhere in the world, subject to Company’s Terms of Use and any applicable laws.

Additionally, our Code of Conduct and Ethics (the “Code”) establishes the basic principles to guide all Company employees, officers and directors of the Company, its contractors, partners and vendors. All of these parties must conduct themselves in the most ethical manner possible, avoiding even the appearance of improper behavior. The Code provides the guidelines for meeting the ethical and legal obligations when working for or with the Company.

This Policy does not apply to any content entered into the Service by Authorized Users and defined as Subscriber Data. Where Subscriber Data is described, 1) Company is processing Subscriber Data as a processor and Subscriber is in control of and responsible for collection and use of Subscriber Data.

We recommend you read and understand this Policy completely, including the additional documents included at the links provided.

Information You Provide

The personal information we collect when you use the Services, including when you sign up to the Service and the reasons why you are asked to provide it are explained when we ask you to provide your personal information. Our Company will tell you prior to collection whether providing personal information is necessary or voluntary.

When using the Services, we may collect your name, email, postal address, phone number and other information you provide via the Services when, for example, you submit inquiries, request more information about our services, complete surveys or download Company documents, provide feedback about our Services or register for sales events or marketing activities.

When you register to use our Service, we may collect your personal information (like your full name and contact information). We may share some of this information if you have asked us to work with a Third Party of your choosing. We do not sell any personal information.

Information We Automatically Collect

When using the Services, we automatically collect certain information when you visit or use the Service, including your use of this website. This information may reveal your identity and may include information about the specific computer or device you are using, such as your computer’s operating system and Internet Protocol (IP) address. We also automatically collect and store information about your activities on our websites, such as information about how you came to and used our Services, event information (like access times and browser type and language) and data collected through cookies and other similar technologies that uniquely identify your browser, computer and/or other device. For more information on the use of cookies and other tracking technologies please see our Cookie Statement.

We may share information about your computer or other device with our third-party service providers for information and network security, including fraud detection.

When using the Service, we automatically collect certain data relating to the performance and configuration of our Service and our Subscribers’ and Authorized Users’ consumption, use of, and interaction with the Service (collectively, “Service Data“). While Service Data usually does not involve personal information, it may include such data in the following instances:

  • Technical information or data from either application programming interfaces (“APIs”), hosting services, Internet of Things (“IoT”) sensors or devices, or other products, services or devices that access our Service, including relevant log files;
  • Data and metadata about an Authorized User (user ID, email, IP address, device information, browser information or operating system; and
  • Data and metadata about an Authorized User’s activities and behavior within our Service, such as click patterns and feature use.

Service Data is used by Company for (a) providing, supporting and operating our products and services, (b) network and information security and (c) to analyze, develop and improve our products and services.

Information We Receive from Third Parties

From time to time, we may obtain information about you from third party sources, such as public databases and websites, resellers and distributors, joint marketing or business partners, security and fraud detection firms and social media platforms. Examples of the information we may receive from other sources include: account information; page-view information; contact information from business partners with whom we operate co-branded events, services and marketing campaigns or joint offerings; search results and links, including paid listings (like sponsored links); and if relevant, credit history information from credit bureaus.

Links to Third Party Websites

If you log onto or link to our Services through a social media site, certain information about you will be transferred from the social media site to our Services. In addition, the fact that you have linked onto our Services and some of that transferred information may be available to other users via the social media site. That information is subject to the privacy policies of any such social media site and you should review those policies before using a social media site to log onto or link to the Services. Any transferred information received in our Services will otherwise be subject to the terms of this Policy.

You may be able to use social media widgets such as the Facebook ‘Like’ button on our Platform. These widgets will collect your IP address and identify which page you are visiting on our Platform, and make your preference information available to third parties. The information collected by such widgets is controlled by third party privacy policies.

Target Online Advertisements

We use one or more third party service providers to serve ads on the Service and/or other websites. These third parties may automatically collect and use certain information about your online activities, either in our Services or other websites, such as your IP address, your ISP and the browser you are using. They do this using cookies, clear gifs and similar tracking technologies. Information collected may be used, alone or in combination with information about you that we obtain from other sources (like our data partners and offline customer data). This information is used mainly to deliver advertising targeted to your interests, including serving ads related to our products or services when you access and use other websites and to better understand the usage of the Service tracked by these third parties.

This Policy does not apply to, and we are not responsible for, cookies or clear gifs in third party ads, and we encourage you to check the privacy policies of advertisers and/or ad services to learn about their use of cookies and other technology. If you would like more information about the practice used by these companies, please visit www.aboutads.info/choices.

Use of Information We Collect

We use personal information collected via the Services and through other means (e.g., in person) for purposes described in this Policy, including using your information to:

  • Operate, audit and improve our Services;
  • Provide customer service and support;
  • Provide and to facilitate the delivery of products and services you request;
  • Send you related information, including confirmations, invoices, technical notices, updates, security alerts, training and support and administrative messages;
  • Maintain your Account;
  • Enhance security, monitor and verify identity or service access, combat fraud, spam, malware or other network and/or information security risks;
  • Detect bugs, report errors and perform activities to maintain the quality or safety of our services;
  • Conduct research and development;
  • Understand you and your preferences to enhance and personalize your experience and enjoyment when using our Services;
  • Develop and send you marketing, sales and promotional communications (where this is in accordance with your marketing preferences);
  • Communicate with you about one of our events or our partner events, including webinars and demos;
  • Respond to your comments or questions or provide information requested by you;
  • Link or combine it with other personal information we get from third parties, to help understand your needs, provide you with better service and to prevent fraud;
  • Process and deliver contest entries and rewards;
  • Display and measure engagement with advertisements across different devices and websites;
  • Maintain legal and regulatory compliance;
  • Process your information for other legitimate business purposes, such as customer surveys, data analysis, audits, collecting and assessing feedback, identifying usage trends, determining the effectiveness of our marketing campaigns and to evaluate and improve our products, services, marketing and customer relationships; and
  • Track location of assets and route technicians for maintenance at specific locations while mobile apps are in use and when running in the background.

We may store and process personal information in the United States and other countries.

Location Information

When you use our services and with your permission, we may collect information about your precise location using methods that include GPS, wireless networks, cell towers and WI-FI access points. This allows tracking the location of the user for safety purposes and locations of assets based on latitude and longitude coordinates. This information is stored in the system for tracking and reporting purposes and is not shared with any 3rd party partners.

Sharing of Personal Information

We do not share your personal information with third parties other than as follows:

  • Where it has been de-identified, including through aggregation or anonymization;
  • When you instruct us to do so;
  • With your consent, for example, when you agree to our sharing your information with other third parties for their own marketing purposes subject to their separate privacy policies;
  • With Company affiliates, in such case the information will be processed as otherwise described in this Policy;
  • With third party vendors, consultants and other service providers who work for us and need access to your information to do that work. Examples include vendors and service providers who provide assistance with marketing, billing, processing credit card payments, data analysis, fraud prevention, network and information security, technical support and customer service;
  • With third party business partners, such as delivery and/or referral partners, who are involved in providing services to our prospects and/or customers, to fulfill product and information requests and to provide customers and prospective customers with information about our Company and its Services. From time to time, we may engage in joint sales or product promotions with select business partners. If you purchase or specifically express an interest in a partner promotion or service, we may share relevant personal information with those partner(s). Where you have given your consent to do so, these business partners may send you marketing communications about their own products and services. In those circumstances, our partners are responsible for managing their own use of the personal information collected in these circumstances. We recommend you review the partner’s privacy notices to find out more about their handling of your personal information.
  • To comply with laws or to respond to lawful requests and legal process, to protect our rights and property and that of our agents, customers, members and others including to enforce our agreements, policies and terms of use or in an emergency to protect the personal safety of any person;
  • In order to protect any individual’s vital interests, but only where we believe it necessary in order to protect the vital interests of any person; and
  • In connection with or during negotiation of any business transfer, merger, financing, acquisition, or dissolution transaction or proceeding involving sale, transfer, divestiture or disclosure of all or a portion of our business or assets to another company.

Security of Personal Information

We take all reasonable steps to protect your personal information to prevent loss, misuse, unauthorized access, disclosure, alteration or destruction.  We use appropriate technical and organizational measures to protect your personal information, including: physical access controls, encryption, firewalls, intrusion detection and network monitoring appropriate to the type and scope of data processing.  This information is held in confidence.

The safety and security of your personal information also depends on you. When we have given you (or when you have chosen) a password for access to certain parts of our Service, you are responsible for keeping that password confidential. We ask you not to share your password with anyone. You are responsible for compliance with our privacy and security recommendations.

International Data Transfers

Your personal information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country, and in some cases, may not be as protective. Specifically, our website servers are located in the U.S. and we may process your information in jurisdictions where our affiliates/partners and third-party service providers are located. Our affiliate locations are set forth in the Subprocessor document.

We have taken appropriate safeguards to require that your personal information remain protected in accordance with this Policy. These safeguards include the protections under the European Commission’s Standard Contractual Clauses for transfers of personal information between us and others where the personal information the European Economic Area (EEA), United Kingdom or Switzerland personal information is covered by applicable data protection laws.

Take note, we have also certified to comply with the Privacy Shield Principles for limited international data transfers from the EEA, United Kingdom and Switzerland, where: 1) we act as a processor on behalf of business customers based in the EEA, United Kingdom and Switzerland, and 2) where we act as a controller regarding Company human resources and internal business operations data from the EEA, United Kingdom and Switzerland. For more information, please see our Privacy Shield Statement.

Your Choices and Correcting Your Information

As a Subscriber or Authorized User, you can review and change your personal information by logging into our Service and visiting your account profile page.

For use of the Services other than our SaaS Services, you may opt out of receiving promotional emails from us by following the instructions in those emails. If you opt out, we may still send you non-promotional emails, such as emails about your accounts or our ongoing business relations.

If you are looking to exercise your consumer rights under the California Consumer Privacy Act (CCPA), please refer to the California Residents: CCPA Consumer Rights statement for more information.

If you are looking to exercise your data subject rights under the General Data Protection Regulation (GDPR), please use the corresponding form(s) found in the EEA, UK and Switzerland Users: Your Privacy Rights statement.

Schools Receiving Funds from the U.S. Department of Education

In the United States, the Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. FERPA gives parents certain rights with respect to their children's education records, which transfer to the student when he/she reaches the age of 18 or attends a school beyond the high school level. Any United States academic institution that is subject to FERPA must assess for themselves whether and how its use of a cloud service affects its ability to comply with FERPA requirements. Company commits to 1) using Subscriber Data only to provide organizations with our cloud services and does not mine Subscriber Data for advertising, 2) not disclose Subscriber Data except as the educational institution directs, as described in the Agreement, or as required by law and 3) not require sensitive student information or student educational records to support any application functionality or feature.  Company advises educational institutions against sharing education record information in our Services, including first and last names, because inclusion has no relevance.  Further, an assigned student identification numbers shall afford the same usability of our Services.

Children Under the Age of 13

In the United States, websites and/or online applications and services that are collecting information from children under the age of 13 are required to comply with U.S. Federal Trade Commission (FTC) Children's Online Privacy Protection Act (COPPA). Our Services are not intended for children under 13 years of age, and no one under age 13 may provide any information to the Services. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information into our Services, make any purchases through the Service, use any of the interactive or public comment features of the Service or provide any personal information about yourself to us, including any screen name or user name you may use. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe, we might have any information from or about a child under 13, please contact us.

US Private Health Information for Healthcare Providers

The use of our Services do not require the use of Private Health Information (“PHI”) under applicable US laws.  In fact, we recommend that our healthcare Subscribers keep all PHI out of the services when they are entering their own data.  The United States Health and Human Services has issued guidelines for healthcare providers that define a Business Associate; our company is not within the definition of a Business Associate because our software does not involve the use or disclosure of protected health information on behalf of, or provide services to, a covered entity.  Despite this, sometimes our Subscribers have operational practices that require deems the use of a business associate agreement (“BAA”).  In this limited cases, we are able to use our standard business associate’s agreement, as drafted. 

Data Retention

We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to comply with applicable legal, tax or accounting requirements, to enforce our agreements or comply with our legal obligations).

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing, until deletion is possible.

When processing Subscriber Data on behalf of our Subscribers, we will retain Subscriber Data for as long as our the Subscriber instructs us to and/or as required by applicable law.

Changes to Our Privacy Policy

We post all changes we make to our privacy policy on this page. The date the privacy policy was last revised is identified at the top of the page. You are responsible for periodically visiting our Services and this privacy policy to check for any changes. We are committed to security and the protection of your personal information and we will not materially change our policies and practices to make them less protective of your personal information collected in the past without your consent.

How to Contact Us

To ask questions or comment about this privacy policy and our privacy practices, contact us at: privacy@brightlysoftware.com or Brightly Software, Inc., 11000 Regency Parkway, Suite 300, Cary, North Carolina 27518 USA.

Additional Information

Privacy Shield Statement

California Residence Privacy Rights

AntiSlavery and Human Trafficking Policy

Subprocessor Listing

Cookie Policy