Privacy Policy

Effective as of March 16, 2021


Brightidea, Inc. is committed to data protection and privacy. This Privacy Policy describes our privacy practices. Please read this Privacy Policy carefully to learn how we collect, use, share and process information relating to individuals (“Personal Data”), and your rights and choices regarding our processing of your Personal Data.

A reference to “Brightidea”, “we”, “us”, “our”, or the “Company” is a reference to Brightidea, Inc.

Processing Activities Covered

This Privacy Policy applies to the following processing activities:

  • Visiting our websites;
  • Visiting our offices;
  • Receiving communications from us;
  • Registering for our events;
  • Participating in our Innovation community (

Our websites contain links to other websites, applications and services maintained by third parties. The privacy practices of these other services are governed by the third-party’s privacy policy, which we encourage you to review to better understand their privacy practices.

Responsible Entity

Brightidea is the controller of your Personal Data and responsible for the collection, processing and disclosure of your Personal Data described in this Privacy Policy, unless expressly specified otherwise.

The Privacy Policy does not apply to the extent we offer our clients cloud products and services through which our clients may create their own websites and applications running on our platform, sell or offer their own products and services, send electronic communications to other individuals, and collect and analyze Personal Data from individuals.

What Personal Data do we collect?

The Personal Data that we collect directly from you may include the following:

  • If you express an interest in obtaining additional information about our services, request customer support, use our “Contact Us” or similar features, register to use our websites, sign up for an event or webinar, or download certain content, we generally require you to provide us with your contact information, such as your name, job title, company name, address, phone number, email address, or username and password;
  • If you register for an event, we may also require you to provide us with financial and billing information, such as billing name and address and credit card number;
  • If you register for an online community that we host, we may ask you to provide a username, email address, photo and/or biographical information such as your occupation, social media profiles, company name, and areas of expertise;
  • If you use and interact with our websites, we automatically collect log files and other information about your device and your usage of our websites through cookies, web beacons or similar technologies, such as IP addresses or other identifiers, which may qualify as Personal Data;
  • If you visit our offices, you may be required to register as a visitor and to provide a copy of your government issued identification and the date and time of arrival.

Personal Data we collect from other sources:

We also collect information about you from other sources, including third parties from whom we have purchased Personal Data, and combine this information with Personal Data provided by you. This helps us to update, expand and analyze our records, identify new customers, and create more tailored advertising to provide services that may be of interest to you. In particular, we collect Personal Data from the following sources:

  • Business contact information, including mailing address, job title, email address, phone number, web use behavior data, IP addresses, social handles, LinkedIn URL and third-party data providers for the purposes of targeted advertising, delivering relevant email content, event promotion and profiling;
  • If you participate in our Innovation online community, we use your email address to inform you of program changes or additional security requirements.

We use information gathering tools, such as log files, cookies, web beacons and similar technologies to automatically collect information, which may contain Personal Data, from your computer or mobile device as you navigate our websites or interact with emails we have sent you.

Log Files

We gather certain information via log files. This collected information includes your Internet Protocol (IP) address (or proxy server), device and application identification numbers, your location, your browser type, your Internet service provider and/or mobile carrier, the pages and files you viewed, your searches, your operating system and system configuration information, and data/time stamps associated with your usage. This information is used to analyze overall trends, to help us provide and improve our websites and to guarantee it security and continued proper functioning. We also collect IP addresses from users when they log into services as part of our security features.

Cookies, web beacons and other tracking technologies

We use cookies and similar technologies such as web beacons alone or in conjunction with cookies to compile information about usage of our websites and interaction with emails from us.
When you visit our websites, our servers or an authorized third-party may place a cookie on your browser, which can collect information, including Personal Data, about your online activities over time and across different sites. Cookies allow us to track overall usage, determine areas that you prefer, make your usage easier by recognizing you and providing you with a customized experience.
You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features or functions on our websites or services. To opt-out from tracking from tracking by Google Analytics, please use the specific opt-out mechanism as indicated further below.
We also use web beacons on our websites. For example, we may place web beacons in marketing emails that notify us when you click on a link in the email that directs you to one of our websites. Such tracking technologies are used to operate and improve our websites and email communications and track the clicking of links or opening of email.

Opt-Out from the collection of device and usage data

You may opt-out from the collection of device and usage data by managing your cookies at the individual browser level. In addition, if you wish to opt-out of interest-based advertising click here, or if located in the European Union or the United Kingdom click here. Please note, however, that by blocking or deleting cookies and similar technologies used on our websites, you may not be able to take full advantage of the websites.
While some internet browsers offer a “do not track” or “DNT” option that lets you tell websites that you do not want to have your online activities tracked, these features are not yet uniform and there is no common standard that has been adopted, Therefore, we do not currently commit to responding to browser’ DNT signals with respect to our websites. We will continue to monitor developments around DNT browser technology and the implementation of a standard.
If you receive marketing or similar e-mail messages from us and wish to opt out of receiving such messages, you may simply follow the opt-out procedure specified in such emails. In addition, if you have registered on our site, you may opt-out of receiving any future marketing or similar messages by unsubscribing. You may also contact us at the below addressed:

Brightidea, Inc.
Attn: Privacy Officer
25 Pacific Avenue
San Francisco, CA 94111 – USA

Please note the opting-out of marketing communications does not opt you out of receiving important business communications related to your current relationship with us, such as information about your subscriptions or event registrations, service announcements or security information.

Upon a request submitted to, Brightidea will provide website visitors at no cost with access to their personal information that we have on record and the ability to complete, update or remove such information.

Social Media Features

Our websites may use social media features, such as the Facebook “like” button, the “Tweet” button and other sharing widgets (“Social Media Features”). You may be given the option by such Social Media Features to post information about your activities on a website to a profile page of yours that is provided by a third-party social media network in order to share with others within your network. Social Media Features are hosted by the respective social media network and may receive information that you have visited our websites from your IP address. If you are logged into your social media account, it is possible that the respective social media network can link your visit to our websites with your social media profile.
Brightidea also allows you to log in to certain of our websites using sign-in services such as Facebook Connect. These services will authenticate your identity and provide you the option to share certain Personal Data with us such as your name and email address to pre-populate our registration form.
Your interactions with Social Media Features are governed by the privacy policies of the companies providing the Social Media Features.

Purposes for which we process Personal Data and the legal basis on which we rely

We collect and process your Personal Data for the purposes and on the legal basis identified in the following:

  • Providing our websites: We will process your Personal Data to the extent that is necessary for the performance of our contract with you for the use of our websites and to fulfill our obligations under the applicable terms of use/service; where we have not entered into a contract with you, we base the processing of your Personal Data on our legitimate interest to operate and administer our websites and to provide you with content you access and request;
  • Promoting security of our websites: We will process your Personal Data by tracking use of our websites, creating aggregated, non-personal data, verifying accounts and activity, investigating suspicious activity, as well as violations of and enforcement of our terms and policies;
  • Managing user registrations: We will process your Personal Data by managing your user account for the purpose of performing the contract with you according to any applicable terms of service;
  • Handling contact and user support requests: If you fill out a “Contact Me” web form, request user support, or if you contact us by other means, we will process your Personal Data for the performance of our contract with you and to the extent it is necessary for the purpose of our legitimate interests to fulfill your request and communicate with you;
  • Managing event registrations and attendance: We will process your Personal Data to plan and host the event or webinar, including related communications with you, on basis of the performance of our contract with you;
  • Managing payments: If you have provided financial information, we will process your respective Personal Data to collect payments to the extent this is necessary for completing transactions with you under the contract with you.
  • Developing and improving our websites: We will process your Personal Data to analyze trends, track your usage of our websites and interactions with emails to the extent this is necessary for our legitimate interests to develop and improve our websites and to provide our users with more relevant and interesting content;
  • Managing office visitors: We will process your Personal Data for security reasons, to register who visited our offices.
  • Displaying personalized advertisements and content: We will process your Personal Data to conduct market research, advertise to you, provide personalized information about us on and off our websites, and other personalized content based upon your activities and interests to the extent it is necessary for our legitimate interests to advertise our websites or, where necessary, to the extent you have provided your prior separate consent;
  • Sending marketing communications: We will process your personal Data to send you marketing information, product recommendations and other non-transactional communications, such as marketing newsletters, about us and our partners, including information about our products, promotions or events as necessary for our legitimate interests to conduct direct marketing or to the extent you have provided your prior separate consent;
  • Complying with legal obligations: We will process your Personal Data when cooperating with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent this requires the processing or disclosure of Personal Data to protect our rights, and is necessary for our legitimate interests to protect against misuse or abuse of our websites, to protect personal property or safety, to pursue remedies available to us and limit our damages, to comply with judicial proceedings, court order or legal process, and/or respond to lawful requests.

Who do we share Personal Data with?

We may share your Personal Data with the following recipients:

  • Our contracted service providers which provide services such as IT and system administration and hosting, credit card processing, research and analytics, marketing, customer support and data enrichment;
  • If you attend an event or webinar organized by us, we may share your information with sponsors of the event if you consent to such sharing via the event registration form;
  • With third-party social networks, advertising networks and websites, which usually act as separate controllers, so that Brightidea can market and advertise on third-party platforms and websites;
  • With partner organizations and companies for service, sales, support, and marketing purposes;
  • Any Personal Data or other information you choose to submit in communities, forums, blogs, or chat rooms on our websites may be read, collected, and/or used by others who visit these forums.

International transfer of information collected

Your personal data may be collected, transferred to and stored by us in the United States.
Therefore, your Personal Data will be processed outside the EEA and the United Kingdom. We will ensure that such recipients offer an adequate level of protection, for example Privacy Shield or by entering into standard contractual clauses for the transfer of data as approved by the European Commission (Art. 46 GDPR).


Our websites are not directed at children. We do not knowingly collect Personal Data from children under the age of 16. If you are a parent or guardian and believe your child has provided us with Personal Data without your consent, please contact us as described in the “Contacting Us” section below and we will take steps to delete such Personal Data from our systems.

How long do we keep your Personal Data?

We may retain your Personal Data for a period of time consistent with the original purpose of the collection. We determine the appropriate retention period for Personal Data on the basis of the amount, nature, and sensitivity of your Personal Data, the potential risk of harm from unauthorized use or disclosure, and whether we can achieve the purposes of the processing through other means, as well as the applicable legal requirements.

After expiry of the retention periods, your Personal Data will be deleted. If there is any information that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further use of the data.

Your rights relating to your Personal Data under GDPR

You have certain rights regarding your Personal Data, subject to local data protection laws. These may include the following rights:

  • to access your Personal Data held by us (right to access);
  • to rectify inaccurate Personal Data and ensure it is complete (right to rectification);
  • to erasure/delete your Personal Data to the extent permitted by other legal obligations (right to erasure; right to be forgotten);
  • to restrict our processing of your Personal Data (right to restriction of processing);
  • to transfer your Personal Data to another controller to the extent possible (right to data portability);
  • to object to any processing of your Personal Data carried out on the basis of our legitimate interests (right to object);
  • not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects (“Automated Decision Making”); Automated Decision Making currently does not take place on our websites;
  • to the extent we base the collection, processing and sharing of your Personal Data on your consent, to withdraw your consent at any time, without affecting the lawfulness of the processing based on such consent before its withdrawal.

How to exercise your rights

To exercise your rights, please contact us in accordance with the “Contacting Us” section below. We try to respond to all legitimate requests within one month and will contact you if we need additional information from you in order to honor your request. Occasionally it may take us longer than a month, taking into account the complexity and number of requests we receive.

In addition, if you have registered for an account with us, you may generally update your user setting and profile by logging into the applicable websites with your username and password and editing your settings or profile. To discontinue your account, and/or request return or deletion of your Personal Data and other information associated with your account, please contact us.

Your rights relating to Customer Data

As described above, we may also process Personal Data in the role of a processor. If your data has been submitted to us by a Brightidea client and you wish to exercise any rights you may have under the applicable data protection laws, please inquire with our client directly. Because we may only access our client’s data upon instruction from the respective client, if you wish to make your request directly with us, please provide the name of the Brightidea client who submitted your data when you contact us. We will refer your request to that client and will support them as needed in responding to your request within a reasonable timeframe.

GDPR Recourse (for EU individuals)

EU individuals who wish to file a GDPR complaint have the right to go directly to their EU Data Protection Authority (DPA). Individuals wishing to do so may locate the appropriate DPA by going to


We take precautions including organizational, technical and physical measures, to help safeguard against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, the Personal Data we process or use.

While we follow generally accepted standards to protect Personal Data, no method of storage or transmission is 100% secure. You are solely responsible for protecting your password, limiting access to your devices, and signing out of websites after your sessions. If you have questions about the security of our websites, please contact us via the “Contacting Us” section below.

Notification of Privacy Policy Changes

Brightidea may amend this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements and other factors. If Brightidea decides to make material changes in the way we use your personal information, we will post the changes on this page so that you always will know what information we collect, how it is used, and when and how it will be disclosed.

EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield – For EU, UK & Swiss individuals whose data is being transferred into the US

Brightidea Incorporated complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom and Switzerland to the United States. Brightidea has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit

Brightidea is responsible for the processing of personal data it receives under the Privacy Shield Framework and subsequently transfers to a third party acting as an agent on its behalf. Brightidea complies with the Privacy Shield Principles for all onward transfers of personal data from the European Union, the United Kingdom and Switzerland, including the onward transfer liability provisions. Pursuant to the Privacy Shield, Brightidea remains liable for the transfer of personal data to third parties acting as our agents unless we can prove we were not a party to the events giving rise to the damages.

Pursuant to the Privacy Shield, EU, United Kingdom and Swiss individuals have the right to access their data. Upon a request submitted to, Brightidea will provide website visitors at no cost with access to their personal information that we have on record and the ability to complete, update or amend incorrect information. Furthermore, you have the right to remove or request erasure of such information if it has been handled in violation of the Privacy Shield Principles.

With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Brightidea is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Brightidea may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the Privacy Shield Principles, Brightidea commits to resolve complaints about our collection or use of your personal information. EU, the United Kingdom and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Brightidea at: Written inquiries may be addressed to:

Brightidea, Inc.
Attn: Privacy Officer
25 Pacific Avenue
San Francisco, CA 94111 – USA

Brightidea has further committed to refer unresolved Privacy Shield complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit for more information and to file a complaint.

If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at

Brightidea Supplemental Privacy Policy for California Residents

The California Consumer Privacy Act (“CCPA”), which is effective as of January 1, 2020, regulates how we handle personal information of California residents and gives California residents certain rights with respect to their personal information.

Brightidea is both a “business” and a “service provider” under the CCPA. The following supplemental privacy policy applies to information we collect in our role as a business—this is when we interact directly with you.

When we act as a service provider (for example, by providing our services to another company that you interact with), we follow the instructions of the business that engaged us with respect to how we process your personal information. If you would like more information about how your personal information is processed by other companies, including companies that engage us as a service provider, please contact those companies directly.

This supplemental privacy policy is effective as of January 1, 2020, shall apply only to residents of California, and may be subject to change. The general privacy policy shall continue to apply to the extent that it applies to you as a resident of California. If you are a resident of California, we are required to disclose certain uses and disclosures in a certain format, as well as to inform you of certain rights you may have. Any capitalized terms used in this supplemental privacy policy shall have the same meaning as in the general privacy policy.

Information We May Collect:

We may collect the following categories of information:

  • Identifiers
  • Demographic Information
  • Commercial Information
  • Geolocation data
  • Audio, electronic, visual, or similar information
  • Professional or employment-related information

For each category of information, we collect the information from a variety of sources, including directly from you, from your devices, from your social media profiles, and/or from third party providers. We collect the information to provide you with services, protect our customers and ourselves (including the services), and to improve the services.

Additional Disclosures:

We do not sell (as such term is defined in the CCPA) the personal information of any individual (and will not sell it without providing a right to opt-out), including personal information of minors under 16 years of age.
We have disclosed the following categories of personal information for a business purpose in the 12 months prior to this Policy’s last update.

  • Identifiers
  • Demographic Information
  • Commercial Information
  • Internet or other electronic network activity information
  • Geolocation data
  • Audio, electronic, visual, or similar information
  • Professional or employment-related information
  • Inferences drawn from any of the above information

We have not disclosed any personal information for valuable consideration in the 12 months prior to this Policy’s last update.

Your Rights:

You may have certain rights with respect to your personal information, including:

  • The right to access, including the right to know the categories and specific pieces of personal information we collect;
  • The right to deletion of your personal information, subject to certain limitations under applicable law;
  • The right to request disclosure of information collected;
  • The right to disclosure of information disclosed for valuable consideration; and
  • The right not to be discriminated against for exercising certain rights under California law.

To exercise these rights, please submit a request by emailing Please be as specific as possible in relation to the personal information you wish to access. Once we receive your request, we will review it, determine whether we can verify your identity, and process the request accordingly. If we need additional information to verify your identity, we will let you know. We will respond to your request within 45 days of receipt or notify you if we require additional time.

If you would prefer, you may designate an authorized agent to make a request on your behalf.


If you have questions regarding this Policy or about Brightidea’s privacy practices, please contact us via the “Contacting Us” section below.

Contacting Us

To exercise your rights regarding your Personal Data, or if you have questions regarding this Privacy Policy or our privacy practices, please contact us at:

Brightidea, Inc.
Attn: Privacy Officer
25 Pacific Avenue
San Francisco, CA 94111 – USA
Or send an email to

Please include the following in your request:

  • First and Last Name
  • Email address
  • Country
  • Are you a Brightidea client?
  • Details of your question, comment or request

We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, and you are located in the EEA, you have the right to lodge a complaint with the competent supervisory authority.