Privacy Policy

The following Privacy Policy governs the online information collection practices of Bright and its associated global entities (“Company,” “we” or “us”). Specifically, it outlines the types of information that we gather about you while you are using https://www.brightheroes.app/ and other websites operated by Company (collectively, the “Site”), and the ways in which we use this information. This Privacy Policy, including our children’s privacy statement, applies primarily to information which we collect online; however, the portion of this Privacy Policy that relates to the European Union’s General Data Privacy Regulation may apply to some of the data that you provide to us offline and/or through other means, as well (for example, at a live event, via telephone, or through the mail).

We have created this Privacy Policy to demonstrate our firm commitment to privacy and security. This Privacy Policy describes how our Company collects information from all end users of our Internet services (the “Services”), including those who access some of our Services but do not have accounts (“Visitors”) and those who may purchase Products and/or pay a monthly service fee to subscribe to the Service (“Members”).

Please read this Privacy Policy carefully. By visiting and using the Site, you agree that your use of our Site, and any dispute over privacy, is governed by this Privacy Policy. In an effort to comply with changes in technology, and the adoption of new regulations and laws, we may need to change our Policy at some point in the future, in which case we’ll post the changes to this Privacy Policy on this website and update the Effective Date of the policy to reflect the date of the changes. By continuing to use the Site after we post any such changes, you accept the Privacy Policy as modified.

Introduction

We may collect and store personal or other information that you voluntarily supply to us online while using the Site (e.g., while on the Site or in responding via email to a feature provided on the Site). The Site only contacts individuals who specifically request that we do so or in the event that they have signed up to receive our messaging, attended one of our events, or have purchased one of our products. The Site collects personally identifying information from our users during online registration and online purchasing. Generally, this information includes name and email address for registration or opt-in purposes and name, postal address, and credit card information when registering for our events or purchasing our products. All of this information is provided to us by you.

We also collect and store information that is generated automatically as you navigate online through the Site. For example, we may collect information about your computer’s connection to the Internet, which allows us, among other things, to improve the delivery of our web pages to you and to measure traffic on the Site. If you have accessed our site via a social media platform, such as Facebook, we may collect information related to your social media account, such as your handle or identifier on that platform. We also may use a standard feature found in browser software called a “cookie” to enhance your experience with the Site, and web beacons, to access cookies, count users who visit the Site, or open HTML-formatted email messages.

We use the information we collect from you while you are using the Site in a variety of ways, including using the information to customize features; advertising that appear on the Site; and, making other offers available to you via email, direct mail or otherwise. We also may provide your information to third parties, such as service providers, contractors and third-party publishers and advertisers for a variety of purposes. Unless you inform us in accordance with the process described below, we reserve the right to use, and to disclose to third parties, all of the information collected from and about you while you are using the Site in any way and for any purpose, such as to enable us or a third party to provide you with information about products and services.

Please keep in mind that whenever you voluntarily make your personal information available for viewing by third parties online – for example on message boards, web logs, through email, or in chat areas – that information can be seen, collected and used by others besides us. We cannot be responsible for any unauthorized third-party use of such information.

Personal Information Our Company Collects And How It Is Used:

Members may be asked to provide certain personal information when they sign up for our Products or Services including name, address, telephone number, billing information (such as a credit card number), and the type of personal computer being used to access the Services. The personal information collected from Members during the registration process (or at any other time) is used primarily to provide a customized experience while using our Products and Services. Your information will never be disclosed, traded, licensed or sold to any third party. However, we may make limited disclosure of personal information under the specific circumstances described below.

The information you provide to us will never be disclosed, traded, licensed or sold to a third party. However, there are specific instances, described below, where your information could be provided to a known third party.

The Types of Information We Collect and Store:

1. Categories of personal data we collect

We collect data you give us voluntarily (for example, when you choose your areas for improvement or send us an email). We also may receive data about you from third parties (for example, when you sign in via Apple). Finally, we collect data automatically (for example, your IP address).

1.1. Data you give us

You provide us information about yourself when you register for and/or use the Service. For example: name, age, level of knowledge of a foreign language.

We may also offer you an online survey where we collect your opinions on the quality of the product and ways to improve it. We use this survey in our work and you give us full rights to these materials by agreeing to take the survey.

1.2. Data provided by third parties

When you use sign in with Apple to register an account in the App, we get personal data from your Apple ID account. This data may include, in particular, your name and verified email address. You may choose to share your real email address or an anonymous one that uses the private email relay service. Apple will show you their detailed privacy information on the sign in with Apple screen. Find more about sign with Apple here.

1.3. Data we collect automatically:

a. Data about how you found us.
We collect data about your referring app or URL (that is, the app or place on the Web where you were when you tapped on our ad).

b. Device and Location data
We collect data from your mobile device. Examples of such data include: language settings, IP address, time zone, type and model of a device, device settings, operating system, Internet service provider, mobile carrier, hardware ID, and Facebook ID. When you sync your device through the App, we collect data about the transmission, such as the IP address used when syncing, the sync time and date, geographic location of the device, information about your device.

c. Usage data
We record how you interact with our Service. For example, we log your taps on certain areas of the interface, the features, and content you interact with, workouts you do, the time and duration of your workouts, how often you use the App, how long you are in the app, your training program progress, and your subscription orders. We also record the ads in our App with which you interact (and the Internet links to which those adds lead).

d. Advertising IDs
We collect your Apple Identifier for Advertising (“IDFA”) or Google Advertising ID (“AAID”) (depending on the operating system of your device). You can typically reset these numbers through the settings of your device’s operating system (but we do not control this).

e. Transaction data
When you make payments through the Service, you need to provide financial account data, such as your credit card number, to our third-party service providers. We do not collect or store full credit card number data, though we may receive credit card-related data, data about the transaction, including: date, time and amount of the transaction, the type of payment method used.

f. Cookies
A cookie is a small text file that is stored on a user's computer for record-keeping purposes. Cookies can be either session cookies or persistent cookies. A session cookie expires when you close your browser and is used to make it easier for you to navigate our Service. A persistent cookie remains on your hard drive for an extended period of time. We also use tracking pixels that set cookies to assist with delivering online advertising.
Cookies are used, in particular, to automatically recognize you the next time you visit our website. As a result, the information, which you have earlier entered in certain fields on the website may automatically appear the next time when you use our Service. Cookie data will be stored on your device and most of the times only for a limited time period.

2. For what purposes we process your personal data

We process your personal data:

2.1. To provide our Service

This includes enabling you to use the Service in a seamless manner and preventing or addressing Service errors or technical issues.

We retain certain information that we collect from you while you are a member on the Site, and in certain cases where you have deleted your account, for the following reasons:

• So you can use our Site;

• To ensure that we do not communicate with you if you have asked us not to;

• To provide you with a refund, if entitled;

• To better understand the traffic to our Site so that we can provide all members with the best possible experience;

• To detect and prevent abuse of our Site, illegal activities and breaches of our Terms of Service; and

• To comply with applicable legal, tax or accounting requirements.

When we have no ongoing legitimate business need to process your information, we will either delete or anonymize it.

To host personal data and enable our App to operate and be distributed we use Amazon Web Services, which is a hosting and backend service provided by Amazon.

2.2. To customize your experience

We process your personal data, in particular, such as your characteristics and preferences, to adjust the content of the Service and provide content tailored to your personal preferences.

2.3. To manage your account and provide you with customer support

We process your personal data to respond to your requests for technical support, Service information or to any other communication you initiate. This includes accessing your account to address technical support requests. For this purpose, we may send you, for example, notifications or emails about the performance of our Service, security, payment transactions, notices regarding our Terms and Conditions of Use or this Privacy Policy.

2.4. To communicate with you regarding your use of our Service

We communicate with you, for example, by push notifications. These may include reminders and motivational messages encouraging you to follow your training, or other information about the App. As a result, you may, for example, receive a push notification every day at a particular time reminding you to work out. To opt out of receiving push notifications, you need to change the settings on your device.

The services that we use for these purposes may collect data concerning the date and time when the message was viewed by our App’s users, as well as when they interacted with it, such as by clicking on links included in the message.

To communicate with you we also use Firebase Cloud Messaging and Firebase Notifications, which are message sending services provided by Google. Firebase Cloud Messaging allows us to send messages and notifications to users of our App across platforms such as Android and iOS. We integrate Firebase Notifications with Firebase Analytics to create analytics-based audiences and track opening and conversion events. As a result, we can, for example, send encouraging messages to users who have recently finished a training program. Google’s privacy policy.

We use Apple Push Notification service (“APNs”), that is a notifications service provided by Apple. APNs allows us to send information to iOS devices. Apple’s privacy policy.

2.5. To research and analyze your use of the Service

This helps us to better understand our business, analyze our operations, maintain, improve, innovate, plan, design, and develop the Service and our new products. We also use data for statistical analysis purposes, to test and improve our offers. This enables us to better understand what features and training plans of the Services our users like more, what categories of users use our Services. As a consequence, we often decide how to improve the Service based on the results obtained from this processing.

To perform research and analysis about how users interact with our App we use Appsflyer. Appsflyer enables us to understand, in particular, how users find us (for example, who was the advertiser that delivered an ad to users, which led you to an app store with our App). Appsflyer also provides us with different analytics tools that enable us to research and analyze your use of the Service. Privacy Policy. Appsflyer allows you to Opt Out of having data from my device sent to AppsFlyer's servers for apps usage collection.

We use Facebook Analytics, which is a service is provided by Facebook that allows us to use different analytical tools. On Facebook Analytics we get, in particular, aggregated demographics and insights on how many people launch our app, how often users make purchases, and other interactions. Privacy Policy.

We also use Amplitude that is an analytics service that we use to understand how customers use our Service. Amplitude collects various technical information, in particular, time zone, type of device (phone or tablet), unique identifiers (such as IDFA). Amplitude also allows us to track various interactions that occur in our App. As a result, Amplitude helps us to decide what features should we focus on. Amplitude is EU-US Privacy Shield certified. Amplitude provides more information on how they process data in its Privacy Policy.

To analyze how visitors use the Service and to measure the effectiveness of some ads we use Google Analytics, a web analysis program of Google. On Google Analytics we get, in particular, information on the data you enter on our website and users’ interactions within the website. Google allows you to influence the collection and processing of the information generated by Google, in particular, by installing a browser plug-in, available here. You can read more about how Google uses the information here.

To track and analyze behavior of our App’s users (in particular, how they react to changes of the App structure, text or any other component), we use Firebase Remote Config. Firebase Remote Config is an A/B testing and configuration service provided by Google, which also enables us to tailor the content that our App’s users see (for example, it allows us to show different onboarding screens to different users). Privacy Policy and Privacy and Security in Firebase.

We also use Firebase Analytics, which is an analytics service provided by Google. In order to understand Google's use of data, consult Google's partner policy. Firebase Privacy information. Google’s Privacy Policy.

To perform standard product analysis, we also use Fabric Answers, which is an analytics service provided by Crashlytics, a business division of Google. Data Processing and Security Terms. Privacy information.

2.6. To send you marketing communications

We process your personal data for our marketing campaigns. We may add your email address to our marketing list, provided we receive consent or otherwise establish legal basis for sending you marketing communications. As a result, you will receive information about our products, such as for example, special offers. If you do not want to receive marketing emails from us, you can unsubscribe following instructions in the footer of the marketing emails.

We may also show you advertisements in our App, and send you push notifications for marketing purposes. To opt out of receiving push notifications, you need to change the settings on your device.

2.7. To personalize our ads

We and our partners,  use your personal data to tailor ads and possibly even show them to you at the relevant time. For example, if you have installed our App, you might see ads of our products, for example, in your Facebook’s feed.

How to opt out or influence personalized advertising

iOS: On your iPhone or iPad, go to “Settings,” then “Privacy” and tap “Advertising” to select “Limit Ad Track”. In addition, you can reset your advertising identifier (this also may help you to see less of personalized ads) in the same section.

Android: To opt-out of ads on an Android device, simply open the Google Settings app on your mobile phone, tap “Ads” and enable “Opt out of interest-based ads”. In addition, you can reset your advertising identifier in the same section (this also may help you to see less of personalized ads).

To learn even more about how to affect advertising choices on various devices, please look at the information available here.

In addition, you may get useful information and opt out of some interest-based advertising, by visiting the following links:

• Network Advertising Initiative – http://optout.networkadvertising.org/
• Digital Advertising Alliance – http://optout.aboutads.info/
• Digital Advertising Alliance (Canada) –  http://youradchoices.ca/choices
• Digital Advertising Alliance (EU) –  http://www.youronlinechoices.com/
• DAA AppChoices page –  http://www.aboutads.info/appchoices

We value your right to influence the ads that you see, thus we are letting you know what service providers we use for this purpose and how some of them allow you to control your ad preferences.

We use Facebook Ads Manager together with Facebook Custom Audience, which allows us to choose audiences that will see our ads on Facebook or other Facebook’s products (for example, Instagram). Through Facebook Custom Audience we may create a list of users with certain sets of data, such as an IDFA, choose users that have completed certain actions in the App (for example, installed it). As a result, we may ask Facebook to show some ads to a particular list of users. As a result, more of our ads may show up while you are using Facebook or other Facebook’s products (for example, Instagram). You may learn how to opt out of advertising provided to you through Facebook Custom Audience here.

Facebook also allows its users to influence the types of ads they see on Facebook. To find how to control the ads you see on Facebook, please go here or adjust your ads settings on Facebook.

Google Ads is an ad delivery service provided by Google that can deliver ads to users. In particular, Google allows us to tailor the ads in a way that they will appear, for example, only to users that have conducted certain actions with our App (for example, show our ads to users who have purchased a subscription). Some other examples of events that may be used for tailoring ads include, in particular, installing our App, finishing a workout program. Google allows its users to opt out of Google’s personalized ads and to prevent their data from being used by Google Analytics.

We also use Snapchat Advertising Platform together with Snapchat Audience Based Match, which is an ad delivery service provided by Snapchat that can link the activity of some users of our App with the Snapchat advertising network and show some of our ads to them. As a result, you may see more of ads on Snapchat in case you use our App. Snapchat allows you to Opt Out of their audience based ads. Privacy Policy.

2.8. To process your payments

We provide paid products and/or services within the Service. For this purpose, we use third-party services for payment processing (for example, payment processors). As a result of this processing, you will be able to make a payment for our Service and we will be notified that the payment has been made and will provide you with . We will not store or collect your payment card details ourselves. This information will be provided directly to our third-party payment processors.

2.9. To enforce our Terms and Conditions of Use and to prevent and combat fraud

We use personal data to enforce our agreements and contractual commitments, to detect, prevent, and combat fraud. As a result of such processing, we may share your information with others, including law enforcement agencies (in particular, if a dispute arises in connection with our Terms and Conditions of Use).

2.10. To comply with legal obligations

We may process, use, or share your data when the law requires it, in particular, if a law enforcement agency requests your data by available legal means.

3. Under what legal bases we process your personal data (Applies only to EEA-based users)

In this section, we are letting you know what legal basis we use for each particular purpose of processing. For more information on a particular purpose, please refer to Section 2. This section applies only to EEA-based users.

We process your personal data, in particular, under the following legal bases:

3.1. Your consent

• To send you marketing communications
• To process your personal data that is regarded as special category of personal data or sensitive data under certain data protection legislation that we are subject to.
• To process data obtained from the BetterMe Band

3.2. To perform our contract with you

Under this legal basis we:

• Provide our Service (in accordance with our Terms and Conditions of Use)
• Customize your experience
• Manage your account and provide you with customer support
• Communicate with you regarding your use of our Service
• Process your payments

3.3. For our (or others') legitimate interests, unless those interests are overridden by your interests or fundamental rights and freedoms that require protection of personal data

We rely on legitimate interests:

• To communicate with you regarding your use of our Service
  This includes, for example, sending you push notifications reminding you to exercise at appropriate times. The legitimate interest we rely on for this purpose is our interest to encourage you to use our Service more often.
• To research and analyze your use of the Service
  Our legitimate interest for this purpose is our interest in improving our Service so that we understand users’ preferences and are able to provide you with a better experience (for example, to make the use of the App easier and more enjoyable, or to introduce and test new features).
• To send you marketing communications
  The legitimate interest we rely on for this processing is our interest to promote our Service in a measured and appropriate way.
• To personalize our ads
  The legitimate interest we rely on for this processing is our interest to promote our Service in a reasonably targeted way.
• To enforce our Terms and Conditions of Use and to prevent and combat fraud
  Our legitimate interests for this purpose are enforcing our legal rights, preventing and addressing fraud and unauthorised use of the Service, non-compliance with our Terms and Conditions of Use.

3.4. To comply with legal obligations

4. With whom we share your personal data

We share information with third parties that help us operate, provide, improve, integrate, customize, support, and market our Service. We may share some sets of personal data, in particular, for purposes indicated in Section 2 of this Privacy Policy. The types of third parties we share information with include, in particular:

4.1. Service providers

We share personal data with third parties that we hire to provide services or perform business functions on our behalf, based on our instructions. We share your personal information with the following types of service providers:

• cloud storage providers (Amazon)
• data analytics providers (Facebook, Google, Appsflyer, Firebase, Amplitude)
• measurement partners
• marketing partners (in particular, social media networks, marketing agencies, email delivery services, Facebook, Google, Snapchat)
• payment processing providers
• communication services providers (Intercom, Zendesk)

4.3. Law enforcement agencies and other public authorities

We may use and disclose personal data to enforce our Terms and Conditions of Use, to protect our rights, privacy, safety, or property, and/or that of our affiliates, you or others, and to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, or in other cases provided for by law.

4.4. Third parties as part of a merger or acquisition

As we develop our business, we may buy or sell assets or business offerings. Customers’ information is generally one of the transferred business assets in these types of transactions. We may also share such information with any affiliated entity (e.g. parent company or subsidiary) and may transfer such information in the course of a corporate transaction, such as the sale of our business, a divestiture, merger, consolidation, or asset sale, or in the unlikely event of bankruptcy.

5. How you can exercise your privacy rights

Our company’s commitment to data security:

We implement a variety of administrative, managerial, and technical security measures to help protect your personal information. Our Company has various internal control standards which relate specifically to the handling of personal information. These include certain controls to help safeguard the information we collect online. Our employees are trained to understand and comply with these controls and we communicate our Privacy Policy, practices and guidelines to our employees. However, while we strive to protect your personal information, you must also take steps to protect your information. We urge you to take every precaution to protect your personal information while you are on the Internet.

Services and websites we sponsor have security measures in place to protect the loss, misuse, and alteration of the information under our control. While we make every effort to ensure the integrity and security of our network and systems, we cannot guarantee that our security measures will prevent third-party “hackers” from illegally obtaining this information. If we do discover a security breach affecting your data, every effort will be made to provide a notification within 72 hours of our team learning of the occurrence.

To be in control of your personal data, you have the following rights:

Accessing / reviewing / updating / correcting your personal data. You have the right to review, edit, or change the personal data that you had previously provided to us in the profile section of the App. If you would like to receive a copy of data we process, please send us a data access request.

Deleting your personal data. You can request erasure of your personal data, as permitted by law. When you request deletion of your personal data, we will use reasonable efforts to honor your request. In some cases we may be legally required to keep some of the data for a certain time; in such event, we will fulfill your request after we have complied with our obligations.

General Data Privacy Regulation (GDPR)

The GDPR takes effect on May 25, 2018, and is intended to protect the data of European Union (EU) citizens.

Objecting to or restricting the use of your personal data. You can ask us to stop using all or some of your personal data or limit our use thereof. Additional information for EEA-based users. If you are based in the EEA, you have the following rights in addition to the above:

• The right to lodge a complaint with supervisory authority. We would love you to contact us directly, so we could address your concerns. Nevertheless, you have the right to lodge a complaint with a competent data protection supervisory authority, in particular in the EU Member State where you reside, work or where the alleged infringement has taken place.

• The right to data portability. If you wish to receive your personal data in a machine-readable format, you can do so by requesting a copy of your personal data as described above. The data will be made available to you in the .json file or other file format.

To exercise any of the available to you privacy rights, please send a request to support@brightmobileapps.com

6. Age limitations

We do not knowingly process personal data from persons under 16 years of age. If you learn that anyone younger than 16 has provided us with personal data, please contact us at  support@brightmobileapps.com

7. International data transfers

We may transfer personal data to countries other than the country in which the data was originally collected in order to provide the Service set forth in the Terms and Conditions of Use and for purposes indicated in this  Privacy Policy. If these countries do not have the same data protection laws as the country in which you initially provided the information, we deploy special safeguards.

8. Changes to this privacy policy

We may modify this Privacy Policy from time to time. If we decide to make material changes to this Privacy Policy, you will be notified through our Service or by other available means and will have an opportunity to review the revised Privacy Policy. By continuing to access or use the Service after those changes become effective, you agree to be bound by the revised Privacy Policy.

9. California privacy rights

This section provides additional details about how we process personal data of California consumers and the rights available to them under the California Consumer Privacy Act (“CCPA”) and California’s Shine the Light law. Therefore, this section applies only to residents of California, United States.

For more details about the personal information we have collected, including the categories of sources, please see Section 1 above. We collect this information for purposes described in Section 2 of this Privacy Policy. We may also share your information with certain categories of third parties as indicated in Section 4.

Subject to certain limitations, the CCPA provides California consumers the right to request to know more details about the categories or specific pieces of personal information we collect (including how we use and disclose this information), to delete their personal information, to opt-out of any “sales” that may be occurring, and to not be discriminated against for exercising these rights.

California consumers may make a request pursuant to their rights under the CCPA by contacting us at  support@brightmobileapps.com. We will verify your request and inform you accordingly. You may also designate an authorized agent to exercise these rights on your behalf.

Access rights under California’s Shine the Light

California also provides its residents with additional access rights. Under Shine the Light law, the residents may ask companies once a year what personal information they share with third parties for those third parties' direct marketing purposes. Learn more about what is considered to be personal information under the statute.

To obtain this information from us, please send an email message to  support@brightmobileapps.com, which includes “Request for California Shine the Light Privacy Information” on the subject line and your state of residence and email address in the body of your message. Please be aware that not all information sharing is covered by the “Shine the Light” requirements and only information on covered sharing will be included in our response.

10. Data retention

We will store your personal data for as long as it is reasonably necessary for achieving the purposes set forth in this Privacy Policy (including providing the Service to you), which includes (but is not limited to) the period during which you have an account with the App. We will also retain and use your personal data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

11. How “Do not track” requests are handled

Except as otherwise stipulated in this Privacy Policy, this App does not support “Do Not Track” requests. To determine whether any of the third-party services it uses honor the “Do Not Track” requests, please read their privacy policies.

12. Contact us

You may contact us at any time for details regarding this Privacy Policy and its previous versions. For any questions concerning your account or your personal data please contact us at to  support@brightmobileapps.com