Privacy Policy

BrightKey ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services. Please read this policy carefully. If you disagree with its terms, please discontinue use of our platform.

1. Information We Collect

1.1 Information You Provide Directly

We collect information you provide when you:

• Register for an account (name, email address, password)
• Submit our contact form (name, email, subject, message)
• Purchase a subscription (billing name, email; payment details handled by PayMongo)
• Communicate with our support team

1.2 Automatically Collected Information

When you visit our website, we may automatically collect:

• Log data (IP address, browser type, pages visited, time and date)
• Device information (hardware model, operating system, unique device identifiers)
• Usage data (features used, actions taken within the platform)
• Performance data (load times, errors) via our CDN provider, Bunny.net

1.3 Information from Third Parties

We may receive information about you from third-party services you connect to BrightKey, or from publicly available sources, consistent with applicable law.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and improve our services
• Process transactions and send related information (receipts, confirmations)
• Respond to your comments, questions, and requests
• Send promotional communications (with your consent, and with an opt-out option)
• Monitor and analyse usage patterns to improve user experience
• Detect, prevent, and address technical issues and fraudulent activity
• Comply with legal obligations

3. How We Share Your Information

We do not sell your personal information. We may share your information with:

• Service providers — trusted third parties who assist us in operating our platform, including Supabase (database), Bunny.net (CDN), and PayMongo (payments).
• Business transfers — if BrightKey is involved in a merger, acquisition, or sale of assets, your information may be transferred.
• Legal requirements — when required by law, subpoena, or other legal process, or to protect the rights, property, or safety of BrightKey, our users, or others.
• With your consent — in any other circumstances, only with your explicit consent.

4. Data Storage & Security

Your data is stored in Supabase, which employs AES-256 encryption at rest and TLS in transit. We implement administrative, technical, and physical security measures designed to protect your personal information from unauthorized access, use, or disclosure.

Despite our best efforts, no security system is impenetrable. In the event of a breach that affects your personal data, we will notify you as required by applicable law.

We retain your personal data for as long as your account is active, or as needed to provide you services, comply with legal obligations, resolve disputes, and enforce our agreements. You may request deletion at any time (see Section 7).

5. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

• Essential cookies — required for the platform to function (authentication sessions, CSRF tokens).
• Analytics cookies — help us understand how visitors interact with our website (aggregated, anonymised).
• Preference cookies — remember your settings and choices.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, some features of our service may not function properly without cookies.

6. Third-Party Services

Our service integrates with the following third-party providers, each governed by their own privacy policies:

• Bunny.net — CDN and media delivery. May collect IP addresses and usage statistics for performance and security purposes.
• Supabase — Database and authentication. Processes and stores the data you provide to us.
• PayMongo — Payment processing. Handles all payment card data in a PCI-DSS compliant environment. BrightKey does not store card numbers or CVCs.

We encourage you to review the privacy policies of these providers. We are not responsible for the privacy practices of third-party websites not operated by BrightKey.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access — request a copy of the personal data we hold about you.
• Rectification — request correction of inaccurate or incomplete data.
• Erasure — request deletion of your personal data ("right to be forgotten").
• Restriction — request that we restrict processing of your data.
• Portability — receive your data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interests or direct marketing.
• Withdraw consent — where processing is based on consent, withdraw it at any time.

To exercise any of these rights, please contact us at privacy@brightkey.io. We will respond within 30 days.

8. Children's Privacy

Our services are not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us immediately and we will take steps to delete that information.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page and, where the changes are significant, notify you by email or through a prominent notice on our website. Your continued use of BrightKey after any changes constitutes your acceptance of the new policy.

10. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact our Data Protection Officer:

• Email: privacy@brightkey.io
• Address: BrightKey Inc., [Your Address], Philippines

You also have the right to lodge a complaint with your local data protection authority.