Privacy Policy

Archived Privacy Policy (August 27, 2021 through February 14, 2022)

Effective date: February 15, 2022

data.ai Inc. cares about the privacy of individuals who use our mobile application, Bright Labs (“App”) together with any products and/or services and, where applicable its website at https://www.Brightlabsapp.com/ (“Site”) (collectively, the “Services”).

As used herein, “data.ai,” or “us/we/our”, refers to data.ai Inc., a US company, acting by itself and/or through entities that are legally part of the data.ai family of companies, including Bright Labs, B.V. (the “Related Companies”). Bright Labs is part of a joint research program with data.ai, which operates the Bright Labs research panels. Those Related Companies include, but are not limited to, data.ai Co., Ltd., Mobidia Technology Inc., Distimo B.V., and Bright Labs B.V.

Summary

The App allows you to participate in programs which allow you to accumulate points that can be redeemed to earn vouchers, coupons, gift cards or other incentives or rewards (collectively “Rewards”), subject to the Terms of Service.

This Bright Labs Privacy Policy (“Policy”) explains how the App collects information about you and about how you use your mobile device, including advertisements and advertisers promoting those advertisements when you sign up for and use the App and Services. data.ai processes and safeguards information we obtain from and about you through our Services. The Policy also explains your rights and choices with respect to your personal information, and how you can contact us if you have any questions or concerns. No part of the Services is directed to children under the age of 18, nor do we knowingly collect information from anyone under the age of 18. This Policy applies to your use of the Services only and does not apply to other websites, mobile applications and services provided by data.ai. Please visit the privacy policy for the respective website, mobile application or service to learn about data collection and use if you interact with these other services.

Your use of the Services is subject to this Policy and the Terms of Service accessible on the App or the Site. If any term of this Policy is unacceptable to you, please do not use the Services and do not provide your personal information.

TABLE OF CONTENTS

How data.ai Collects Your Information
How We Use Your Information
How We Disclose Your Information
Transfers to Other Countries
Data Retention
Our Commitment to Security
Children’s Privacy
Do Not Track
Your Rights and Choices
Third-Party Platforms
Updates to this Privacy Policy
How to Contact Us

1. How data.ai Collects Your Information

For the purpose of this Policy, “Personal Information” means any information relating to an identified or identifiable individual. We obtain Personal Information relating to you from various sources described below.

If you do not provide Personal Information when requested, you may not be able to benefit from our Services if that information is necessary to provide you with the Services or if we are legally required to collect it. Where applicable, we indicate whether and why you must provide us with your Personal Information, as well as the consequences of failing to do so.

i. Personal Information Provided Directly by You

Communications

We collect the Personal Information that you provide to us. For example, if you contact us directly, such as to request information, collect your Rewards, access the Services, or connect with Customer Support, we may receive information about you as you provide it or interact with us. The types of information we process from you may include your name, email address, the content of communications with us, date and time of your message, and records of our interactions or our replies. We also may receive information if you complete a survey, such as demographic information (e.g., age, gender) and any other information you choose to provide. Your email address will be provided to our partners when you redeem points for Rewards.

i. Information We Collect About You When You Use the Services

Depending on which mobile device operating system you use (for example, Apple iOS or Google’s Android), we may collect the following information:

Device Information

We receive information about your device, which may include operating system version, device manufacturer and model, language and regional settings.

App Usage Information

We receive information about your interactions with the App like the pages or other content you view, the dates and times of your interactions, or how often you use our Services.

Market Research Information

We collect information about which advertisements are shown and which advertisers are promoting them on the timeline of your account to which you have given us access, in order for us to create market research analysis and information. For more information, please visit Market Research Information in Section 2 below. Information will only be shared in a way that does not identify you. We do not sell or disclose Personal Information collected to third parties. You can manage your data preferences, including opting out of data collection, at any time in the App’s settings and as explained below in Section 9.

Event Information

We collect information about crash reports and other details about any errors you may encounter when using or accessing the App (i.e., for example, lost connection to the Internet).

Mobile Application Providers

We may receive information about you from a Mobile Application Provider when you download the App from the application store (e.g., Apple iTunes, Google Play, etc.), such as your device information in order to provide you with the correct version of the App.

Cookies and Similar Technology

As you navigate through and interact with our Services, we use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns.

Necessary (first-party persistent) cookies are used on the Services for log in purposes.

Additionally, data.ai may use third-party data analytics service providers to measure the web traffic on different parts of our Services. These services, which anonymously track users, help analyze how users use the Services. The information generated by the cookie about your use of the Services will be transmitted to and stored by third-party data analytics service providers, who will use this information on behalf of us as the operator of the Services for the purpose of evaluating your use of the Services, compiling reports on the Services activity and providing other services relating to internet usage.

For EEA Users: Information on Our Use of Google Analytics

If you have provided your consent, our Services may use Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses cookies that enable an analysis of your use of our App.

We use the function ‘anonymizeIP’ (so-called IP-Masking). If IP anonymization is activated on the Services, your IP address will be truncated within the EEA. Only in exceptional cases will the whole IP address first be transferred to a server in the United States and truncated there. The IP anonymization is active on the Services. The IP address that your browser conveys within the scope of these web analytics services will not be associated with any other data held by Google.

During your visit to our Services, the following data may be collected:

The pages you call up, your “click behavior”;
Achievement of “goals” (conversions, e.g., newsletter registrations, downloads, purchases);
Your user behavior (e.g., clicks, time spend, bounce rates).
Your approximate location (region);
Your IP address (in abbreviated form);
Technical information about your browser and the end devices you use (e.g., language settings, screen resolution);
Your internet provider; and
The referrer URL (the website/advertising medium from which you came to this website).

Google will use this information on our behalf to evaluate your (pseudonymous) use of our Services and to compile reports on the activities. The reports provided by Google Analytics are used to analyze the performance of the Services.

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA is the recipient of the data. More information about the contractual arrangements for the processing of personal data with Google can be found at https://privacy.google.com/businesses/processorterms/ and https://privacy.google.com/businesses/controllerterms/. Access by US authorities to the data stored by Google cannot be ruled out.

You can prevent the collection of data generated by the cookie and the processing of this data by Google on the Site by not providing your consent to the setting of the cookie in the Cookie Settings on the bottom of the Site or for website-based use, downloading and installing the browser add-on to disable Google Analytics. You can also prevent the storage of cookies when using our Site by configuring your browser software. However, if you configure your browser to reject all cookies, this may limit functionality on the Site.

The legal basis for this data processing is your consent. You can withdraw your consent at any time for the Site, with future effect, by accessing the cookie in the Cookie Settings on the bottom of the Site and changing your preferences. Please note that you cannot make changes to the use of cookies via the App. If you do not want the use of cookies, then you should not use the App or uninstall the App.

It cannot be ruled out that Google uses the data described in this section for its own purposes and links it to other data such as possibly existing Google accounts. For more information about Google Analytics’ terms of use and Google’s privacy policy, please visit https://marketingplatform.google.com/about/analytics/terms/gb/ and https://policies.google.com/?hl=en.

If you download our App by clicking one of our ads, we will collect data through advertising IDs, such as a randomly generated identifier (“IDFA”), which is an identifier that does not contain Personal Information. This technology provides a unique identifier to your device to attribute, or measure, user interactions with ad campaigns, installs, and in-app activity.

For more information on your choices regarding how we collect and use information, please see “Your Rights and Choices” Section 9 below.

Return to Top

2. How We Use Your Information

data.ai will use your information, including your Personal Information for the following purposes:

Providing and Improving the Services

To provide, enhance, improve, and personalize our Services, and determine your eligibility for the Service. We also may send push notifications to your device. You have choices with respect to the communications you receive from us. Please see “Your Rights and Choices” Section 9 below.

Analytics

To understand and analyze how you use our Services.

Communications

To communicate with you, including to respond to your inquiries and to send emails to an email address you provide to us for customer-service or technical-support purposes or to provide you relevant information to you regarding Rewards or your ability to redeem Rewards.

Fraud Detection and Other Technical Issues

To detect, prevent, or otherwise address fraud, security or technical issues, and promote safety and integrity on the App.

Legal

To comply with applicable federal, state, and other applicable international laws and regulations, and to protect the rights, property, or safety of us or any other person, enforce our Terms of Service, or protect the content of the Services.

Market Research Information

By participating in the App you are agreeing to our collection of information for market research. We will use it to provide aggregated market research about which advertisements and advertisers who promote advertisements on the time timeline for the account to which you have provided us access. We will only share it in a way that does not identify you (e.g., in an aggregated form).

Other Reasons

We may use your Personal Information for any purpose where you have given your consent (where legally required).

We only process your Personal Information based on valid legal grounds in accordance with applicable law, including but not limited to the EU or UK General Data Protection Regulation (“GDPR”) when:

You have consented to the use of your Personal Information, for example, to receive marketing communications or location tracking. You may withdraw any consent you previously provided to us regarding the processing of your Personal Information, at any time and free of charge. We will apply your preferences going forward and this will not affect the lawfulness of the processing before your consent withdrawal.
We need your Personal Information to provide you with the Services, including to respond to your inquiries.
We have a legal obligation to use your Personal Information.
We or a third party have a legitimate interest in using your Personal Information. In particular, we have a legitimate interest in using your Personal Information to conduct business analytics, and otherwise improve the safety, security, and performance of our Services.

We do not engage in general profiling or automated decision-making practices.

Return to Top

3. How We Disclose Your Information

Corporate Affiliates

data.ai may share Personal Information with our Related Companies in the ordinary course of business and for the purposes of providing the services set forth in this Policy.

Service Providers

We may share your Personal Information with our vendors, service providers, and other third parties that perform services on our behalf. This includes our data analytics service providers and customer-service support. We enter into confidentiality and data processing terms with these providers to provide appropriate and suitable safeguards for their processing of your Personal Information.

As Required by Law and Similar Disclosures

We may disclose Personal Information we have about you: (i) if we are required to do so by law, regulation, or legal process, such as a court order or subpoena; (ii) in response to requests by government agencies, such as law enforcement authorities; (iii) when we believe disclosure is necessary or appropriate to protect against or respond to physical, financial or other harm, injury, or loss to property; or (iv) in connection with an investigation of suspected or actual unlawful activity.

Merger, Sale, or Other Asset Transfers

data.ai may disclose your Personal Information to a potential or actual acquirer, successor, or assignee as part of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in bankruptcy or similar proceedings).

Aggregated Information

For market research, we will aggregate your information with other information. We will only share such information in an anonymized and aggregated manner with our Related Companies and for the purpose of data.ai services or publicly. We do not sell your Personal Information.

Consent

data.ai may further disclose your Personal Information with your consent.

Return to Top

4. Transfers to Other Countries

The Services are provided from the United States and other locations, and we may transfer your Personal Information to the United States, in accordance with applicable local laws and regulations. These countries may not have the same high level of protection as the data protection laws in the country from which you initially provided the information.

We rely on appropriate and suitable safeguards including EU Standard Contractual Clauses to transfer Personal Information to countries outside the EEA, United Kingdom or Switzerland where an adequate level of protection is not already guaranteed. If you are located in the EU, EEA, the United Kingdom or Switzerland, we comply with applicable data protection laws when transferring your Personal Information outside of these areas. In particular, we may transfer your Personal Information to countries for which adequacy decisions have been issued; use contractual protections, such as the European Commission’s Standard Contractual Clauses for the transfer of Personal Information to our U.S. headquarters, other offices or third parties. You may contact us as specified in the “How to Contact Us” Section 12 below to obtain a copy of the clauses, relevant data transfer agreements or safeguards we use to transfer Personal Information outside of these countries/regions.

Return to Top

5. Data Retention

Personal Information will be stored and kept as long as needed to carry out the purposes described in this Policy or as otherwise required by applicable law. Unless we are required or permitted by law to keep this information for a longer period of time, when this information is no longer necessary to carry out the purposes for which we process it, we will delete your Personal Information or keep it in a form that does not permit identifying you. When determining the retention period, we take into account various criteria, such as the type of Services requested by or provided to you, the nature and length of our relationship with you, possible re-enrollment with our Services, the impact on the Services we provide if we delete some Personal Information from or about you, mandatory retention periods provided by law and the statute of limitations, and our use of your information for aggregated market research.

Return to Top

6. Our Commitment to Security

data.ai cares about the security of your information, and employs physical, technological and administrative measures to protect the information you submit via the Services against loss, theft, and unauthorized access, use, disclosure or modification. However, we cannot ensure or warrant the security of any information you transmit to us or guarantee that information on the Services may not be accessed, disclosed, altered or destroyed. Electronic communications sent to or from the Services may not be secure. You should use caution whenever submitting information online and take special care in deciding what information you send to us. If you have reason to believe that your Personal Information is no longer secure, please notify us at the e-mail address provided in the “How to Contact Us” Section 12 below.

Return to Top

7. Children’s Privacy

We do not knowingly collect, maintain, or use Personal Information from children under 18 years of age, and no part of the Services is directed to children under the age of 18. If you learn that your child has provided us with Personal Information without your consent, then you may alert us at privacy@data.ai. If we learn that we have collected any Personal Information from children under 18, then we will promptly take steps to delete such information.

Return to Top

8. Do not Track

Some web browsers incorporate a “Do Not Track” feature. Because there is not yet an accepted standard for how to respond to Do Not Track signals, our Services do not currently respond to such signals. However, our Site does not track you. If you want to restrict ads in general on your devices you may opt out from ad tracking by enabling “Limit Ad Tracking” or “Opt Out of Ads Personalization” (as applicable to your device) in your device settings.

Return to Top

9. Your Rights and Choices

i. Global Rights & Choices

We provide you with certain choices with respect to your Personal Information, our use of cookies, and marketing activities, with respect to our Services:

Cookies on the Site. You can manage your preferences related to our use of cookies and similar technologies on the Site by adjusting your device or browser settings. Some of our advertising partners are members of the Network Advertising Initiative or the Digital Advertising Alliance. If you do not wish to receive our ads in our third-party advertising partners sites or platforms, please visit their opt-out pages to learn about how you may opt out of receiving web-based personalized ads from member companies (or if located in the European Union, click https://www.youronlinechoices.eu/. You can access any settings offered by your mobile operating system to limit ad tracking, or you can install the AppChoices mobile app https://play.google.com/store/apps/details?id=com.DAA.appchoices&hl=en_AU to learn more about how you may opt out of personalized ads in mobile apps. Please note you may continue to receive generic ads.
Cookies on the App. Please note that you cannot make changes to the use of cookies via the App. If you do not want the use of cookies, then you should not use the App or uninstall the App. For more information, please visit Section 1.
IDFA. You can reset the advertising identifier randomly assigned to your device at any time and can opt out of personalized ads by enabling “Limit Ad Tracking” or “Opt Out of Ads Personalization” (as applicable to your device) in your device settings. When you disable “Limit Ad Tracking” or “Opt Out of Device Personalization” (as applicable to your device), advertisers and their measurement solutions will receive a blank device ID in place of a device-specific ID.
Push notifications. You can opt out of receiving push notifications using your mobile application or device settings. Opting out of push notifications may impact the functionality of our Services.

In addition, we provide all users with certain rights in connection with our processing of Personal Information:

Access. data.ai will provide you with access to your Personal Information, which includes the right to obtain confirmation from us as to whether Personal Information concerning you is being processed. Where that is the case, data.ai will provide you with access to your Personal Information and information related to how it is processed.
Erasure. For erasure requests related to all of your Personal Information received by data.ai through the App, you can delete the App from your device. If you delete the App from your device, we will no longer receive any of your information including Personal Information, and we will no longer be able to identify you as a user of the App. If you would like to request any information about the erasure of Personal Information received through our Support channels please submit a request at forgetme@data.ai.

Please note that we have the right to reject access or erasure requests that are unduly burdensome or repetitive, or that cannot be honored in light of legal obligations or ongoing disputes, or where retention is necessary to enforce our agreements or protect our or another party’s rights, property, safety, or security, or other reasons under the law.

If you have any questions about exercising your rights, please contact us using the information listed in the “How to Contact Us” Section 12 below.

ii. For Residents in the EU, EEA, United Kingdom, and Switzerland

In addition to the global rights above, the GDPR, or other applicable laws, provide you with additional rights regarding your Personal Information, as follows:

Rectify. You have the right to update or correct your Personal Information (e.g., your e-mail address) which you submit for support cases. However, data.ai does not have an ability to rectify your Personal Information collected through your use of the App. data.ai cannot rectify your Personal Information, it can only delete your Personal Information which is collected through the App. As described in the “Erasure” subsection above, above, once you have deleted the App, any Personal Information that you had provided through the App is anonymized.
Data Portability. You may have the right to exercise your right to data portability to easily transfer your Personal Information to another company.
Object. You may also object to the processing of your Personal Information under certain circumstances, including objecting to processing your Personal Information for direct marketing purposes or when it is done based upon legitimate interest.
Restrict. You may restrict us from continuing to process your Personal Information under certain circumstances (e.g., where you contest the accuracy of your Personal Information, for a period enabling us to verify the accuracy of the Personal Information).
Consent Withdrawal. You may withdraw the consent that you might have given with respect to the processing of your Personal Information at any time with future effect.
Complaint. If you are not satisfied with data.ai’s response or believe that your Personal Information is not being processed in accordance with the law, you may also have the right to lodge a complaint with the competent supervisory authority in your country of residence, place of work or where the incident took place, or seek other remedies under applicable law. For more information on how to lodge a complaint in the EU, please see https://edpb.europa.eu/about-edpb/board/members_en.

iii. For Residents of California

The California Consumer Privacy Act (“CCPA”) provides you with additional rights regarding your Personal Information.

Collection of Personal Information

In the preceding twelve (12) months, we may have collected from you or from your use of the Services, categories of Personal Information as defined under the CCPA, which includes the following:

Identifiers, such as your first and last name, e-mail address, unique personal identifier, online identifier, Internet Protocol, advertising identifiers and other similar identifiers
Protected Classifications, such as your gender and age
Internet or Other Similar Network Activity, such as your browsing history, search history, and information on your interaction with our Site
Inferences Drawn from Personal Information, such as a profile reflecting your preferences, characteristics, trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes.

Purposes

In the preceding twelve (12) months, we may have used and disclosed the categories of Personal Information from the sources described in Sections 2 and 3, for business purposes, including:

Auditing consumer interactions, including, auditing compliance with this specification and other standards;
Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity;
Debugging to identify and repair errors that impair existing intended functionality;
Providing services (including providing customer service, analytics or similar services on behalf of the business or service provider);
Undertaking internal research for technological development and demonstration (i.e., to develop new products or features); and
Undertaking activities to maintain the quality or safety of the Services and to improve, upgrade, or enhance the Services.

We also may have used and disclosed the Personal Information we collect for commercial purposes to provide you with our Services, as described in Sections 2 and 3 of this Policy above.

Disclosure of Personal Information

In the preceding twelve (12) months, we may have disclosed your Personal Information for a business purpose, including to the following categories of third parties:

Categories of Personal Information	Categories of Third Parties
Identifiers, such as your first and last name, address and e-mail address	Our Related Companies Customer service provider
Protected Classifications, such as your gender and age	Our Related Companies Data analytics providers
Internet or Other Similar Network Activity, such as your browsing history, search history, and information about your interaction with our Site	Our Related Companies Data analytics providers
Inferences Drawn from Personal Information, such as a profile reflecting your preferences characteristics, trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes	Our Related Companies Data analytics providers

California Resident Privacy Rights

If you are a California resident, in addition to the rights described above under “Global Rights & Choices” above, you have the following rights.

Right to Access Specific Information. You may request access to the specific pieces of Personal Information we have collected, used, and disclosed about you in the twelve (12) months preceding your request.
Right to Know Personal Information. You may request to know the categories of Personal Information we have collected about you and the purposes for doing so; the categories of sources of that data; the categories of third parties with whom we shared it for a business purpose and our purposes for doing so.
Right to Opt Out of Sale of Personal Information. The term “sale” is defined broadly under the California Consumer Privacy Act. To the extent that “sale” under the CCPA is interpreted to include interest-based advertising or other data uses described in the “Cookies” Section 1 above, we will comply with applicable law as to those activities. To opt out of receiving interest-based advertising, you can exercise your choice by using your account privacy settings.
Non-Discrimination. We will not discriminate against you for exercising any of your privacy rights under CCPA or applicable law, including by denying you Services, providing you a different level of Services, or suggesting that you will receive a different level of quality of goods or services.

Verification and Authorized Agent

To exercise your rights, please follow the instructions above and the contact information in the “How to Contact Us” Section 12 below. We will confirm receipt of your requests and respond within 30 calendar days, unless additional time is needed, in which case we will provide notice and an explanation of the reason. Also, to respond to your request to right to know and/or delete, we must verify your identity or authority to make the request and confirm the Personal Information relates to you, or others. To do so, we collect your e-mail address to verify your identity through the App. We also may contact you by e-mail (if you have provided it to us) to verify your identity and ask you additional questions so that we can match your identity with the data we have about you. In some instances, we may ask you to declare under penalty of perjury that you are the consumer whose Personal Information is the subject of the request. If we cannot verify your identity, we may reject your request in whole or in part.

You also may designate an authorized agent to make a request for you. To use an authorized agent, we may require: (1) your signed permission designating the authorized agent; (2) evidence that the authorized agency has power of attorney under the California Probate Code; or (3) proof that the authorized agent is registered with the California Secretary of State and that you have authorized such authorized agent to be able to act on your behalf. We may deny a request from an authorized agent who does not submit sufficient proof.

Return to Top

10. Third-Party Platforms

Our Services may contain links, features, components or other interactive tools supplied by third parties, such as the Facebook “Like” button. Please be aware that you are providing your Personal Information to these third parties and not to data.ai. Such third parties may have information practices different than those set forth herein and their use of cookies and similar technologies is not covered by this Policy. We do not have access to or control over such third parties and encourage you to consult the privacy notices provided by those third parties. PLEASE EXERCISE CAUTION AND CONSULT THE PRIVACY POLICIES POSTED ON EACH THIRD-PARTY APP/WEBSITE FOR FURTHER INFORMATION.

Return to Top

11. Updates to this Privacy Policy

We reserve the right to change this Policy at any time. We will post any adjustments to this Policy on this page, and the revised version will be effective the date it is posted, which is identified at the top of the page. If we materially change the ways in which we process your Personal Information previously collected from you, we will notify you through our Services or any other means. We encourage you to review the Policy, which may be updated from time to time. Your continued use of our Services after such amendments will be deemed your acknowledgement of these changes to this Policy.

Return to Top

12. How to Contact Us

If you have any questions or concerns about data.ai’s privacy practices or about this Policy, or would like to exercise your rights in relation to your Personal Information, you may:

Contact data.ai via e-mail at: privacy@data.ai, or
Write us at:

data.ai Inc. Legal Department

44 Montgomery Street, 3^rd Floor

San Francisco, CA 94104

data.ai’s Data Protection Officer may be contacted via e-mail (dpo@data.ai) or at the following address:

data.ai Inc. Legal Department

ATTN: Data Privacy Officer

44 Montgomery Street, 3^rd Floor

San Francisco, CA 94104

data.ai Inc. is the entity responsible (data controller) for the processing of your Personal Information.

Return to Top