Privacy Policy - Bright Labs
-
(Currently available at: https://www.brightlabsapp.com/privacy-policy/)
Last Updated June 30, 2023
This Privacy Policy applies to the Bright Labs application (the “Bright Labs App” or the “App”) downloaded from the https://www.brightlabsapp.com website and your interactions with the https://www.brightlabsapp.com/ website. Your interactions with Tango Card Inc, including any exercise of user rights, are governed by its privacy policy available at https://www.tangocard.com/legal/privacy-notice and any other applicable Tango Card policies and terms specific to where you reside.
Our Privacy Policy Has Recently Changed
We have made changes to this Privacy Policy that apply on or after the “Last Update” date indicated above. These changes include:
Additional details about what personal information or other information we collect from you, how we collect it, and the purpose for which it is collected;
Descriptions of the third parties with whom and for what purpose your information is shared; and
Additional details regarding your personal information rights and how to exercise them.
data.ai cares about the privacy of individuals who use the App. As used herein, “data.ai,” “Bright Labs,” or “us/we/our”, refers to data.ai inc., a US company, acting by itself and/or through entities that are legally part of the data.ai family of companies (the “Related Companies”). See a list of Related Companies here.
Summary
This Privacy Policy (the “Policy”) explains how the App collects information about you and the advertisements you see on your connected social media accounts, including the type of advertisements, the advertisers who promote them, and other information related to those advertisements. data.ai processes and safeguards information we obtain from and about you when you use the App. The Policy also explains your rights and choices with respect to your personal information, and how you can contact us if you have any questions or concerns. No part of the App is directed to children, nor do we knowingly collect information from children (see Section 7 of this Policy). References to “child” and “children” in this Policy refer to a person or persons under the age of 16 (or such greater age required in the applicable jurisdiction for an App user to be bound by a contract without guardian consent).
The Policy is limited to the App only and does not apply to other data.ai websites, mobile applications, and services. In addition, your interaction with the Tango Card website is governed by the Tango Card Inc.’s privacy policy available at https://www.tangocard.com/legal/privacy-notice and any other applicable Tango Card policies and terms specific to where you reside.
Your use of the App is subject to this Policy and the Terms of Service accessible on the App. If any term of this Policy is unacceptable to you, please do not use the App and do not provide your personal information.
TABLE OF CONTENTS
1. How data.ai Collects Your Information
For the purpose of this Policy, “Personal Information” means any information relating to an identified or identifiable individual or, when applicable, legal entity. An identifiable individual or legal entity is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, or an online identifier. We obtain Personal Information relating to you from various sources described below.
Where applicable, we indicate whether and why you must provide us with your Personal Information, as well as the consequences of failing to do so.
i. Personal Information You Provide Directly When You Engage with Us
If you access and use the App, contact us directly to request information, or, if you connect with Customer Support, we may receive additional information about you, such as your name, email address, the content, date and time of your message, and our reply. We also may receive any other information you choose to provide.
ii. Personal Information We Collect About You When You Use the App
Depending on the choices you make when you open the App for the first time or at a later time through the App’s Settings, we collect the following information:
Social media ads and ads-related information: This includes the type of ads you see on your connected social media accounts, which advertisers are promoting them, URLs included in the ads, the specific social media platform on which the ads are shown, and any other information related to the ad campaigns;
Unique identifiers: This includes your social media login credentials (though we do not store them on our servers), user unique installation IDs, IP addresses, email;
Device-specific information: This includes your mobile device type and model, operating system and its version number, language and regional settings, carrier or network, and time stamp and zone;
Your country and approximate city location: This consists of your IP address, but we do not collect your precise geolocation or GPS data;
Crash-related information: This includes information about errors and crashes when accessing and using the App (e.g., lost connection to the Internet), such as date and time of crashes and crash traces;
App usage analytics: This includes statistics about your interaction within the App, such as the number of daily active App users, how often and when users launch or close the App, which App screens users open and how they interact with different App features.
Ad attribution and related user analytics information: This includes information related to our marketing campaigns and user behavior, such as clicks on our ads, the webpage or application from which such ads were displayed, other user events and actions related to our marketing campaigns.
The App also integrates several software development kits (“SDKs”) which are third-party tools that allow us to use their existing frameworks to develop certain App functionalities. Please refer to Section 10 of this Policy for more details about the SDKs and the specific categories of Personal Information that these SDKs process.
2. How We Use Your Information
i. When You Use This App and Consent to the Processing of Your Personal Information
With your consent, data.ai will process your Personal Information for the purposes listed below. Because the purpose of the App is to create market research by collecting social media ads and ads-related information in exchange for Points, you will not be able to use or access the App unless you consent to the collection of ads and ads-related information by logging into your social media networks.
You can withdraw your consent to the processing of your Personal Information for purposes of Market Research at any time by logging out of the social media accounts you have given us access to in the App and through the App’s Settings.
Market Research on Social Media Mobile Ads
With your consent to sharing information from your social media timeline, the information we collect from you is used to create market research on social media mobile ads.
We collect information about the type of ads you see on your connected social media accounts, which advertisers are promoting them, any URLs that are included in the ads, the specific social media platform on which the ads are shown, and any other information related to the ad campaigns. To differentiate and understand the types of mobile ads you are seeing, we also collect your country location, device operating system, the social media platform on which the ad is shown, and the time zone. We use a unique identifier and store the ads you see with that identifier. To troubleshoot problems, we also collect other information about your mobile device, including your device type and model.
We only collect and store the mobile ads and ads-related information and do not collect or store anything else from your connected social media accounts. While we use your social media accounts’ login credentials to collect the mobile ads and ads-related information, the credentials never leave your mobile device and are stored on your device. Our market research will not be shared in a way that personally identifies you. We do not sell or otherwise share your Personal Information with third parties.
Because the purpose of the App is to create market research for social media mobile ads, if you do not consent to this collection, you will not be able to use the App.
App Crash Reporting
To identify and fix performance issues with the App, we process information about your mobile device as well as other tracking and performance data. You also consent to Google LLC storing and accessing this information on your device, including a unique per-installation identifier that is only used in relation to crash reporting.
We use a third-party service to detect App crashes—Google LLC’s Firebase Crashlytics in the U.S. (see Section 10 of this Policy)—to process:
Device-specific information (e.g., model, operating system and version number);
Per-installation identifier (a random installation identifier unique to Firebase);
Coarse geographic location information inferred from your IP address (e.g., city, country); and
Other crash-related information (e.g., date and time of crash and crash traces).
Firebase Crashlytics helps us to combine this information across different devices and operating systems to identify and fix problems with the App and to improve its performance. We do not combine Personal Information collected through Firebase Crashlytics with any other Personal Information we may have received from you for other purposes.
Your consent will allow us to disclose and process your Personal Information through Firebase Crashlytics. Your consent also will allow Firebase Crashlytics to store and gain access to a per-installation identifier on your mobile device.
User Analytics & Remote Configuration
To improve the user experience of the App and notify users about upcoming App changes, we process information about your mobile device and your interaction within our App.
You also consent to Leanplum Inc. and Google LLC storing and accessing information on your device, including unique per-installation identifiers that are only used in relation to analytics and remote configuration.
To analyze how users generally interact with our App, identify problems we should fix, and determine which features we should support or remove, we use third-party tools—Leanplum’s solutions and certain of Google’s Firebase services (see Section 10 of this Policy) to process:
Per-installation identifiers (a random installation identifier unique to Firebase and one unique to Leanplum);
Device-specific information (e.g., model, operating system, version number);
User interaction statistics (e.g., the number of daily active users, how often and when users launch or close our app, which App screens users open, how they interact with different App features); and
Coarse geographic location information inferred from your IP address (e.g., city, country).
For example, we use these services to test which App features users use. These services also allow us to notify users about upcoming app changes (e.g., to send in-app messages or show push notifications). We do not combine personal information collected through the Firebase and Leanplum services with any other personal information we may have received from you for other purposes.
Your consent will allow us to disclose and process your Personal Information through the Leanplum and Firebase services we currently use. Your consent also will allow Leanplum and Firebase to store and gain access to unique identifiers on your mobile device.
Ad Attribution and Related User Analytics
To determine the effectiveness of our own marketing campaigns, we process information about your mobile device, coarse location data, and how you interact with our marketing campaigns. You also consent to AppsFlyer Ltd. storing and accessing this information on your device, including a unique per-installation identifier that is only used in relation to ad attribution and related user analytics.
To determine the effectiveness of our own marketing campaigns and which marketing channels work best for us, we use a third-party tool—AppsFlyer Ltd.’s Measurement Suite and Marketing Analytics (“AppsFlyer”) (see Section 10 of this Policy)—to process:
Device-specific information (e.g., model, operating system and version number);
Per-installation identifier (a random installation identifier unique to AppsFlyer);
Coarse geographic location information inferred from your IP address (e.g., city, country).
For example, AppsFlyer helps us understand when a user has finished setting up this App and if a user remains active on this App after a certain number of days. We do not combine personal information collected through AppsFlyer with any other personal information we may have received from you for other purposes.
Your consent will allow us to disclose and process your Personal Information through AppsFlyer. Your consent will also allow AppsFlyer to store and gain access to a per-installation identifier on your mobile device.
ii. Processing of your Personal Information for Other Purposes
data.ai also processes your Personal Information in compliance with legal obligations and our own legitimate interests as a company, including to:
Protect and enforce data.ai’s legal rights, including our IP rights and other assets;
Meet legal compliance obligations, including corporate reporting, legal and regulatory compliance and fiduciary obligations;
Protect the security of our products, services, and systems, manage business continuity and disaster recovery operations;
Enable access to and use of the App;
Provide App updates and other processing necessary for enforcement of our Terms of Service and in general the operation of the App.
iii. Overview of Processing Activities and Legal Bases for EU users
3. How We Disclose Your Information
Corporate Affiliates
data.ai may share Personal Information with our Related Companies in the ordinary course of business and for the purposes of providing the services set forth in this Policy. See a list of our Related Companies here.
Service Providers
Depending on the choices you make in the App, we share your Personal Information with third-party service providers (see Section 10 of this Policy). We also share your Personal Information with our data analytics service providers and customer-service support. We enter into confidentiality and data processing agreements with these providers to provide appropriate and suitable safeguards for their processing of your Personal Information.
We also share your email with Tango Card Inc. in order to facilitate the redemption of Points.
As Required by Law and Similar Disclosures
Subject to applicable local laws and regulations, we disclose Personal Information we have about you: (i) if we are required to do so by law, regulation, or legal process, such as a court order or subpoena; (ii) in response to requests by government agencies, such as law enforcement authorities; (iii) when we believe disclosure is necessary or appropriate to protect against or respond to physical, financial or other harm, injury, or loss to property; or (iv) in connection with an investigation of suspected or actual unlawful activity.
Merger, Sale, or Other Asset Transfers
Subject to possible restrictions under applicable local laws and regulations, data.ai may disclose your Personal Information to a potential or actual acquirer, successor, or assignee as part of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets, or stock (including in bankruptcy or similar proceedings).
Aggregated Information
If you have consented to market research on social media mobile ads, we will aggregate your Personal Information with other information. We will only share such information in an anonymized and aggregated manner or for the purpose of providing data.ai services to third parties. We do not sell your Personal Information.
4. Transfers to Other Countries
The App is provided from the United States and other locations, and we may transfer your Personal Information internationally, including to the United States, in accordance with applicable local laws and regulations. These countries may not have the same high level of protection as the data protection laws in the country from which you initially provided the information.
Where required to comply with applicable law, we rely on appropriate and suitable safeguards including EU Standard Contractual Clauses to transfer Personal Information to countries outside the European Economic Area (“EEA”) or Switzerland as well as the Addendum B.1.0 issued by the Information Commissioner of the UK (as it is revised from time to time under section 18 of its mandatory clauses) for transfers of Personal Information outside the United Kingdom, where an adequate level of protection is not already guaranteed. We also transfer Personal Information to countries for which an adequacy decision of the EU Commission or other regulatory agency exists.
See a list of our Related Companies and service providers, their locations as well as the transfer safeguards applied or whether an adequacy decision exists here.
You may contact us as specified in the “How to Contact Us” Section 12 of this Policy to obtain a copy of the clauses, relevant data transfer agreements or safeguards we use to transfer Personal Information outside of these countries/regions.
5. Data Retention
Personal Information will be stored and kept as long as needed to carry out the purposes described in this Policy or as otherwise required by applicable law. Unless we are required or permitted by law to keep this information for a longer period of time, when this information is no longer necessary to carry out the purposes for which we process it, we will delete your Personal Information or keep it in a form that does not permit identifying you. When determining the retention period, we take into account various criteria, such as the type of services requested by or provided to you, the nature and length of our relationship with you, possible re-enrollment with our App, the impact on the App we provide if we delete some Personal Information from or about you, mandatory retention periods provided by law and the statute of limitations, and our use of your information for aggregated market research. For example, we delete your IP address within 30 days of collection and we delete your unique installation identifier within 3 years of collection.
6. Our Commitment to Security
data.ai cares about the security of your information, and employs reasonable physical, technological and administrative measures to protect the information you submit via the App against loss, theft, and unauthorized access, use, disclosure or modification. For more information on the security measures taken by us, please contact us at the e-mail address provided in the “How to Contact Us” Section 12 of this Policy. However, we cannot ensure or warrant the security of any information you transmit to us or guarantee that information on the App may not be accessed, disclosed, altered or destroyed.
Electronic communications sent to or from the App may not be secure. You should use caution whenever submitting information online and take special care in deciding what information you send to us. If you have reason to believe that your Personal Information is no longer secure, please notify us at the e-mail address provided in the “How to Contact Us” Section 12 of this Policy.
7. Children’s Privacy
We do not knowingly collect, maintain, or use Personal Information from children, and no part of the App is directed to children. If you learn that your child has provided us with Personal Information without your consent, then you may alert us at support@brightlabsapp.zendesk.com. If we learn that we have collected any Personal Information from children, then we will promptly take steps to delete such information.
8. Do Not Track
Some web browsers incorporate a “Do Not Track” feature. Because there is not yet an accepted standard for how to respond to Do Not Track signals, our App does not currently respond to such signals. If you want to restrict ads in general on your devices you may opt out from ad tracking by enabling “Limit Ad Tracking” or “Opt Out of Ads Personalization” (as applicable to your device) in your device settings.
9. Your Rights and Choices
i. Global Rights & Choices
All App users have the following rights regarding their personal information.
Right to Object. You have the right to object at any time to the processing of Personal Information on grounds relating to your particular situation, including an absolute right to object to the processing of your Personal Information for direct marketing purposes. However, please note that we do not process your Personal Information for direct marketing purposes.
Right to Know/Access. You have the right to obtain confirmation from us as to whether Personal Information relating to you is being processed by us and, where that is the case, to the extent reasonably feasible, the right to access such Personal Information and receive a copy.
Right to Delete/Erasure. If you have consented to sharing social media mobile ads market research with us and you want to erase any Personal Information that we receive, please go into the App’s Settings and log out of the social media accounts where you have shared your login credentials with us.
For deletion/erasure requests related to all of your Personal Information received by data.ai through the App, you can delete the App from your device. If you delete the App from your device, we will no longer receive any of your information including Personal Information, and we will no longer be able to identify you as a user of the App. If you would like to request any information about the deletion/erasure of Personal Information received please contact us.
Right to Rectify/Correct Inaccurate Information. If we process inaccurate, incomplete, or outdated Personal Information, you have the right to update or correct your Personal Information. However, data.ai does not have an ability to rectify/correct your Personal Information collected through your use of the App; it can only delete your Personal Information. As described in the “Right to Delete/Erasure” subsection above, once you have deleted the App, any Personal Information that you had provided through the App is anonymized.
Right to Withdraw Consent. If processing is based on your consent, you may withdraw your consent at any time, which would not affect the lawfulness of processing based on consent before its withdrawal. You can withdraw your consent by logging out of the social media accounts you have given us access to from within the App and through the Settings in the App.
Right to Data Portability. If processing is based on your consent and the data processing is carried out by automated means, you have a right to receive, to the technically reasonably feasible, the Personal Information concerning you in a structured, commonly used and machine-readable format and the right to transmit that information data to another controller.
Right to Restrict. You have the right to restrict us from continuing to process your Personal Information under certain circumstances (e.g., you contest the accuracy of your Personal Information or when you believe that we are processing your Personal Information beyond the original purpose). To exercise this right, please go into the App’s Settings and log out of the social media accounts where you have shared your login credentials with us. If you’d like to delete all your Personal Information, you can do so by following the directions above in the “Right to Delete/Erasure” subsection above.
Right to Lodge a Complaint. Depending on your country of residence, you have the right to lodge a complaint with the competent data protection supervisory authority. You can, for example, contact the supervisory authority in the EU Member State of your residence, place of work or place of the alleged infringement. For more information on how to lodge a complaint in the EU/EEA, please see https://edpb.europa.eu/about-edpb/board/members_en.
Right to Opt Out of the Sale of Personal Information. We do not sell or share your personal information as defined under California and other state laws and we do not collect any sensitive personal information for the purpose of inferring characteristics about you.
Right to Appeal. Certain states in the United States (e.g., Colorado, Connecticut, and Virginia) allow you to appeal instances of where we are not able to honor your exercise of your Personal Information rights. If you are in one of these states and wish to appeal a decision we made with respect to exercising a right about your Personal Information, you must email us at BL-privacy@data.ai and (a) in the email subject line include your state of residence and the words “Appealing Rights Decision,” and (b) in the email body provide an explanation of the basis of your appeal.
Right to Non-Discrimination. We will not discriminate against you for exercising any of your privacy rights. Please note that because the purpose of the App is to create market research by collecting social media ads and ads-related information in exchange for Points, the App will not function unless you consent to the collection of ads and ads-related information via your social media accounts.
data.ai does not process an opt-out preference signal (e.g., the Global Privacy Control) in connection with your use of the App because we do not sell or share your personal information.
If you wish to exercise your rights or have any questions about exercising your rights, please contact us using the information listed in the “How to Contact Us” Section 12 of this Policy.
ii. Additional Information for California Residents
Below is additional information applicable to California residents.
Verification and Authorized Agent
To exercise your privacy rights, please follow the instructions above and the contact information in the “How to Contact Us” Section 12 of this Policy. We will confirm receipt of your requests and respond within 30 calendar days, unless additional time is needed, in which case we will provide notice and an explanation of the reason. Also, to respond to your request to correct, request to know, request to delete, we must verify your identity or authority to make the request and confirm the Personal Information relates to you, or others. To do so, we require your unique alphanumeric App identifier to verify your identity. We also may contact you by email (if you have provided it to us) to verify your identity and ask you additional questions so that we can match your identity with the data we have about you. In some instances, we may ask you to declare under penalty of perjury that you are the consumer whose Personal Information is the subject of the request. If we cannot verify your identity, we may reject your request in whole or in part.
You also may designate an authorized agent to make a request for you. To use an authorized agent, we may require: (1) your signed permission designating the authorized agent; (2) evidence that the authorized agency has power of attorney under the California Probate Code; or (3) proof that the authorized agent is registered with the California Secretary of State and that you have authorized such authorized agent to be able to act on your behalf. We may deny a request from an authorized agent who does not submit sufficient proof.
Notice of Financial Incentive
Because you earn Points in exchange for sharing Personal Information with us, we are providing you with the material terms of the financial incentive program (the “Program”).
We use the Personal Information you provide to create our market research on social media mobile ads. Points are administered by data.ai and the applicable terms, including details of the redemption value of Points and how the value of the Points is determined, are available at https://brightlabsresearch.zendesk.com/hc/en-us/sections/360005728180-Points-Rewards.
In order to participate in the Program, you share Personal Information with us, which includes your social media account credentials, country location, and your device metadata. Through your Personal Information, we collect information about the type of ads you see on your connected social media profiles, which advertisers are promoting them, any URLs that are included in the ads, the specific social media platform on which the ads are shown, and any other information related to the ad campaigns. To earn Points through the App, you must be logged-in to your connected social media account(s) and we must be able to collect social media mobile ads and ads-related information at least once per a 7 day period [Monday 00:00 UTC through Sunday 23:59 UTC].
The value of the Points is determined by data.ai based on the value of the data for data.ai service offerings, the expenses related to the running of the Program, including costs associated with collecting and storing the data and disbursing the rewards to Program users. If you wish to withdraw from the Program entirely, your withdrawal will be subject to the Bright Labs App’s terms linked above. If you wish to stop participating and earning Points through the App, you can do so at any time by logging out of the social media accounts you have given access to from within the App or by removing the App from your device. Whether or not you will be able to redeem any unredeemed Points will be subject to the Bright Labs App’s terms.
Collection of Personal Information, its Purpose, and Disclosure
In the preceding twelve (12) months, we may have collected Personal Information from sources as described in Section 1 of this Policy.
Purposes
In the preceding twelve (12) months, we may have used and disclosed the categories of Personal Information from the sources described in Sections 2 and 3 of this Policy for business purposes, including:
Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting or otherwise blocking participation in the Program those responsible for that activity;
Debugging to identify and repair errors in the App that impair existing intended functionality and improve performance;
Providing services (including providing customer service, optimizing and figuring out the features that users are using in the App); and
Undertaking internal research for technological development and demonstration (e.g., to develop new products or features) and to improve, upgrade, and enhance the App.
We also have used and disclosed the Personal Information we collect for commercial purposes to provide you with our App, as described in Sections 2 and 3 of this Policy.
Disclosure of Personal Information
In the preceding twelve (12) months, we have disclosed your Personal Information for a business purpose, including to the following categories of third parties:
10. Third-Party Platforms
Our App relies on SDKs and related services provided by third parties listed below. Depending on the choices you make in the App these SDKs will be activated or deactivated:
Firebase SDK, provided by Google LLC in the U.S.: Crashlytics, Cloud Messaging, Remote Config, Analytics for Firebase, App Distribution.
You can find more information on Privacy and Security in Firebase, including on the Personal Information processed by Firebase and the device information collected, at https://firebase.google.com/support/privacy.
AppsFlyer SDK, provided by AppsFlyer Ltd. in Israel—Services used: Measurement Suite and Marketing Analytics
You can find AppsFlyer’s Services Privacy Policy, including information on the Personal Information processed by AppsFlyer, at https://www.appsflyer.com/legal/services-privacy-policy/.
Leanplum SDK, provided by Leanplum Inc. in the U.S.
You can find more information on the Personal Information processed by Leanplum at https://docs.leanplum.com/reference/user-and-device-tracking.
In addition, our App may contain links, features, components or other interactive tools of third parties, including information on redemption options through Tango Card, which are administered by Tango Card Inc. Your use and interaction with these services will be governed by their respective terms of service and privacy policies.
11. Updates to this Privacy Policy
We reserve the right to change this Policy at any time. We will post any adjustments to this Policy on this page, and the revised version will be effective the date it is posted, which is identified at the top of the page (see “Last Updated” date above). If we materially change the ways in which we process your Personal Information previously collected from you, we will notify you through our App or any other means. We encourage you to review this Policy, which may be updated from time to time. Your continued use of our App after such amendments will be deemed your acknowledgement of these changes to this Policy.
12. How to Contact Us
data.ai inc. is the entity responsible (data controller) for the processing of your Personal Information.
If you have any questions or concerns about data.ai’s privacy practices or about this Policy, or would like to exercise your rights in relation to your Personal Information, you may:
Contact data.ai via e-mail at: BL-privacy@data.ai with “Bright Labs Life Points” in the header, subject, or body; or
Write us at:
data.ai inc. Legal Department
44 Montgomery Street, Third Floor
San Francisco, CA 94104 USAdata.ai’s Data Protection Officer may be contacted via email (dpo@data.ai) or at the following address:
data.ai inc. Legal Department
ATTN: Data Protection Officer
44 Montgomery Street, Third Floor
San Francisco, CA 94104 USAPhone: +1-844-277-2664