Privacy Policy
1. Who We Are
BrightChat provides secure instant messaging, calling, and private social network services to users around the world available through its website or its mobile application (collectively known as the “Services“ or “App”).
Privacy and security are the core of our values. Respect for your privacy and protection of your data are our top priority. Every private message and call is secured by end-to-end encryption so that no one, including us, can read your messages or listen to your conversations except yourself and the intended recipients. Our encryption technology is based on the state-of-the-art Signal Protocol.
We pledge to maintain your trust and confidence as we build a secure and trusted social network to connect all of us around the world. Our mission is to preserve the integrity of open communication and provide our users with the ability to build a better, more upright world within their own online community.
We collect and process limited personal information in accordance with this privacy notice and in compliance with the relevant data protection regulations and laws.
This notice provides you with the necessary information regarding your rights and obligations, and explains how, why, and when we use your personal information, including collect, process, and store your data, etc. We may refer to ShenXun Inc. DBA BrightChat as “BrightChat”, ”we”, ”us”, or ”our”. We may refer to you as ”you”, or ”your”. By registering for, downloading, installing, or using our Services, you accept this Privacy Policy, which is part of our Terms of Service (“Terms”).
Please note that this Privacy Policy does not apply to the practices of third parties that we do not own or control (such as third-party websites that you may access from our Websites), or to individuals that BrightChat does not employ or manage. We have no control over or responsibility regarding the information collected from you by others, such as third-party websites that you access through links on our Services. Instead, such information practices are governed by those entities’ privacy policies. Please review the privacy policies of any third-party websites for information on how those entities collect and use your information.
2. Information We Collect
BrightChat processes your personal information to provide you with our services, and to meet our legal and statutory obligations. We will never collect any unnecessary personal information from you and do not process your information in any way, other than already specified in this notice.
The personal information that we collect includes:
- Individual Identifiers: includes your name, username, date of birth, phone number, and email address.
- Usage and Technical Information: includes features that gather information about how users use it. This assists us with keeping track of preferences, creating a more tailored user experience, and better serving users’ particular interests and needs. This information may include: IP addresses, Website pages viewed and the duration, browser or operating system information, mobile device type, system settings, and aggregate and/or deidentified information related to a person’s interaction with our Website (such as quality of phone call).
- Communications with Us, Preferences, and Other Information you Provide to Us: includes any messages, opinions, and feedback that you provide to us, your user preferences (such as in receiving updates or marketing information), and other information that you share with us when you contact us directly (such as for customer support services).
2.1 Basic Account Information
You do not have to create an account to use some of our Services. If you do choose to create an account, you must provide us with some personal information, which includes your phone number, email address, name, date of birth, location, as well as a BrightChat ID and password for your profile and your account so that we can provide our Services to you.
To make it easier for your contacts and other people to reach you and recognize who you are, the name you choose, your profile pictures, and your BrightChat ID or username (should you choose to set one) on BrightChat are always public. You can also create and manage multiple accounts. Most activities on our Services are public, including but not limited to, posting and commenting. Any comments or other content you contribute to another account’s broadcast will remain part of that broadcast.
You can choose to upload and sync your address book so that we can help you find and connect with people you know and help others find and connect with you. We also use this information to better recommend content to you and others.
2.2 Posting
Information posted about you by other people who use our Services may also be public. For example, other people may tag you in a photo or mention you in a post. You are responsible for your posts and other information you provide through our Services, and you should think carefully about what you make public, especially if it is sensitive information. By publicly posting Content through our Services, you are directing us to disclose that information as broadly as possible.
2.3 Direct Messages and Non-Public Communications
We provide certain features that let you communicate more privately or control who sees your content. For example, you can use direct messages (DM) to have non-public conversations through our Services. When you communicate with others by sending or receiving DMs, we will store and process your communications and information related to them. We also use information about whom you have communicated with and when (but not the content of those communications) to better understand the use of our Services, to protect the safety and integrity of our platform, and to show more relevant content. We share the content of your DMs with the people you’ve sent them to; we do not use them to serve you ads. Note that if you interact in a way that would ordinarily be public with content shared with you via DM, those interactions will be public. When you use features like DMs to communicate, recipients have their own copy of your communications, even if you delete your copy of those messages from your account.
3. Additional Information We Receive About You
We receive certain information when you use our Services or other websites or mobile applications that include our Content, and from third parties including advertisers.
3.1 Location Information
We identify but do not collect information such as your IP address or device settings, to securely and reliably set up and maintain your account and to provide our Services to you.
3.2 Links
In order to operate our Services, we keep track of how you interact with links across our Services. This includes links in emails we send you and links in posts that appear on other websites or mobile applications.
If you click on an external link posted by other users or ad on our Services, that advertiser or website operator might figure out that you came from our Service, along with other information associated with the ad you clicked such as characteristics of the audience it was intended to reach. They may also collect other personal information from you, such as cookie identifiers or your IP address.
3.3 Cookies
A cookie is a small piece of data that is stored on your computer or mobile device. Like many websites, we use cookies and similar technologies to collect additional website usage data and to operate our services. Cookies are not required for many parts of our Services such as searching and looking at public profiles. Although most web browsers automatically accept cookies, many browsers’ settings can be set to decline cookies or alert you when a website is attempting to place a cookie on your computer. However, some of our Services may not function properly if you disable cookies. When your browser or device allows it, we use both session cookies and persistent cookies to better understand how you interact with our Services, to monitor aggregate usage patterns, and to personalize and otherwise operate our Services such as by providing account security, personalizing the content we show you including ads, and remembering your language preferences.
- Authentication cookies which are stored only temporarily at beginning of the session in order to allow normal use of the system and are deleted 30 days after;
- Persistent cookies which are read only by the Website, saved on your computer for a fixed period and are not deleted when the browser is closed. Such cookies are used where we need to know who you are for repeat visits, for example to allow us to store your preferences for the next sign-in;
- Third party cookies which are set by other online services who run content on the page you are viewing, for example by third party analytics companies who monitor and analyze our web access.
3.4 Service Data
We receive information when you view content on or otherwise interact with our Services, which we refer to as “Service Data,” even if you have not created an account. For example, when you visit our websites, sign into our services, interact with our email notifications, use your account to authenticate to a third-party service, or visit a third-party service that includes our Content, we may receive information about you.
This Service Data includes information such as your IP address, browser type, operating system, the referring web page, pages visited, location, your mobile carrier, device information (including device and application IDs), search terms (including those not submitted as queries), and cookie information. We also receive Service Data when you click on, view, or interact with links on our Services. We use Service Data to operate our Services and ensure their secure, reliable, and robust performance. For example, we use Service Data to protect the security of accounts and to determine what Content is popular on our Services. We also use Service Data to improve the Content we show you, including ads and to improve the effectiveness of our own marketing.
We use information you provide to us and data we receive, including Service Data and data from third parties, to make inferences like what topics you may be interested in, how old you are, and what languages you speak. This helps us better promote and design our Services for you and personalize the Content we show you.
3.5 Other Third Party and Affiliate Data
We may receive information about you from third parties who are not our ad partners, such as others on our platform, partners who help us evaluate the safety and quality of Content on our platform, our corporate affiliates, and other services you link to your account.
You may choose to connect your account to accounts on another service, and that other service may send us information about your account on that service. We use the information we receive to provide you features like cross-posting or cross-service authentication, and to operate our Services.
4. How We Use Information
We use your contact information, such as your email address or phone number, to authenticate your account and keep it secure. We also use contact information to enable certain account features, and to send you information about our Services, and to personalize our Services. If you provide us with your phone number, you agree to receive text messages from us to that number as your country’s laws allow. We also use your contact information to market to you as your country’s laws allow, and to help others find your account if your settings permit, including through third-party services and client applications.
When you log into our platform on a browser or device, we will associate that browser or device with your account for purposes such as authentication, security, and personalization. Subject to your settings, we may also associate your account with browsers or devices other than those you use to log into our platform. When you provide other information to us, including an email address, we associate that information with your account. Subject to your settings, we may also use this information in order to infer other information about your identity, for example by associating your account with email addresses that share common components with the email address you have provided to us. We do this to operate and personalize our Services.
We take your privacy very seriously and will not disclose your data except as outlined in this Privacy Policy, unless required to do so by law. The purposes and reasons for collecting and processing your personal information are detailed below:
- to provide secure messaging service;
- to improve our Services, make it more suitable to your needs and increase their usability;
- to make your experience of using our Services more pleasant;
- to fulfill requests for products, services functionality, support and information for internal operations, including troubleshooting, data analysis, testing, research, statistical, and survey purposes and to solicit your feedback;
- to measure and understand the effectiveness of the advertising we serve to you and others and to deliver targeted advertising;
- Protect or enforce BrightChat’s rights and properties;
- Protect or enforce the rights and properties of others;
- Comply with applicable laws, in response to a lawful and enforceable request by a law enforcement, judicial, or other public authority, or in connection with an applicable legal obligation; and
- Where you otherwise have given BrightChat your consent and permission to do so.
- to customize the content, you see when you use our Services. For example, we may provide you with services based on the language settings you have chosen or show you content that is similar to content that you liked or interacted with.
5. Safeguarding Your Privacy and Personal Information Security
We take strict measures to protect and secure your personal information in our Services. We employ reasonable administrative, physical, and technical safeguards to protect the information we collect, process, and store. However, no website, network, or system can be absolutely protected against intentional or malicious intrusion attempts despite taking appropriate and reasonable precautions. Furthermore, BrightChat does not control the devices, computer or network through which you access the Website or over which you may choose to send personal information or other information to us, and therefore cannot prevent potential interceptions or compromises to your information while in transit. BrightChat makes no guarantee as to the security, integrity or confidentiality of any information transmitted to or from the Services. BrightChat is committed to safeguarding your information to the best of its ability but cannot guarantee the security of electronic communications or transmission made over the Internet.
Encryption is our security strategy to ensure the stored personal information can be accessed only by the authorized roles and services with audited access to the encryption keys. User personal information is encrypted and stored in a private and isolated environment for extended security.
Every message and call is secured by end-to-end encryption so that no one, including us as the provider of services, can read your messages or listen to your conversations. Text and picture in messages from sender are all encrypted before being transferred to the recipient, they can only be decrypted into normal readable format with the specific keys at recipient side. The specific keys are generated between the two users, based on the state of art Signal Protocol. For audio and video call, audio and video data go through streaming encryption to transfer in a format that can not be played back and can only be decrypted by specific keys at the recipient side. All of this takes place automatically inside BrightChat.
6. Information You and We Share
6.1 Sharing You Control
We disclose your personal information with your consent or at your direction, such as when you authorize a third-party web client or application to access your account or when you direct us to share your feedback with a business. If you’ve shared information like DMs with someone else who accesses our platform through a third-party service, keep in mind that the information may be shared with the third-party service. Subject to your settings, we also provide certain third parties with personal information to help us offer or operate our Services.
6.2 Service Providers
We engage service providers to perform functions and provide services for us in the United States and other countries. We may disclose your private personal information with such service providers subject to obligations consistent with this Privacy Policy and any other appropriate confidentiality and security measures, and on the condition that the third parties use your private personal information only on our behalf and pursuant to our instructions (service providers may use other non-personal information for their own benefit).
6.3 Law, Harm, and the Public Interest
Notwithstanding anything to the contrary in this Privacy Policy or controls we may otherwise offer to you, we may preserve, use, or disclose your personal information or other safety data if we believe that it is reasonably necessary to comply with a law, regulation, legal process, or governmental request; to protect the safety of any person; to protect the safety or integrity of our platform, including to help prevent spam, abuse, or malicious actors on our Services, or to explain why we have removed content or accounts from our Services; to address fraud, security, or technical issues; or to protect our rights or property or the rights or property of those who use our Services. However, nothing in this Privacy Policy is intended to limit any legal defenses or objections that you may have to a third party’s, including a government’s, request to disclose your personal information.
6.4 Affiliates and Change of Ownership
In the event that we are involved in a bankruptcy, merger, acquisition, reorganization, or sale of assets, your personal information may be sold or transferred as part of that transaction. This Privacy Policy will apply to your personal information as transferred to the new entity. We may also disclose personal information about you to our corporate affiliates in order to help operate our Services and our affiliates’ services, including the delivery of ads.
6.5 Non-Personal Information
We disclose non-personal information, such as de-identified aggregated information.
6.6 Disclosure of Personal Information to Third Parties
Over the last 12 months, we have disclosed the following types of personal information:
| Category of Information | Examples of Information Disclosed | Categories of Recipients |
|---|---|---|
| Identifying Information | Name, mailing address, email address, phone number, date of birth, and other identifiers. | Our service providers, and government entities (where required by law) |
| Payment Information | No billing information is collected nor disclosed | None |
| Geolocation Information | User might disclose their precise geolocation data with other users but we do not share or disclosed to third parties user’s geolocation. | None |
| Communications with Us, Preferences, and Other Information you Provide to Us | Messages, feedback, and other communications you provide directly to us. | Our service providers, and government entities (where required by law) |
| Usage and Technical Information | Information about your interaction with our Website and content on third-party sites or platforms, such as social networking sites (e.g. IP address; browsing history; search history; device information; information about user’s interaction with Website, such as scrolling, clicks, and mouse-overs via cookies, pixel tags, web beacons, transparent GIFs; browser information; operating system and platform; user content (e.g. photos, videos, audio, images, social media /online posts, first-party works). | Our Service Providers, and government entities (where required by law) |
6.7 Categories of Personal Information Sold
We do not sell your personal information including sensitive personal information to third parties. Please note that “sale” of personal information does not include those instances when such information is part of a merger, acquisition, or other transaction involving all or part of our business. If we sell all or part of our business, make a sale or transfer of assets, or are otherwise involved in a merger or other business transaction, we may transfer your personal information to a third party as part of that transaction. If such transaction materially affects the manner in which your personal information is processed, we will notify you of such change prior to its implementation.
7. Managing And Retaining Your Information
You manage the personal information you share with us.
7.1 Accessing or Changing Your Personal Information
If you have registered an account on our platform, we provide you with tools and account settings to access, correct, delete, or modify the personal information you provided to us and associated with your account. You may also contact us to submit a request related to access, modification or deletion of your information.
7.2 Deletion of Your Personal Information
If you follow the instructions on the platform to cancel your subscription to our platform, your account will be deactivated. When being deactivated, your account, including your display name, username, and public profile, will no longer be viewable on our platform. Search engines and other third parties may still retain copies of your public information, like your profile information and public posts, even after you have deleted the information from our Services or deactivated your account.
7.3 Retention and Deletion of Personal Information
We will retain your personal information for as long as necessary to provide our Services, and as necessary to comply with our legal obligations, resolve disputes, and enforce our policies. Retention periods will be determined taking into account the type of information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time. Under applicable regulations, we will keep records containing client personal information, account opening documents, communications and anything else as required by applicable laws and regulations. We will not retain your personal information or sensitive personal information longer than reasonably necessary for the purposes for which the information was collected.
We may rectify or remove incomplete or inaccurate information, at any time and at our own discretion.
8. International Data Transfers and Certain User Rights
We are based in the United States. We provide services globally using computer systems, servers, and databases located in the U.S. and other countries. When you use our Services from outside of the U.S., your information may be transferred to and processed in the United States. Please note that U.S. data and privacy laws may not be as comprehensive as those in your country. Residents of certain countries may be subject to additional protections as set forth in this Section.
It is our policy to comply with the EEA’s General Data Protection Regulation (GDPR). In accordance with the GDPR, we may transfer your personal information from your home country to the U.S. (or other countries) based upon the following legal bases:
- Legitimate business interests: We could not provide our Service or comply with our legal obligations without transferring your personal information to the U.S.
- Our use of Standard Contractual Clauses (also known as “Model Clauses”) where appropriate.
- You have the right to: opt out of non-essential cookies; access, correct, delete, restrict, or object to our use of your personal information; be forgotten; port your data; and withdraw consents.
f you have a request, complaint or inquiry, please contact us. We are committed to working with you to obtain a fair resolution of any issue. You also have the right to file a complaint with the supervisory data protection authority of your jurisdiction.
Under California’s “Shine the Light” law, California residents have the right to opt out of disclosing information to third parties for the purpose of allowing such third parties to directly market their products and services.
Under the California Consumer Privacy Act (“CCPA”) and California Privacy Rights Act (“CPRA”), California consumers have the following rights, which can be exercised directly or in certain cases, through an authorized agent:
Right to Know. You have the right to request information about the categories and sources of personal information we collect, our purposes for collecting the information, and the types of third parties that receive that information. Details about our data collection, use and third-party disclosures can be found here. In addition, you have the right to request a copy of your personal information. You may exercise this right once per 12-month period.
Right to Delete. You have the right to request that we delete some or all of the personal information that we have about you in the situations set forth by applicable data protection law and upon receipt of a verifiable request. Deleting all data will typically require the deletion of your account, along with all Content. Notwithstanding the foregoing, we may retain information to provide Services you have ordered, complete transactions, honor opt-outs, prevent fraud, spam, and other abuse, comply with our legal obligations, cooperate with law enforcement, and to exercise and defend our rights.
Right to Opt-Out of the Sale of Personal Information. You have the right to opt out of the sale of your personal information, and to request information about whether we have sold your personal information in the past 12 months. We do not sell personal information, and we have not done so in the last year. If we begin to do so, we will update this notice and provide a mechanism to opt out of any such sale. Right to Non-Discrimination. We won’t discriminate against you because you exercise any rights herein.
To exercise your rights to know and delete, we must be able to verify your identity as the owner of the account you are inquiring about. We may not be able to fulfill your request until we can do so. In general, we verify identity by confirming that you are the owner of the email address or phone number associated with the account. If you do not have an account, we may request additional information, but will not require you to create an account to submit a request. An authorized agent submitting a request on your behalf must also have access to the email address associated with the account, along with sufficient evidence that you have authorized that person to submit the request on your behalf. Although you need not have an account to submit a request, we may not be able to locate certain information to process your request if you don’t have one.
Nevada residents have the right to opt out of the sale of certain “covered information” collected by operators of platforms, websites or online services. We currently do not sell covered information, as “sale” is defined by such law, and we don’t have plans to sell this information. However, if you would like to be notified if we decide in the future to sell personal information covered by the Act, you can provide notify use by sending an email to us with the subject line, ”Nevada Do Not Sell Request” along with your first and last name, zip code, and whether you are a former or current account holder or user. Your email address must match the email address on your account to process this request. You are responsible for updating any change in your email address by the same method and we are not obligated to cross-reference other emails you may have otherwise provided us for other purposes. We will maintain this information and contact you if our plans change. At that time, we will create a process for verifying your identity and providing an opportunity to verified consumers to complete their opt-out. Please become familiar with our data practices as set forth in this Privacy Policy. We may disclose your data as explained in this Privacy Policy, such as to enhance your experiences and our Services, and those activities will be unaffected by a Nevada do not sell request.
9. “Do Not Track” Signals
We do not support “Do Not Track.” Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable “Do Not Track” by visiting the “Preferences” or “Settings” page of your web browser.
Third parties may collect data that relates to you. We cannot control third parties’ responses to do-not-track signals or other such mechanisms. Third parties’ use of data relating to you and responsiveness to do-not-track signals is governed by their respective privacy policies.
10. Children’s Privacy
We do not knowingly collect personal information from individuals who are under the minimum required ages specified herein. You must be at least 18 years old or the age of majority in your jurisdiction, whichever is greater, to use our Services. Individuals under the applicable age may use our Services only through a parent or legal guardian’s account and with their involvement.
The Services are intended for a general audience. If a minor is to use our Services and provides Personal Information, the minor must do so with the consent of his/her guardian. You represent and warrant that you have the right capacity and legal capacity required for using our Services. If you are a minor, you represent and warrant that you are using our Services with the consent of your guardian. We have voluntarily imposed age restrictions on certain Services in cases where we are unable to confirm that you are of a certain age.
If you are a parent or legal guardian who believes your child has provided personal information to us without your consent, you may contact us to delete such information.
11. Contact Us
If you have any questions about this privacy policy, or if you would like to exercise your privacy rights as described above, you are welcome to contact us at service@brightchat.com.
12. Updates to Our Privacy Policy
We may change this notice from time to time. Our privacy policies will be periodically reviewed and evaluated in connection with new products, new services, new technologies, changes in law and your needs. All changes will be posted and updated here. We will notify you by email (if we hold one for you) if any significant changes occur. We encourage you to read this notice carefully, and to regularly check this page to review any changes we might make in accordance with the terms of this notice. Changes to this Privacy Policy will be effective when they are posted on this page. By continuing to access or use the Services after those changes become effective, you agree to be bound by the revised Privacy Policy.
13. Difficulty Accessing Our Privacy Policy
Individuals with disabilities who are unable to usefully access our Privacy Policy online may contact us to inquire how they can obtain a copy of our policy in another, more easily readable format.
Last updated: September 15, 2022