We have built the platform with security as our #1 priority. We use a PCI-certified Service Provider that has been certified with the highest level of security for processing credit card transactions. For more information about this, please take a look at this information on Stripe security. If you have any questions, feel free to email us on firstname.lastname@example.org.
Last Updated: May 25th, 2018
Information We Collect
When you register for or use a Bright Funds account, we may collect your name, location, phone number, address, email address and other related information.
In some cases we are provided with information about you by your employer, when your employer has engaged us to make our platform available to you. In addition to the above basic personal information, we might also be provided with information related to your employment with your employer, such as office location, reporting level, employment status, etc.
When you access your Bright Funds account to manage your portfolio or settle funds, we may collect bank account and payment card numbers, and information about financial institutions where you conduct business.
We may verify your identity to underwrite your application for an account. If so, we may request additional personal information. We may ask you for your driver’s license number, social security number, birth date or other personal information. We may obtain information about you from third party verification services and credit bureaus.
When you use the Service, we may record your account transactions, device location, and sometimes information about your computer or access device.
Additional information from or about you may also be collected in other ways, including responses to customer surveys or your communications with our customer service team.
We use technology to collect information
Log FilesLog file information is automatically reported by your browser each time you access a web page. When you register with or view our site, our servers automatically record certain information that your web browser sends whenever you visit any website. These server logs may include information such as your web request, Internet Protocol (“IP”) address, browser type, referring / exit pages and URLs, number of clicks, domain names, landing pages, pages viewed, and other such information.
It is important for us to track how our website is used, and we (or our service providers) may place “cookies” on your computer or device. Cookies are small data files that identify you when you use Service. You have the option to decline our cookies by using your browser’s settings tools, but this may interfere with your use of the Service. Other web pages, particularly those which require a login and password, require cookies and cannot be used when you have disabled cookies in your browser. For additional information about cookies and other tracking technologies, including instructions for blocking their use, see http://www.cookiecentral.com/faq/.
In addition, we use web beacons in conjunction with cookies to understand user behavior. Web beacons are simply a convenient way of gathering basic statistics and managing cookies, and do not give away any extra information from your computer. Turning off your browser's cookies will prevent web beacons from tracking your specific activity.
Protecting Personal information
Our safeguards and procedures have been implemented in accordance with US state and federal law and regulations to maintain the physical and electronic security of our software, services and your Personal Information. Our measures include firewalls, system-wide data encryption, physical and electronic access controls, and strict rules regarding the access and use of data on our system.
Consent to Transfer, Processing and Storage of Personal Information.
We may transfer your Personal Information to the United States, to any affiliate worldwide, or to third parties acting on our behalf for the purposes of processing or storage, and by providing any Personal Information you fully understand and unambiguously consent to such transfer, processing and storage of such information. See below under Rights of European Economic Area individuals for more information about this.
Using Personal Information
We use your Personal Information to provide you the features and functionality of the Service, and may share it with our trusted third parties, to ensure that you have a safe, high-performance experience when using the Service. When you use the Service, including making a payment, managing your portfolio, managing your funds, contacting customer service or requesting technical support, in addition to many other interactions with Bright Funds, we will apply the information that we have collected. Knowing this information allows us to verify your identity, communicate with you and enforce our agreements with you, as well as secure the best possible experience for all Bright Funds users by ensuring compliance with US state and federal laws and our own policies. We may also use this information to measure how our members use the Service, and improve and enhance our offerings to you.
Bright Funds may use certain information about you without identifying you as an individual to third parties. We do this for purposes such as analyzing how the Service is used, diagnosing service or technical problems, maintaining security, and personalizing content.
Sharing Personal information
Bright Funds will not rent or sell your Personal Information to others. Bright Funds may share your Personal Information with third parties for the purposes set forth below.
Service Providers: We may share your Personal Information with third party service providers for the purposes of providing services to you (such as those described below). If we do this, we only provide them with the information that they need to perform their specific function. We may store Personal Information in locations outside the direct control of Bright Funds (for instance, on servers or databases co-located with hosting providers).
Payment Processing: Processing payment transactions requires that we share your Personal Information with third parties, including but not limited to:
Donations: When you make a donation to a charity other than Bright Funds Foundation through the Website, you may be asked what information you wish to be shared with the recipient charity(ies). You may have a choice of: name and email address, name only, or no personal information (anonymous). We respect donor privacy and only share information with donor consent. For example, when a donor has asked to remain anonymous, no information is shared with the charity – we simply confirm that a donation has been made.
Most donations through the site are made to Bright Funds Foundation, a nonprofit, California public benefit corporation recognized by the IRS as exempt from income tax under Internal Revenue Code Section 501(c)(3). When you donate to Bright Founds Foundation, your information will be shared with Bright Funds Foundation for the purpose of general operation, as well as in connection with its sponsorship of the donor advised fund into which your donations are deposited and granted to advised grantees. Bright Funds Foundation has certain legal obligations that it is required to comply with and reserves the right to use and disclose certain donation and grant data (such as the nonprofit’s name, address, and donation amount) for legal and regulatory purposes including reporting information to the IRS on its Form 990 relating to grants made from its Donor Advised Fund.
Specific Third Parties: See below in the Rights of European Economic Area individuals section for a specific list of other third parties that we may share your data with in the course of providing services to you.
Enterprise Customers: if you are an employee or affiliate using Bright Funds as an offering through your company or organization, we may share your Personal Information with that company in order for them to determine usage of Bright Funds or for other purposes.
Legal Reasons: We may share your Personal Information with Law enforcement authorities or government representatives who may require us to share such information in order to comply with court order and other legal mandates, or when we believe that disclosure is necessary to report suspicious activities, prevent physical harm, financial loss, or violations of our agreements and policies.
Other Reasons: We may share your Personal Information with other third parties, subject to your prior consent or direction.
Business Transactions: As we develop our business, we may buy or sell assets or business offerings. User, transaction, email, visitor and other information is generally one of the transferred business assets in these types of transactions. We may also transfer such information in the course of corporate divestitures, mergers, or dissolution.
Events: From time to time, we may run contests, special offers, or other events or activities (“Events”) on the Service together with third party partners. If you provide information to such third parties, you give them permission to use it for the purpose of that Event and any other use that you approve. We cannot control third parties’ use of your information. If you do not want your information to be collected by or shared with a third party, you can choose not to participate in these Events.
Compromise of Personal Information
Your Choices About Your Information
You may, of course, decline to submit Personal Information through the Service, in which case Bright Funds may not be able to provide certain services to you. You may update or correct your account information at any time by logging in to your account. You can review and correct the information about you that Bright Funds keeps on file by contacting us as described below.
Protecting the privacy of young children is important; therefore, Bright Funds does not knowingly collect or solicit Personal Information from anyone under the age of 13 or knowingly allow such persons to register with our Service. If you are under 13, please do not send any information about yourself to us, including your name, address, telephone number, or email address. No one under age 13 is allowed to provide any Personal Information to Bright Funds or in connection with the Service. In the event that we learn that we have collected Personal Information from a child under age 13 without verification of parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13, please contact us as described below.
Links to Other Web Sites
It is our policy to provide notifications, whether such notifications are required by law or are for marketing or other business related purposes, to you via email notice, written or hard copy notice, or through conspicuous posting of such notice on our website, as determined by Bright Funds in its sole discretion. We reserve the right to determine the form and means of providing notifications to you.
Please contact us with any questions or concerns regarding our policy.Bright Funds, Inc.
Rights of European Economic Area individuals
In addition, if you are a resident of the EEA, you have the following data protection rights:
We may collect your personal data for the purposes of our legitimate interests in providing a giving and volunteering platform, provided that these uses aren’t outweighed by your rights or interests. We also need to know who you are in order to process payment transactions, to establish giving records, and for compliance with regulations (for example, India requires charities to collect donor information). We may obtain your information directly from you, such as due to your transactional activity on our platform, and/or from your company in connection with the account creation and update process. For any uses we justify on the basis of legitimate interest, you have the right to opt out of such processing. However, doing so might mean that we will be unable to process a donation transaction by you, or to give you receipts for your records.
Our legal basis for collecting and using the personal information provided by our clients to initiate company programs is a legitimate interests basis. Examples of legitimate interests are internal reporting and analysis to improve the user experience on our platform, sending you communications about organization and cause area interests. Any information provided by any user in any other context is on a consent basis, or to perform a contract with you. Examples of performing a contract with you are: signing up as a user, creating a fund page, sharing a campaign via social media, and logging a volunteer event.
We remind you that, in consenting for us to use your personal information, you may be consenting to the collection and processing of your sensitive personal data, since often where you give or volunteer is an indication of your race/ethnic origin, political opinions, religious/philosophical beliefs, health, and sexual/gender orientation.
Finally, we may have a legal obligation to share your data, such as in the case of sending you receipts for your donation and verifying your identity.
We may share your information with third parties that we partner with as part of providing the services.
Data Protection Officer
We have appointed an internal data protection officer for you to contact if you have any questions or concerns about our personal data policies or practices. Our data protection officer’s name and contact information are as follows:Tom Silver
International Data transfers
Personal information collected by us may be stored and processed in the United States or any other country in which we or our agents maintain facilities, and by providing us with your personal information and using any of our services, you consent to any such transfer of information outside of your country. Note, however, if you are using our platform as an employee pursuant to a company program, we should be considered a “data processor” under applicable privacy laws, and your employer is the “data controller” who has provided such consent. As a result, this personal information may be subject to access requests from the corporate employer, governments, courts, or law enforcement officials in those jurisdictions according to laws in those jurisdictions. Subject to applicable laws in such other jurisdictions, we will ensure that appropriate protections are in place regarding all personal information.
Notice of Privacy Rights of California Residents
California law requires that we provide you with a summary of your privacy rights under the California Online Privacy Protection Act (the “Act”) and the California Business and Professions Code. As required by the Act, we will provide you with the categories of Personally Identifiable Information that we collect through our platform and the categories of third party persons or entities with whom such Personally Identifiable Information may be shared for direct marketing purposes at your request. California law requires us to inform you, at your request, (1) the categories of Personally Identifiable Information we collect and what third parties we share that information with; (2) the names and addresses of those third parties; and (3) examples of the products marketed by those companies. The Act further requires us to allow you to control who you do not want us to share that information with. To obtain this information, please send a request by email to email@example.com or to the mailing address listed above. When contacting us, please indicate your name, address, email address, and what Personally Identifiable Information you do not want us to share with Affiliated Businesses or Marketing Partners. The request should be labeled “California Customer Choice Notice.” Please allow 30 days for a response. Also, please note that there is no charge for controlling the sharing of your Personally Identifiable Information or requesting this notice.