How it works
Who sees my data?
To keep your data secure, we make sure that the data is only used when needed, and only accessible by those who need to use it.
The first way we do that is to assign you a random client code. We never discuss you, orally or in writing, by name or organization. We also restrict access to your personal information to those employees who need that information to provide services to you; in most cases, this is the analyst assigned to your case and the director of client services.
The following third parties manage your data, but only the data that is necessary to research you. We only choose partners who take your security seriously, and for each subprocessor, we have enforced the greatest user-side security measures across all of our users, including but not limited to, HTTPS websites and multi-factor authentication.
Will you take everything off the internet about me?
We would LOVE to.
Unfortunately, there is no overarching US policy regarding the privacy and security of your data, like the European Union’s GDPR framework. Some states have privacy laws, like California, Virginia, Connecticut, Colorado and Utah. These vary in strength and enforcement.
What that means is that we can opt you out of some sites – for now. Sometimes we ask nicely to have your information removed. Sometimes we apply arcane legal mechanisms to try and enforce a removal. We do our best, and will work our butts off for you. But we cannot guarantee that third parties will honor the requests or remove your data.
Unfortunately, some sites will repost your data after we’ve requested its removal. This is why we:
set up subscriptions to last 6-12 months, and
work to get your data removed at the source, to stem the flow of your data back to data broker websites.
What information do you collect and how do you use it?
Contact information, such as email address and phone number. We use this to communicate with you, for updates on your case, notifications of the availability of a new report, or to set up a call to gather feedback. Your contact information is not used for marketing purposes or without your permission.
Personal information you provide during our intake process. This personal information (PII) is only accessed by Brightlines team members who are researching YOU, and access to it is restricted to our research team. All team members sign non-disclosure agreements agreeing to protect your data, follow robust device and data security measures to make sure data cannot be hacked, and receive tools and guidance for handling sensitive data, avoiding social engineering, and other non-technical attacks. Upon completion of your Brightlines subscription, your personal data is scrubbed from our systems. See more about our security practices and data retention policies.
Payment information, such as your credit card or bank account information. This is used only for billing purposes. Online payments are processed by our bank and/or accounting platform, and check payments are processed by our accredited accounting firm.
Google email address and the name attached to it if you choose to access your account via Google Single Sign On.
Hardware and software information, such as device and application data, used when accessing our website, via Google reCAPTCHA APIs. The reCAPTCHA API works by collecting hardware and software information, such as device and application data, and sending this data to Google for analysis. The information collected in connection with your use of the service will be used for improving reCAPTCHA and for general security purposes. It will not be used for personalized advertising by Google. You can find further details via this link.
Website logs and cookies, including IP address, browser and device type, operating system, referring web page, the date and time of page visits, and the pages accessed on our websites. Squarespace collects this information by default. For more on their practices, see this page.
Feedback that you may provide us, verbally or in writing, that we use to improve the services we provide to you and all our clients.