Security

We have built the platform with security as our #1 priority. We use a PCI-certified Service Provider that has been certified with the highest level of security for processing credit card transactions. For more information about this, please take a look at this information on Stripe security. If you have any questions, feel free to email us on support@brightfunds.org.

Privacy Policy

Last Updated: May 25th, 2018

Bright Funds Inc. (“Bright Funds” or “we”) respects your privacy and works hard to protect your personal information. We want you to understand how we may collect, store, use and protect any information, including personally identifiable data (“Personal Information”), collected from you in connection with the Service (as defined below). Personal Information does not include information that has been aggregated or made anonymous. We will not share your Personal Information with anyone except as described in this Privacy Policy. When you downloaded our software or used our website or services, you agreed to accept this policy. We may change this policy at any time. We will post notifications of revised versions of our policy on our website, and revised policies will be immediately effective. Throughout this Privacy Policy, we will refer to our website, software, and services collectively as the “Service.” Please note, this Privacy Policy does not apply to information we collect by other means than your use of the Service (including offline) or from other sources.

Information We Collect

When you register for or use a Bright Funds account, we may collect your name, location, phone number, address, email address and other related information.

In some cases we are provided with information about you by your employer, when your employer has engaged us to make our platform available to you. In addition to the above basic personal information, we might also be provided with information related to your employment with your employer, such as office location, reporting level, employment status, etc.

When you access your Bright Funds account to manage your portfolio or settle funds, we may collect bank account and payment card numbers, and information about financial institutions where you conduct business.

We may verify your identity to underwrite your application for an account. If so, we may request additional personal information. We may ask you for your driver’s license number, social security number, birth date or other personal information. We may obtain information about you from third party verification services and credit bureaus.

When you use the Service, we may record your account transactions, device location, and sometimes information about your computer or access device.

Additional information from or about you may also be collected in other ways, including responses to customer surveys or your communications with our customer service team.

We use technology to collect information

Log Files

Log file information is automatically reported by your browser each time you access a web page. When you register with or view our site, our servers automatically record certain information that your web browser sends whenever you visit any website. These server logs may include information such as your web request, Internet Protocol (“IP”) address, browser type, referring / exit pages and URLs, number of clicks, domain names, landing pages, pages viewed, and other such information.

Cookies

It is important for us to track how our website is used, and we (or our service providers) may place “cookies” on your computer or device. Cookies are small data files that identify you when you use Service. You have the option to decline our cookies by using your browser’s settings tools, but this may interfere with your use of the Service. Other web pages, particularly those which require a login and password, require cookies and cannot be used when you have disabled cookies in your browser. For additional information about cookies and other tracking technologies, including instructions for blocking their use, see http://www.cookiecentral.com/faq/.

In addition, we use web beacons in conjunction with cookies to understand user behavior. Web beacons are simply a convenient way of gathering basic statistics and managing cookies, and do not give away any extra information from your computer. Turning off your browser's cookies will prevent web beacons from tracking your specific activity.

Protecting Personal information

Our safeguards and procedures have been implemented in accordance with US state and federal law and regulations to maintain the physical and electronic security of our software, services and your Personal Information. Our measures include firewalls, system-wide data encryption, physical and electronic access controls, and strict rules regarding the access and use of data on our system.

Consent to Transfer, Processing and Storage of Personal Information.

We may transfer your Personal Information to the United States, to any affiliate worldwide, or to third parties acting on our behalf for the purposes of processing or storage, and by providing any Personal Information you fully understand and unambiguously consent to such transfer, processing and storage of such information. See below under Rights of European Economic Area individuals for more information about this.

Using Personal Information

We use your Personal Information to provide you the features and functionality of the Service, and may share it with our trusted third parties, to ensure that you have a safe, high-performance experience when using the Service. When you use the Service, including making a payment, managing your portfolio, managing your funds, contacting customer service or requesting technical support, in addition to many other interactions with Bright Funds, we will apply the information that we have collected. Knowing this information allows us to verify your identity, communicate with you and enforce our agreements with you, as well as secure the best possible experience for all Bright Funds users by ensuring compliance with US state and federal laws and our own policies. We may also use this information to measure how our members use the Service, and improve and enhance our offerings to you.

Bright Funds may use certain information about you without identifying you as an individual to third parties. We do this for purposes such as analyzing how the Service is used, diagnosing service or technical problems, maintaining security, and personalizing content.

We use cookies and log file information to: (a) remember information so that you will not have to re-enter it during your visit or the next time you visit the site; (b) provide custom, personalized content and information; (c) monitor the effectiveness of our Service; (d) monitor aggregate metrics such as total number of visitors and traffic; (e) diagnose or fix technology problems reported by our users or engineers that are associated with certain IP addresses; and (f) help you efficiently access your information after you sign in.

Sharing Personal information

Bright Funds will not rent or sell your Personal Information to others. Bright Funds may share your Personal Information with third parties for the purposes set forth below.

Service Providers: We may share your Personal Information with third party service providers for the purposes of providing services to you (such as those described below). If we do this, we only provide them with the information that they need to perform their specific function. We may store Personal Information in locations outside the direct control of Bright Funds (for instance, on servers or databases co-located with hosting providers).

Payment Processing: Processing payment transactions requires that we share your Personal Information with third parties, including but not limited to:

  • Providers who provide us a range of essential operational services, including fraud prevention, transaction processing, collections, direct marketing, and managed technology services. Our contracts dictate that these service providers only use your information in connection with the services they perform for us and not for their own benefit.
  • Financial institutions that allow us to offer your payment processing services, and partner with us to develop new offerings for you and other Bright Funds users.
  • Donations made to charities outside of the United States are handled by a third party partner, which will receive certain Personal Information of yours, such as your name and email.

Donations: When you make a donation to a charity other than Bright Funds Foundation through the Website, you may be asked what information you wish to be shared with the recipient charity(ies). You may have a choice of: name and email address, name only, or no personal information (anonymous).  We respect donor privacy and only share information with donor consent.  For example, when a donor has asked to remain anonymous, no information is shared with the charity – we simply confirm that a donation has been made.

Most donations through the site are made to Bright Funds Foundation, a nonprofit, California public benefit corporation recognized by the IRS as exempt from income tax under Internal Revenue Code Section 501(c)(3).  When you donate to Bright Founds Foundation, your information will be shared with Bright Funds Foundation for the purpose of general operation, as well as in connection with its sponsorship of the donor advised fund into which your donations are deposited and granted to advised grantees. Bright Funds Foundation has certain legal obligations that it is required to comply with and reserves the right to use and disclose certain donation and grant data (such as the nonprofit’s name, address, and donation amount) for legal and regulatory purposes including reporting information to the IRS on its Form 990 relating to grants made from its Donor Advised Fund.

Specific Third Parties: See below in the Rights of European Economic Area individuals section for a specific list of other third parties that we may share your data with in the course of providing services to you.

Enterprise Customers: if you are an employee or affiliate using Bright Funds as an offering through your company or organization, we may share your Personal Information with that company in order for them to determine usage of Bright Funds or for other purposes.

Legal Reasons: We may share your Personal Information with Law enforcement authorities or government representatives who may require us to share such information in order to comply with court order and other legal mandates, or when we believe that disclosure is necessary to report suspicious activities, prevent physical harm, financial loss, or violations of our agreements and policies.

Other Reasons: We may share your Personal Information with other third parties, subject to your prior consent or direction.

Business Transactions: As we develop our business, we may buy or sell assets or business offerings. User, transaction, email, visitor and other information is generally one of the transferred business assets in these types of transactions. We may also transfer such information in the course of corporate divestitures, mergers, or dissolution.

Events: From time to time, we may run contests, special offers, or other events or activities (“Events”) on the Service together with third party partners. If you provide information to such third parties, you give them permission to use it for the purpose of that Event and any other use that you approve. We cannot control third parties’ use of your information. If you do not want your information to be collected by or shared with a third party, you can choose not to participate in these Events.

Except as otherwise described in this Privacy Policy, Bright Funds will not disclose Personal Information to any third party unless required to do so by law or subpoena or if we believe that such action is necessary to (a) conform to the law, comply with legal process served on us or our affiliates, or investigate, prevent, or take action regarding suspected or actual illegal activities; (b) to enforce our agreements with our users, take precautions against liability, to investigate and defend ourselves against any third-party claims or allegations, to assist government enforcement agencies, or to protect the security or integrity of our site; and (c) to exercise or protect the rights, property, or personal safety of Bright Funds, our users or others.

Compromise of Personal Information

In the event that Personal Information is compromised as a result of a breach of security, Bright Funds will promptly notify those persons whose Personal Information has been compromised, in accordance with the notification procedures set forth in this Privacy Policy, by email, or as otherwise required by applicable law.

Your Choices About Your Information

You may, of course, decline to submit Personal Information through the Service, in which case Bright Funds may not be able to provide certain services to you. You may update or correct your account information at any time by logging in to your account. You can review and correct the information about you that Bright Funds keeps on file by contacting us as described below.

Children’s Privacy

Protecting the privacy of young children is important; therefore, Bright Funds does not knowingly collect or solicit Personal Information from anyone under the age of 13 or knowingly allow such persons to register with our Service. If you are under 13, please do not send any information about yourself to us, including your name, address, telephone number, or email address. No one under age 13 is allowed to provide any Personal Information to Bright Funds or in connection with the Service. In the event that we learn that we have collected Personal Information from a child under age 13 without verification of parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13, please contact us as described below.

Links to Other Web Sites

Bright Funds is not responsible for the practices employed by websites linked to or from our website, or social networking services integrated with the Service, nor the information or content contained therein. Please remember that when you use a link to go from our website to another website or otherwise use any third party service, our Privacy Policy is no longer in effect. Your browsing and interaction on any other website or service, including those that have a link on the Service, is subject to that website’s or service’s own rules and policies. Please read over those rules and policies before proceeding.

Exclusions

This Privacy Policy does not apply to any Personal Information collected by Bright Funds other than Personal Data collected through the Service. This Privacy Policy shall not apply to any unsolicited information you provide to Bright Funds through the Service or through any other means. This includes, but is not limited to, information posted to any public areas of the Services, such as discussion forums (collectively, “Public Areas”), any ideas for new products or modifications to existing products, and other unsolicited submissions (collectively, “Unsolicited Information”). All Unsolicited Information shall be deemed to be non-confidential and Bright Funds shall be free to reproduce, use, disclose, and distribute such Unsolicited Information to others without limitation or attribution.

Notification Procedures

It is our policy to provide notifications, whether such notifications are required by law or are for marketing or other business related purposes, to you via email notice, written or hard copy notice, or through conspicuous posting of such notice on our website, as determined by Bright Funds in its sole discretion. We reserve the right to determine the form and means of providing notifications to you.

Changes to Our Privacy Policy

If we change our privacy policies and procedures, we will post those changes on our website to keep you aware of what information we collect, how we use it and under what circumstances we may disclose it. Changes to this Privacy Policy are effective when they are posted on this page.

Contact

Please contact us with any questions or concerns regarding our policy.

Bright Funds, Inc.
450 Mission Street, Suite 200
San Francisco, CA 94105
Attn: Privacy Matters

Email: support@brightfunds.org

Rights of European Economic Area individuals

In addition, if you are a resident of the EEA, you have the following data protection rights:

  • If you wish to receive a copy of, correct, update or request deletion, in the form of anonymization, of your personal information, you can do so at any time by contacting us using the contact details provided above. 
  • You can also object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. You can exercise these rights by contacting us using the contact details above. 
  • If your access to our platform is in connection with a company program, we derive the custody or control of the personal information through our company client, the client will be the controller and all requests for access to personal information should be forwarded through such controller to us; if your access is not in connection with a company program (you came to our site and signed up), then we are the data controller and will handle requests for access to your personal information.
  • If we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Even if you withdraw your consent, we might still need to keep and process some of your data to comply with law or in reliance on lawful grounds. 
  • You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. You may contact our Data Protection Officer regarding the processing protection rights in accordance with applicable data protection laws. 


Legitimate Interests


We may collect your personal data for the purposes of our legitimate interests in providing a giving and volunteering platform, provided that these uses aren’t outweighed by your rights or interests. We also need to know who you are in order to process payment transactions, to establish giving records, and for compliance with regulations (for example, India requires charities to collect donor information). We may obtain your information directly from you, such as due to your transactional activity on our platform, and/or from your company in connection with the account creation and update process. For any uses we justify on the basis of legitimate interest, you have the right to opt out of such processing. However, doing so might mean that we will be unable to process a donation transaction by you, or to give you receipts for your records.

Our legal basis for collecting and using the personal information provided by our clients to initiate company programs is a legitimate interests basis. Examples of legitimate interests are internal reporting and analysis to improve the user experience on our platform, sending you communications about organization and cause area interests. Any information provided by any user in any other context is on a consent basis, or to perform a contract with you. Examples of performing a contract with you are: signing up as a user, creating a fund page, sharing a campaign via social media, and logging a volunteer event.

We remind you that, in consenting for us to use your personal information, you may be consenting to the collection and processing of your sensitive personal data, since often where you give or volunteer is an indication of your race/ethnic origin, political opinions, religious/philosophical beliefs, health, and sexual/gender orientation.

Finally, we may have a legal obligation to share your data, such as in the case of sending you receipts for your donation and verifying your identity.

Third Parties


We may share your information with third parties that we partner with as part of providing the services.

  • As noted above, most donations are sent to Bright Funds Foundation, and then on to the charities that you designated.
  • We use the services of GlobalGiving and Charities Aid Foundation America to send your donations to charities outside of the U.S.
  • We use bill.com to send donations and donor information to charities in the U.S.
  • When you communicate with us on our platform, we use the services of Intercom.
  • We use Stripe and PayPal for payment processing when you donate.
  • We use VolunteerMatch to provide you with volunteering opportunities.
  • We use Google Analytics to track user activity on the platform.

Data Protection Officer

We have appointed an internal data protection officer for you to contact if you have any questions or concerns about our personal data policies or practices. Our data protection officer’s name and contact information are as follows:

Tom Silver
Bright Funds, Inc.
450 Mission Street, Suite 200
San Francisco, CA 94105
legal@brightfunds.org
+1 415-851-4400

International Data transfers

Personal information collected by us may be stored and processed in the United States or any other country in which we or our agents maintain facilities, and by providing us with your personal information and using any of our services, you consent to any such transfer of information outside of your country. Note, however, if you are using our platform as an employee pursuant to a company program, we should be considered a “data processor” under applicable privacy laws, and your employer is the “data controller” who has provided such consent. As a result, this personal information may be subject to access requests from the corporate employer, governments, courts, or law enforcement officials in those jurisdictions according to laws in those jurisdictions. Subject to applicable laws in such other jurisdictions, we will ensure that appropriate protections are in place regarding all personal information.

Notice of Privacy Rights of California Residents

California law requires that we provide you with a summary of your privacy rights under the California Online Privacy Protection Act (the “Act”) and the California Business and Professions Code. As required by the Act, we will provide you with the categories of Personally Identifiable Information that we collect through our platform and the categories of third party persons or entities with whom such Personally Identifiable Information may be shared for direct marketing purposes at your request. California law requires us to inform you, at your request, (1) the categories of Personally Identifiable Information we collect and what third parties we share that information with; (2) the names and addresses of those third parties; and (3) examples of the products marketed by those companies. The Act further requires us to allow you to control who you do not want us to share that information with. To obtain this information, please send a request by email to support@brightfunds.org or to the mailing address listed above. When contacting us, please indicate your name, address, email address, and what Personally Identifiable Information you do not want us to share with Affiliated Businesses or Marketing Partners. The request should be labeled “California Customer Choice Notice.” Please allow 30 days for a response. Also, please note that there is no charge for controlling the sharing of your Personally Identifiable Information or requesting this notice.