1. Privacy Policy

    Last updated: May 2018

Bright River respects your privacy and this page informs you of our policies regarding the collection, use and disclosure of Personal Data we receive when you visit our website, create an account and make use of our services. By using our website or our services, you agree to the collection and use of information in accordance with this policy.

The security of your Personal Data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

Personal Data
By using our website or our services you may leave certain information behind that may include Personal Data, such as your name and your email address.  


We will only use your Personal Data needed:

  • to provide the service;
  • to manage your company’s account;
  • to enable the processing of payments; and
  • for marketing purposes and to inform you  about developments and changes to our services / products.

We will not share Personal Data with third parties without your prior consent except where Bright River is required to do so by law or as is necessary to perform our services. If we process Personal Data on your behalf we comply with all obligations under the EU General Data Protection Regulation and ensure that our use complies with our commitments to you.

Log Data
Like many site operators, we collect and use information that your browser sends whenever you visit our website (« Log Data ») that is not personally identifiable such as your computer’s Internet Protocol (« IP ») address, browser type, browser version, the pages of our site that you visit, the time and date of your visit, the time spent on those pages and other statistics.
In addition, we may use third party services such as Google Analytics and Hotjar that collect, monitor and analyze this. The information we share will not include Personal Data such as your name and your email address.

Visual Content Data
Bright River may store and use Visual Content Inputs (e.g. image and video inputs) processed by the service solely to provide and maintain the service and to improve and develop the quality of our machine-learning/artificial-intelligence technologies and the training of our designers. The use of your content is necessary for continuous improvement of our services, including the development and training of related services. Except for the features belonging to visual content (such as the models included in the visual content), we do not store or use any personally identifiable information that may be contained in your Visual Content Inputs.

Third Parties
Bright River may engage its service network for the provision of its services. The service network Bright River has established consists of a number of carefully selected professional partners with which Bright River has agreements in place to guarantee the same level of protection you expect from us.

Our service network includes our production facilities that are located in Asia. We never share Personal Data such as your name and your email address with our production facilities. However, our production facilities may have access to the Visual Content Inputs you provided and use it to perform the required services.  Besides our production facilities we also use companies like Google, Microsoft, Adobe, Exact and Salesforce to provide our systems and services.

We guarantee that everything we commit ourselves to pursuant this agreement, also applies to our service network and that we regard their services as part of our responsibility towards you.

Storage of Personal Data & Visual Content Inputs
We will keep your Personal Data, whether or not your account is active, as long as we need it for the purpose for which we received your data in the first instance or to comply with applicable laws, audit requirements, regulatory requests or court decisions.

After your first request to permanently delete your account, we will archive personally identifiable data, such as your name and your email address for two months. After this period has expired, your personally identifiable data such as your name and email address will be permanently deleted.

Non personally identifiable data, such as the materials created from the Visual Content Inputs you provide, will be kept for development and training purposes after you have uploaded the visual content.  

Your rights concerning your Personal Data
Please be aware that you shall have the right to obtain confirmation as to what Personal Data are being processed and where that is the case and, if applicable, to rectify or to erase your Personal Data or to transmit those data to another controller. Besides this, you shall have the right to object, on grounds relating to your particular situation, at any time to processing of Personal Data that concerns you.

Security Measures
We operate sufficient technical and organisational measures to protect your Personal Data against unlawful and unauthorised processing and against accidental loss, destruction or damage. In particular we take the following security measures to protect your privacy:

  • We pseudonyme and encrypt Personal Data for our production facilities outside the EU;
  • Client accounts are encrypted (using MD-5 Encryption);
  • Access to Personal Data is protected;
  • Secured connections for internal and external data transfers;
  • Secured communication with the server (HTTPS / SSL);
  • Data is stored on secured servers;
  • Physical access to the servers and company premises where data is stored, is limited to authorized persons;
  • We only use up-to-date licensed software and up-to-date (Internet) security software;
  • For cloud solutions we have 2-step or 2-factor authentication in use;
  • To ensure the compliance to our security goals we conduct the following tests periodically:
    • Weekly security tests;
    • Monthly vulnerability tests;
    • Regular penetration tests;
    • Periodic monitoring of data security protocol;   
    • Periodic monitoring of access control systems.


Changes to this privacy Policy
We may update this Privacy Policy from time to time, and when we do so, we will update the « last modified » date at the top of this Privacy Policy. By regularly checking this page, you always know what information we collect, how we use it and under what circumstances we share it with other parties.

Please keep in mind that if you enter your email address separately within the feedback button on our website, your email address might end up with parties that provide our cloud software such as Hotjar and might be used for further research purposes.

If you would like to view or contest the accuracy of the personal data we hold about you, please send us an email to privacy@bright-river.com.