BrightNest Privacy Policy

Effective date: December 2023

1. Who We Are

Brainwave D.O.O. (“BrightNest,” “we,” “our,” or “us”) provides mobile and web services that promote mindfulness and well-being. This notice explains how we collect, use, and protect your information when you:

  • Visit any BrightNest website, including brightnest.app.
  • Install or use our mobile application BrightNest.
  • Interact with us via social media, marketing campaigns, events, or customer support.

Questions? Write to legal@brightnest.app.

2. Quick Highlights

  • Data collected — account details, device info, usage logs, limited location data.
  • No sensitive data — we intentionally avoid collecting it.
  • No third-party data purchases.
  • Why we use data — run, secure, improve, and personalise the Services; meet legal duties; fight fraud.
  • Sharing — only with trusted vendors, affiliates, or if required by law. We do not sell personal data.
  • Security — industry-standard safeguards, though no system is 100 % hack-proof.
  • Your rights — access, correct, delete, restrict, or object, depending on where you live.

3. Information We Collect

3.1 Information you provide

  • Name, email, username, password, communication preferences.
  • Content you submit (feedback, support requests, survey answers).

3.2 In-app & device information

  • Device access (reminders, storage, camera) — always under your control.
  • Device data (ID, model, OS version, carrier, IP).
  • Usage logs (feature taps, time stamps, crash reports).
  • Push notifications — only if you enable them.

3.3 Automatic technical data

We record browser type, language, referrer, and coarse location via IP to secure the platform and analyse performance. Cookies, pixels, and similar tech help us remember settings and measure engagement.

4. How We Use Information

  • Authenticate and manage user accounts.
  • Deliver audio sessions, reminders, and personalised content.
  • Provide customer support and troubleshoot issues.
  • Send service updates and important policy alerts.
  • Process payments and manage purchases.
  • Conduct analytics and improve features.
  • Detect and prevent fraud or abuse.
  • Run marketing or promotional campaigns with your consent.
  • Comply with legal obligations or defend legal rights.

5. Legal Bases (EEA/UK)

We rely on one or more of the following:

  • Consent — e.g. for marketing emails.
  • Contract — to deliver the services you request.
  • Legitimate interests — product improvement, analytics, fraud prevention.
  • Legal obligation — tax, accounting, and regulatory duties.
  • Vital interests — to protect someone’s life or safety.

Canadian users: we rely on express or implied consent unless an exception under PIPEDA applies.

6. When We Share Data

We disclose personal information only:

  • To vetted vendors (hosting, analytics, email, payments) bound by contract to safeguard data.
  • To affiliates under common ownership who honour this policy.
  • During a business transfer such as a merger or acquisition.
  • When required by law or to protect rights, safety, or property.
  • With your direction — e.g. when you link a third-party account.

7. Third-Party Links

BrightNest may link to external sites or display third-party offers. We are not responsible for their privacy practices. Review their policies before sharing information.

8. International Transfers

Data is stored on servers in Phoenix, USA and may be processed in other countries where our partners operate. We use appropriate safeguards (e.g. standard contractual clauses) where required.

9. Data Retention

We keep personal data while your account is active and for a reasonable period afterward to meet legal, tax, or audit requirements. When no longer needed, we delete or anonymise it.

10. Security

BrightNest employs encryption in transit, access controls, monitoring, and backups, but no online system is completely secure. Use the Services at your own risk and protect your account with a strong password.

11. Children

BrightNest is not directed to children under 18. If we discover we have collected data from a minor, we will delete it promptly.

12. Your Rights

Depending on your location, you may access, correct, delete, restrict, or object to processing of your data, and withdraw consent at any time. Submit requests via our contact form or email legal@brightnest.app.

13. Do-Not-Track

Because no industry-wide DNT standard exists, we currently do not respond to DNT browser signals.

14. US State-Specific Disclosures

Residents of California, Colorado, Connecticut, Utah, and Virginia enjoy additional rights, including opting out of data “sales” or targeted advertising. See the Appendix A below for full details and instructions.

15. Changes to This Policy

We may update this notice from time to time. A revised “Effective date” will appear at the top. Major changes may be announced in-app or via email. Continued use of BrightNest means you accept the revised policy.

16. Contact Us

Brainwave D.O.O.
Veselin Vuevski 7
1300 Kumanovo, North Macedonia
legal@brightnest.app

17. Access or Delete Your Data

Log in to your BrightNest account to manage most settings, or submit a request through brightnest.app/contact.

Appendix A — US State Privacy Rights

California (CCPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and Virginia (VCDPA)
• Categories collected: identifiers, contact details, device info, internet activity, location, and inferences — retained while your account is active.
• No sale of personal data for monetary consideration.
• Limited sharing with service providers under contract.
• Opt-out: disable non-essential cookies in our banner or email us with subject “Opt-out”.
• Appeals: email legal@brightnest.app (subject “Privacy Appeal”).