Privacy Policy

1. Overview

BrightSurf ("we," "us," or "our") is committed to protecting your privacy and being transparent about how we collect, use, and share information when you interact with our science news platform at brightsurf.com (the "Site"). This Privacy Policy explains our data practices and your rights regarding your personal information.

By using BrightSurf, you consent to the collection, use, and sharing of your information as described in this Privacy Policy.

2. Information We Collect

We collect information in the following categories:

A. Information You Provide Directly

• Contact Information: When you email us, subscribe to newsletters, or submit inquiries, we collect your name, email address, and message content.
• User Content: Any comments, feedback, or other content you submit to us.
• Correspondence: Records of communications if you contact us for support or other purposes.

B. Information Collected Automatically

When you visit BrightSurf, we automatically collect certain information:

• Log Data: IP address, browser type and version, operating system, device identifiers, referring/exit pages, date and time stamps, clickstream data, and user agent strings.
• Usage Data: Pages viewed, time spent on pages, links clicked, search queries entered on the Site, features used, and navigation paths.
• Device Information: Device type, screen resolution, browser language, time zone, and general location (country/city level based on IP address).
• Cookies and Similar Technologies: Data collected through cookies, web beacons, pixels, and similar tracking technologies (see Section 5 below).

C. Information from Third Parties

• Analytics Providers: Aggregated demographic and interest data from analytics services.
• Affiliate Networks: Referral confirmation data when you make purchases through affiliate links.
• Social Media Platforms: If you interact with our social media profiles, we may receive information in accordance with those platforms' policies.

3. How We Use Your Information

We use the information we collect for the following purposes:

A. Provide and Improve Our Services

• Deliver and display content tailored to your interests
• Analyze traffic patterns and user behavior to improve editorial coverage
• Troubleshoot technical issues and optimize Site performance
• Develop new features and enhance user experience

B. Communications

• Respond to your inquiries, comments, or support requests
• Send newsletters or updates if you have subscribed (with opt-out options)
• Notify you of changes to our policies or services

C. Security and Compliance

• Detect, prevent, and address fraud, abuse, security incidents, and technical issues
• Enforce our Terms of Service and protect our legal rights
• Comply with legal obligations, court orders, and regulatory requirements

D. Analytics and Research

• Create aggregated, de-identified statistics about Site usage
• Conduct research and analysis to understand audience interests
• Measure content effectiveness and engagement

E. Advertising and Monetization

• Support our affiliate partnership programs
• Track referrals for revenue attribution
• Measure advertising campaign performance (if applicable)

We do not sell your personal information to third parties for their marketing purposes.

4. Legal Basis for Processing (EEA/UK Visitors)

If you are located in the European Economic Area or United Kingdom, we process your personal information based on the following legal grounds:

• Consent: Where you have provided explicit consent (e.g., subscribing to newsletters).
• Contractual Necessity: To provide services you request and fulfill our Terms of Service.
• Legitimate Interests: To improve our services, ensure security, and conduct analytics, where our interests are not overridden by your privacy rights.
• Legal Obligation: To comply with applicable laws and regulations.

5. Cookies and Similar Technologies

A. What Are Cookies

Cookies are small text files stored on your device that help websites remember information about your visit.

B. How We Use Cookies

• Essential Cookies: Required for core Site functionality, security, and access to certain features.
• Analytics Cookies: Help us understand how visitors use the Site through aggregated metrics (e.g., Google Analytics, Plausible, or similar privacy-conscious tools).
• Preference Cookies: Remember your settings and preferences (e.g., dark mode, language).
• Advertising Cookies: May be set by affiliate partners when you click affiliate links to track referrals.

C. Third-Party Cookies

Third-party services (analytics providers, affiliate networks, embedded media players) may set their own cookies. We do not control these cookies. Please review their privacy policies:

• Google Analytics: https://policies.google.com/privacy
• Amazon Associates: https://www.amazon.com/gp/help/customer/display.html?nodeId=468496

D. Managing Cookies

You can control cookies through your browser settings:

• Most browsers allow you to refuse cookies or delete existing cookies
• Visit www.allaboutcookies.org for instructions by browser type
• Note that disabling cookies may limit Site functionality

E. Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals. Currently, there is no industry standard for responding to DNT signals. Our Site does not alter its behavior based on DNT signals, though you can manage tracking through cookie settings and opt-out mechanisms.

6. How We Share Your Information

We do not sell your personal information. We may share information in the following circumstances:

A. Service Providers

We share information with third-party vendors who perform services on our behalf:

• Web hosting and infrastructure providers
• Analytics and performance monitoring services
• Email delivery services
• Security and fraud prevention services
• Customer support tools

These providers are contractually obligated to protect your information and use it only for the purposes we specify.

B. Affiliate Partners

When you click affiliate links (e.g., Amazon links with ?tag=bc02f-20), the destination site may receive information about the referral to track and credit purchases. This is governed by their privacy policies.

C. Legal Requirements

We may disclose information if required by law or in response to:

• Valid legal processes (subpoenas, court orders, warrants)
• Investigations of potential violations of our Terms of Service
• Protection of our rights, property, or safety, or that of users or the public
• Emergencies involving danger of death or serious physical injury

D. Business Transfers

If BrightSurf is involved in a merger, acquisition, bankruptcy, dissolution, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

E. Aggregated or De-Identified Information

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you (e.g., "65% of visitors read articles about neuroscience").

F. With Your Consent

We may share your information for purposes not described in this policy with your explicit consent.

7. Data Retention

We retain information for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

• Log Files: Typically retained for 90 days unless needed for security investigations or legal compliance (up to 1 year).
• Contact Messages: Stored only as long as necessary to address your inquiry, then deleted (typically 6-12 months).
• Analytics Data: Aggregated analytics are retained indefinitely; IP addresses are anonymized or deleted after processing.
• Newsletter Subscriptions: Retained until you unsubscribe, then deleted within 30 days.
• Legal Holds: Information may be retained longer if required by law or pending legal proceedings.

You may request deletion of your personal information by contacting privacy@brightsurf.com (see Section 9 for details).

8. Security Measures

We implement reasonable administrative, technical, and physical safeguards to protect your information:

• Encryption of data in transit using TLS/SSL protocols
• Regular security assessments and vulnerability testing
• Access controls limiting employee access to personal information
• Secure data storage with reputable hosting providers
• Incident response procedures for potential breaches

However, no method of transmission or storage is completely secure. We cannot guarantee absolute security, and you use the Site at your own risk.

9. Your Privacy Rights and Choices

Depending on your location, you may have the following rights:

A. Access and Portability

You have the right to request a copy of the personal information we hold about you and to receive it in a portable format.

B. Correction

You may request that we correct inaccurate or incomplete personal information.

C. Deletion

You may request deletion of your personal information, subject to legal retention requirements.

D. Restriction

You may request that we limit how we use your personal information in certain circumstances.

E. Objection

You may object to processing of your personal information based on legitimate interests or for direct marketing purposes.

F. Withdraw Consent

Where processing is based on consent, you may withdraw consent at any time without affecting prior processing.

G. Opt-Out of Communications

You may unsubscribe from marketing emails using the link in any message or by contacting privacy@brightsurf.com.

H. Cookie Management

You may disable cookies through your browser settings (see Section 5.D).

I. Affiliate Opt-Out

You may avoid affiliate tracking by choosing not to click affiliate links or by blocking third-party cookies.

To Exercise Your Rights:

Email privacy@brightsurf.com with your request. We will respond within 30 days (45 days for complex requests) and may require identity verification to protect your information.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

A. Right to Know

You may request disclosure of:

• Categories of personal information collected
• Categories of sources from which information is collected
• Business or commercial purposes for collection
• Categories of third parties with whom we share information
• Specific pieces of personal information we hold about you

B. Right to Delete

You may request deletion of your personal information, subject to certain exceptions.

C. Right to Opt-Out of Sales

We do not sell personal information as defined by CCPA. We do not sell your information for monetary consideration.

D. Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

E. Shine the Light

California residents may request information about disclosures to third parties for their direct marketing purposes (once per year).

F. Making Requests

California residents may exercise these rights by emailing privacy@brightsurf.com. We will verify your identity before processing requests and respond within 45 days.

11. European Privacy Rights (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation:

• Rights listed in Section 9 above
• Right to lodge a complaint with your local data protection authority
• Right to withdraw consent without affecting prior processing
• Right to object to automated decision-making (we do not engage in automated decisions that significantly affect you)

Data Controller: BrightSurf is the data controller for information collected through the Site.

12. International Data Transfers

BrightSurf operates from the United States. If you access the Site from outside the U.S., your information will be transferred to, stored in, and processed in the United States, where data protection laws may differ from those in your country.

By using BrightSurf, you consent to the transfer of your information to the United States. We implement appropriate safeguards for international transfers, including:

• Standard Contractual Clauses approved by the European Commission
• Data processing agreements with service providers
• Adherence to recognized privacy frameworks where applicable

13. Children's Privacy (COPPA Compliance)

BrightSurf is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, contact us at privacy@brightsurf.com and we will delete it promptly.

If you are between 13 and 18 years old, please obtain parental consent before providing any personal information to us.

14. Third-Party Websites and Services

BrightSurf contains links to academic papers, institutional websites, retailers, and other third-party sites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any information.

This Privacy Policy applies only to information collected through BrightSurf, not to information collected by third parties.

15. Data Breach Notification

In the event of a data breach that compromises your personal information, we will:

• Investigate the incident promptly
• Notify affected users without unreasonable delay (typically within 72 hours of discovery)
• Report the breach to relevant authorities as required by law
• Take steps to mitigate harm and prevent future incidents

Notifications will be sent via email to the address on file or posted prominently on the Site.

16. Automated Decision-Making

We do not use your personal information for automated decision-making that produces legal effects or similarly significant impacts on you. Any analytics or personalization is based on aggregated, non-identifying data.

17. Newsletter and Email Communications

If you subscribe to our newsletter or email updates:

• We collect your email address and preferences
• We use email service providers to deliver communications
• You may unsubscribe at any time using the link in emails
• We track open rates and clicks for performance analysis (anonymized)
• We do not share your email with third parties for their marketing

18. Updates to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be indicated by:

• Updating the "Effective date" at the top of this page
• Posting a notice on the Site homepage
• Sending an email notification to subscribers (for significant changes)

Your continued use of BrightSurf after changes are posted constitutes acceptance of the updated Privacy Policy. We encourage you to review this page periodically.

19. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

BrightSurf Privacy Team
Email: privacy@brightsurf.com

For California-specific requests: privacy@brightsurf.com (Subject: "California Privacy Request")

For European privacy inquiries: privacy@brightsurf.com (Subject: "GDPR Request")

We will respond to all legitimate requests within 30 days (or as required by applicable law).