1. Who We Are

Brightenly K.K. (“Brightenly,” “we,” “us,” “our”) is a Japanese corporation headquartered at 3-F Navi Shibuya V, 5-5 Maruyama-chō, Shibuya-ku, Tokyo 150-0044, Japan.

We operate the software platform Brightenly (the “Service”), a CRM and productivity suite that helps freelancers and small businesses manage client communications, contracts, subscriptions, and leads.

2. Purpose of This Policy

This Privacy Policy explains how we collect, use, store, and protect your personal information in accordance with the Act on the Protection of Personal Information (APPI) of Japan and other applicable privacy laws.

It also describes how we process data obtained through integrations with:

  • Google (Gmail API)

  • Stripe Payments Japan K.K.

  • Postmark (Wildbit LLC)

  • Docuseal, Inc.

  • Microsoft Azure OpenAI

This Policy applies when you:

  • Visit brightenly.io or any sub-domain.

  • Create or use an account.

  • Connect Gmail or sign contracts through Docuseal.

Brightenly accesses Google user data only after explicit user authorization and uses it solely to provide and improve the Brightenly application’s functionality.

3. Information We Collect

Category Examples Source Identifiers Name, email address, company name, phone number You Gmail Data Email headers (From, To, Cc, Bcc), subjects, message bodies Google API (user-authorized) Contract Data Contract titles, signer names, signing timestamps, digital signatures Docuseal Usage Data Pages visited, features used, IP address, device type, cookies Automatically collected Transaction Data Subscription tier, Stripe payment ID, billing history You / Stripe

4. How We Use Your Data

We use your data solely to provide and improve Brightenly’s core CRM functionality.
Specifically, we use data for the following purposes:

  • Service delivery: to operate the CRM features, including email organization, lead management, and contract tools.

  • Billing and fulfilment: to process payments and send receipts.

  • Gmail integration: to display your Gmail messages within Brightenly and connect them to your client records and projects.

  • Application improvement: to improve search accuracy, automate repetitive actions, and enhance the organization of client communications inside the CRM.

  • Security and fraud prevention: to authenticate users and protect data integrity.

  • Legal obligations: to comply with tax, accounting, and regulatory requirements.

We do not use Google user data for advertising, marketing, model training, or any unrelated purpose.

5. Gmail Integration Data

We use the Gmail API to enable email management inside Brightenly.

Our use of Gmail data complies with the Google API Services User Data Policy, including its Limited Use Requirements.

5.1 Data We Access

  • Messages and metadata from your primary Gmail inbox.

  • Headers (From, To, Cc, Bcc, Subject).

  • Message content and attachments for display in the CRM.

We do not access emails outside your authorized account and never use them for advertising or profiling.

5.2 Purpose of Use

Gmail data is used only to provide and improve Brightenly’s CRM functionality, including:

  • Displaying and organizing your emails within your Brightenly workspace.

  • Linking Gmail messages to related client records and projects.

  • Extracting key details (e.g., sender, company name, or subject) to automatically populate your CRM fields.

  • Generating structured insights (e.g., task suggestions or lead relevance) to help you manage your work inside Brightenly.

Any automated analysis or summarization of Gmail message content exists solely to deliver these CRM functions.

All processing occurs under Brightenly’s control, and data is not used to train generalized AI models or shared for any external purpose.

5.3 Storage and Security

  • Email metadata and processed data are stored in an encrypted database (AES-256 at rest, TLS in transit).

  • Raw email content is encrypted and stored in object storage within the United States.

  • Access is restricted via role-based permissions and continuous audit logging.

  • All infrastructure is professionally managed with automated patching and security monitoring.

5.4 Retention and Deletion

  • Gmail data is retained only while your Gmail connection remains active.

  • When you disconnect or revoke access, all Gmail data is deleted within 30 days.

5.5 Data Sharing

  • We do not sell, share, or transfer Gmail data to third parties except for subprocessors listed in § 7, under strict data-processing agreements.

6. Contract Data (Docuseal Integration)

When you create or sign contracts using Docuseal via Brightenly:

  • Docuseal collects and stores contract information (signer names, timestamps, signatures) on its secure servers.

  • Brightenly receives metadata about the document (e.g., contract title, status) to display within your workspace.

  • All contract files are encrypted and secured by Docuseal in compliance with applicable laws.

  • Contracts remain accessible to you through Brightenly for as long as your account is active or as required by law.

7. Processors / Service Providers

Provider Service Primary Location Salesforce, Inc. / Heroku, LLC Application platform and database hosting USA Microsoft Corporation Azure OpenAI processing Japan / USA Amazon Web Services, Inc. Encrypted object storage for raw emails USA Stripe Payments Japan K.K. Payment processing Japan / USA Wildbit LLC (Postmark) Transactional email delivery USA Docuseal, Inc. Digital contract creation and signing USA Company Enrich Ltd. Company data enrichment USA

All processors are bound by data-processing agreements requiring confidentiality, security, and data minimisation.

8. International Transfers

Where data is transferred outside Japan, we rely on:

  • Standard Contractual Clauses (SCCs) or equivalent legal mechanisms; and

  • Providers certified under international data-protection frameworks compatible with APPI.

9. Security and Retention

  • Encryption: TLS 1.2+ in transit and AES-256 at rest.

  • Access controls: role-based, least-privilege permissions.

  • Backups: encrypted and rotated daily.

  • Monitoring: continuous audit logs and security alerts.

We retain personal data only for as long as necessary to fulfil the purposes described above or as required by law, after which it is securely erased or anonymised.

10. Cookies and Tracking Technologies

We use first-party and third-party cookies to support authentication, analytics, and user preferences.

You can disable cookies in your browser, but some features may not work properly.

11. Your Rights

Under APPI (and GDPR where applicable), you have the right to:

  • Access your personal data.

  • Request correction of inaccuracies.

  • Request deletion of data (including Gmail and contract data).

  • Withdraw consent for optional processing.

  • Request a machine-readable copy of your data.

To exercise these rights, contact contact@brightenly.io or write to our address below.

12. Government and Legal Requests

All government or law-enforcement requests for data are carefully reviewed for legality and scope.

We disclose only what is required by law and maintain an audit record of all such requests.

Past 12 months: no national-security or law-enforcement requests received for Google or contract data.

13. Changes to This Policy

We may update this Privacy Policy to reflect operational, legal, or security changes.

The most current version will always be available at https://brightenly.io/privacy-policy.

If changes are material, we will notify you via email or in-app notification.

14. Contact

Data Controller: Brightenly K.K.

Address: 3-F Navi Shibuya V, 5-5 Maruyama-chō, Shibuya-ku, Tokyo 150-0044, Japan

Email: contact@brightenly.io

Representative: Tomohiro Mitani

If you have any questions or concerns about this Policy or our data practices, please contact us — we’re here to help.

Privacy Policy