Brightenly K.K. — Privacy Policy
Last updated: 12 May 2025
1. Who We Are
Brightenly K.K. (“Brightenly,” “we,” “us,” “our”) is a Japanese corporation headquartered at 3‑F Navi Shibuya V, 5‑5 Maruyama‑chō, Shibuya‑ku, Tokyo 150‑0044, Japan.
We operate the SaaS platform “Elevate Freelance Income: Custom Subscriptions & Direct Deals” (the “Service”), which helps freelancers maximise revenue through client chat and subscription tools.
2. Purpose of This Policy
This Privacy Policy explains how we collect, use, share, store, and protect your personal data in accordance with Japan’s Act on the Protection of Personal Information (“APPI”) and other applicable laws. It covers data we collect:
when you visit brightenly.io or any sub‑domain;
when you create or use an account;
when you sign in with Facebook Login or other third‑party services.
3. What We Collect
Category | Examples | Source |
|---|---|---|
Identifiers | Name, email address, postal address, phone, company name | You |
Meta Platform Data | Facebook user ID, email, profile picture URL, API access token | Facebook Login |
Usage data | Pages visited, features used, device & browser info, IP, cookies | Automatic |
Transaction & payment data | Subscription tier, Stripe payment ID, billing history | You / Stripe |
4. How We Use Your Data
Provide & improve the Service (create accounts, personalise dashboards, debug issues).
Billing & fulfilment (process payments, send invoices).
Security & fraud prevention (verify identity, detect abuse).
Marketing with your consent (product updates, newsletters).
Legal obligations (tax, accounting, regulatory compliance).
5. Meta (Facebook) Platform Data
5.1 Data we receive
When you choose “Continue with Facebook”, Facebook sends us:
Public profile (name, picture, locale)
Email address
Facebook user ID
Short‑lived OAuth access token
We never post to Facebook on your behalf.
5.2 Purpose & lawful basis
Purpose | APPI lawful basis |
|---|---|
Authenticate your Brightenly account and link it to your Facebook identity | Performance of contract |
Auto‑populate your profile (avatar, display name) | Legitimate interests |
Security audit & fraud monitoring | Legitimate interests |
5.3 Retention & deletion
We store the user ID and email until you delete your account. The access token is kept encrypted and refreshed automatically; tokens are purged 30 days after account deletion.
To request deletion of Facebook‑derived data without closing your Brightenly account, visit https://brightenly.io/delete-facebook-data or email contact@brightenly.io with the subject “Facebook Data Deletion Request.”
5.4 Sharing
Meta Platform Data may be processed by the providers listed in §7. It is never sold and is disclosed to authorities only under the policy in §12.
6. Legal Bases under APPI (and, where relevant, GDPR)
Contract performance – to deliver the core Service you request.
Legitimate interests – to secure and improve the Service, prevent fraud.
Consent – for optional marketing e‑mails or analytics cookies.
Legal obligation – to meet tax or regulatory duties.
7. Processors / Service Providers
Provider (legal entity) | Service | Primary Processing Location |
|---|---|---|
Salesforce, Inc. | Platform services for application delivery (Heroku) | USA |
Heroku, LLC | PaaS orchestration, logs, runtime environment | USA |
Microsoft Corporation | Azure cloud hosting, storage, backups | Japan / USA |
Stripe Payments Japan K.K. | Payment processing | USA |
The Rocket Science Group LLC (Mailchimp) | Email marketing & newsletter delivery | USA |
All processors are bound by written Data‑Processing Agreements (DPAs) requiring confidentiality, reasonable security, and data minimisation.
8. International Transfers
Where data is transferred outside Japan, we rely on:
Processors’ participation in APPI‑equivalent frameworks or
Standard Contractual Clauses and robust encryption.
9. Security & Retention
Encryption – TLS in transit; AES‑256 at rest.
Access controls – role‑based, least privilege.
Back‑ups – encrypted and rotated daily.
We retain personal data only as long as necessary for the stated purposes or as required by law, then securely erase or anonymise it.
10. Cookies & Similar Tech
We use first‑party and third‑party cookies for authentication, analytics, and preference storage. You can disable cookies in your browser, but some features may stop working.
11. Your Rights
Under APPI (and, if applicable, GDPR) you can:
Access – receive a copy of your data.
Correct – update inaccurate information.
Delete – erase data (see §5.3 for Facebook‑specific method).
Withdraw consent – opt out of marketing at any time.
Data portability – obtain data in a machine‑readable format.
Email contact@brightenly.io or write to our postal address to exercise these rights.
12. Government & National‑Security Requests
Legality review required – every request is vetted by counsel.
Right to challenge – we oppose over‑broad or unlawful demands.
Data minimisation – only the specific fields required are disclosed.
Logging – we record the request, legal basis, and data provided.
Last 12 months disclosures: 0 national‑security requests for Meta data.
13. Changes to This Policy
We may update this Policy to reflect legal or operational changes. We will post the new version with a revision date and, where material, notify users via email.
14. Contact
Data Controller: Brightenly K.K.
Address: 3‑F Navi Shibuya V, 5‑5 Maruyama‑chō, Shibuya‑ku, Tokyo 150‑0044, Japan
Email: contact@brightenly.io
Representative: Tomohiro Mitani
If you have questions or concerns about this Policy or our data practices, please reach out—we’re here to help.