1. Introduction

Welcome to BrightLog, operated by Solo Labs LLC ("we," "us," or "our"). We respect your privacy and are committed to protecting your personal data. This policy explains how we collect, use, and safeguard your information when you use our Service.

2. Data We Collect

We collect and process the following types of data:

Account Data: Name, email address, and profile information (provided directly or via Google Sign-In)
Work Entry Data: Volunteer hours, work history, employer/organization names, dates, and descriptions you submit
Signature Data: Digital signatures for verification purposes
Payment Data: Stripe customer ID and subscription status (Stripe securely handles actual payment card information)
Affiliate Data: Referral codes, earnings, and payout information for affiliate program participants
Usage Data: How you interact with our Service, pages visited, features used

3. How We Use Your Data

We use your data to:

Provide and maintain the Service
Process payments and manage subscriptions
Generate reports and documentation for your records
Send verification requests to your employers/organizations
Process affiliate commissions and payouts
Communicate important updates about your account
Improve our Service through analytics

4. Cookies and Tracking

We use the following cookies and tracking technologies:

Session Cookies: Essential for authentication and keeping you logged in
Affiliate Tracking Cookie (bl_aff): Tracks referral attribution for 60 days when you visit via an affiliate link

We use Vercel Analytics to collect anonymous, aggregated usage data (page views and performance metrics). Vercel Analytics is cookieless, does not collect personal information, and does not track individual users.

5. Third-Party Services

We share data with the following third-party services as necessary to provide our Service:

Stripe: Payment processing and affiliate payouts. Stripe may collect payment information directly. See Stripe's Privacy Policy
Google: Authentication via Google Sign-In. See Google's Privacy Policy
Brevo: Transactional emails. See Brevo's Privacy Policy
MongoDB Atlas: Database hosting (data stored securely in the US)
Cloudflare R2: Secure storage for digital signatures and verification documents
Google Gemini API: Used to extract information (employer name, dates, hours) from uploaded paystub images. Paystub images are processed transiently and are not stored — only the extracted text data is saved. Google does not retain API inputs for training. See Gemini API Terms
Vercel: Application hosting and cookieless, privacy-preserving analytics

6. Affiliate Program Data

If you participate in our affiliate program:

We share necessary data with Stripe Connect to process your payouts
Stripe may issue tax documents (1099s) as required by law
We track referrals and commissions associated with your affiliate code

7. Data Security

We implement industry-standard security measures including:

Encryption in transit (HTTPS/TLS)
Secure password hashing
Access controls and authentication
Regular security reviews

However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

8. Data Retention

We retain your data for as long as your account is active or as needed to provide you services. Work entry data is retained to support your scholarship documentation needs. You may request deletion of your account and data by contacting us.

9. Your Rights

You have the right to:

Access your personal data
Correct inaccurate data
Request deletion of your data
Export your data

You can exercise your right to data export and account deletion directly from your Account Settings page. For other requests, contact us at support@brightlog.app

10. Children's Privacy

BrightLog is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. If we learn we have collected data from a child under 13, we will delete it promptly.

11. Student Data Protection

BrightLog is committed to protecting student data in compliance with the Family Educational Rights and Privacy Act (FERPA), the Student Online Personal Protection Act (SOPPA), and applicable state student privacy laws. We make the following commitments regarding student data:

No Sale of Student Data: We will never sell, rent, lease, or trade any student personal information to third parties for any purpose, including marketing or advertising
No Targeted Advertising: We do not use student data to create advertising profiles or target students with advertisements
Purpose Limitation: Student data is used solely to provide and improve the BrightLog service, including tracking volunteer and work hours, generating reports, and facilitating verification
Data Minimization: We collect only the minimum amount of student information necessary to provide the Service
Access and Deletion: Students and their parents/guardians may request access to, correction of, or deletion of student data at any time by contacting us
Third-Party Restrictions: We do not share student data with third parties except as strictly necessary to operate the Service (e.g., payment processing, email delivery), and we require those third parties to protect such data

12. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

Notify affected users via email within 72 hours of discovering the breach
Notify relevant school districts if student data is involved
Provide a description of what data was affected and the steps we are taking to address the breach
Report the breach to relevant authorities as required by applicable law

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or prominent notice on the Service. Your continued use after changes constitutes acceptance.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at: support@brightlog.app