Privacy policy
Last update (except cookie information): May 2, 2025
1. General notes and mandatory information
The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations.
If you use this website, various pieces of personal data might be collected. Personal information is any data with which you could be personally identified. This privacy policy explains what information we collect and what we use it for. It also explains how and for what purpose this happens.
Please note that data transmitted via the internet (e.g., via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.
a) Notice concerning the party responsible for this website
The party responsible for processing data on this website is:
Brighter AI Technologies GmbH
Bertha-Benz-Straße 5, 10557 Berlin
Email: hello@brighter.ai
Web: www.brighter.ai
The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).
b) Purpose of the processing of personal data
We process your personal data as a user of this website only to the extent necessary to provide a functional website as well as our contents and services. Your personal data will only be processed with your consent for the specific purpose, unless data processing is permitted by law without prior consent. The purposes of the processing are as follows:
- Provision of our public website https://brighter.ai/, its functions and content
- Provision of the customer Portal and its online software services, its functions and content
- Conduction of payments with Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA; Website: https://stripe.com/de/privacy
- Answering contact requests and communication with users
- Communication with customers via our Portal
- Security measures
- Reach measuring/marketing.
c) Legal basis for the processing of personal data
Insofar as we obtain your consent for the processing of personal data, e.g., for the use of analysis tools, Art. 6 para. 1a) GDPR serves as the legal basis. If the processing of your data is necessary for the performance of a contract to which you are a party, e.g., if you decide to subscribe to our software services via our Portal, Art.6 para.1 b) GDPR serves as the legal basis. This also applies to processing operations which are necessary to carry out pre-contractual measures. If processing of your personal data is necessary to fulfill a legal obligation to which we are subject, Art.6 para.1c) GDPR serves as the legal basis. If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if your interests, fundamental rights and freedoms do not outweigh the former interest, Art.6 para.1f) GDPR serves as the legal basis for the processing.
d) Data erasure and storage duration
Your personal data will be deleted or blocked as soon as the purpose for which it was stored no longer applies. Storage may also take place if this is provided for by law or other legal provisions binding on us. A blockage or deletion of the data is also carried out when a storage period prescribed by the aforementioned legal provisions expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
e) Rules on the provision of the data and consequences of non-provision
The provision of your personal data for the use of our public website is not required by law or contract and is not necessary for the conclusion of a contract. You are not obliged to provide us with your personal data. However, if you do not consent to the processing of your data for certain purposes, e.g., by setting certain cookies, you may not be able to use all the functions of this website.
If you wish to use our Portal and subscribe to our software services, we need some information from you to know who our contractual partner is and also for payment purposes.
f) Automated decision making
An automated decision making process does not take place in connection with your use of the website.
g) Your rights as a data subject
You have the following rights towards us with regard to your personal data:
- Right to information,
- Right to correction or deletion,
- Right to restriction of processing,
- Right to refusal of processing,
- Right to data portability.
You also have the right to lodge a complaint about our processing of your personal data with a data protection authority.
h) Withdrawal of consent or objection to the processing of you data
If you have given your consent to the processing of your data, you can revoke it at any time. Such a revocation affects the permissibility of the processing of your personal data after you have given it to us.
Insofar as we base the processing of your personal data on the balancing of interests, you can object to the processing. This is the case if, in particular, the processing is not necessary for the fulfilment of a contract with you, which is described by us in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and will either discontinue or adapt the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing.
i) Links
We use links to content on websites of other websites operators.
We have no influence on the data collected there or the data processing procedures, nor do we know the full extent of the data collection, the purpose of the processing or the retention periods.
We also have no information about the deletion of the data collected by the linked provider. In this respect, we are not responsible under data protection law for the data processing on the linked website.
Further information on the purpose and scope of data collection and processing by the website operator can be found in the privacy policies of the respective websites. There you will also find further information on your rights in this regard and the setting options for protecting your privacy.
2. Data protection officer
We have appointed a data protection officer for our company:
Dr. Volker Wodianka, LL.M. (IT&T)
Wodianka privacy legal GmbH
Dockenhudener Str. 12a, 22587 Hamburg, Germany
Email: volker.wodianka@privacy-legal.de
Phone: +49 (0)40 2110786-0
3. Data collection
a) Usercentries Consent Manager
We use the Consent Management Platform (CMP) of Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany. Via the tool, you have the option to conveniently manage your consent to the setting of technically unnecessary cookies and to make changes in this regard – such as revocations of granted consent or contradictions – via the tool.
Furthermore, you can obtain the information required under Art.13 GDPR regarding the processing of your personal data by the Usercentrics CMP and by technically unnecessary cookies from the tool.
You can access the settings of our CMP by clicking on the fingerprint icon in the lower left half of the website.
b) Contact form
When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, your name, company name and telephone number, if applicable, and the content of your message) will be stored by us in order to answer your questions. Your data will be processed as part of pre-contractual measures or on the basis of your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a) and b) GDPR. We delete the data arising in this context after storage is no longer necessary or restrict processing if there are statutory retention obligations.
c) Image and video upload
You can upload images or videos on our website for testing purposes or as a customer via our Portal to make them anonymous (redact faces and/or license plates). In this case, we process the personal data contained in the image or video only for the purpose of anonymizing faces or license plates and not for any other purpose. The original images and videos are deleted immediately after anonymization and are not processed for any other purpose. You have the possibility to delete anonymized images and videos yourself at any time. Otherwise we delete anonymized images and videos automatically after 24 hours, if we do not use them for improvement of our services. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b) GDPR.
To use our trial and carry out an upload there, users must register on our site. We process the following data as part of the registration process. The marked (*) data are voluntary.
- Work Email
- Password
- First and last name
- Company
- Job title
- Country
- Phone Number*
The legal basis for this is Art. 6 para. 1 lit. b) GDPR. The voluntarily provided data will be processed on the basis of your consent in accordance with Art. 6 para. 1 lit. a) GDPR.
d) Newsletter
On our website, you have the possibility to subscribe to our newsletter, which consists of emails that contain information such as company updates and general news about topics such as privacy technology and artificial intelligence research. For the newsletter, we use a double opt-in process to verify if you actually registered your email address to receive the newsletter by sending you a confirmation email, asking you to confirm your consent. You can withdraw your consent to brighter AI at any time without specifying reasons, by clicking the “unsubscribe” link included in each newsletter. We will then delete your email address from our distribution list. As an alternative, you can also unsubscribe from our newsletter at any time by sending an email to hello@brighter.ai.
e) Cookies
Cookies are small text files that are stored on your computer and saved by your browser. Cookies do not harm your computer and do not contain any viruses. Cookies can help make websites more user-friendly, efficient, and secure.
Most of the cookies we use are so-called “session cookies”. They are automatically deleted after your visit. Other cookies remain in your device’s memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.
f) Server log files
We automatically collect and store information in so-called server log files, which your browser automatically transmits to us. These are:
- Browser type, browser version and the name of your access provider
- Operating system used
- Referrer URL, name and URL of the retrieved file
- Host name of the accessing computer
- Date and time of the server request
- IP address
This data will not be combined with data from other sources. The basis for data processing is Art. 6 (1) (f) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
g) SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar. If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
h) Payment
For conduction of credit card payments for our software services, we use the service provider Stripe Payments Europe, Limited, 1 Grand Canal Street Lower Grand Canal Dock, Dublin, D02 H210, Ireland.
Stripe is both the controller and the processor. As the controller, Stripe uses your transmitted data to fulfil regulatory obligations. This corresponds to Stripe’s legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR and serves the fulfilment of the contract pursuant to Art. 6 para. 1 lit. b GDPR. Stripe acts as a processor in order to be able to carry out payment transactions. As part of the order processing relationship, Stripe acts exclusively in accordance with our instructions and has been contractually obliged to comply with data protection regulations in accordance with Art. 28 GDPR.
When using Stripe, the following personal data is transmitted to Stripe:
- First name
- Last name
- Purchased product
- Price of the product
- Validity
- Payment details (SEPA, credit card, Paypal, tax id, billing address)
The information is required to complete the payment for the product. The data entered will only be processed by or on behalf of Stripe. The legal basis for the collection of your personal data by Stripe is Art. 6 para. 1 sentence 1 lit. b GDPR. Further information is available in Stripe’s privacy policy.
The processing of the data specified in this section is neither legally nor contractually required. We cannot process a payment via Stripe without the transmission of your personal data.
Please note that the payment service provider Stripe is headquartered in the US and it cannot be ruled out that your data will be transferred to the US. Stripe has implemented compliance measures for international data transfers. These apply to all global activities in which Stripe processes personal data of natural persons in the EU. In the case of Stripe, there is an adequate level of data protection, as it is certified in accordance with the EU-US Data Privacy Framework (DPF).
Further information on objection and removal options towards Stripe can be found here.
Your data will be stored by us until payment processing has been completed. This also includes the period required for the processing of refunds, receivables management and fraud prevention. In addition, we are subject to statutory retention periods in accordance with § 147 AO and § 257 HGB.
4. Analytics
a) Google Analytics
If you have given your consent, Google Analytics 4, a web analytics service provided by Google LLC, is used on this website. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
Google Analytics 4 uses cookies that enable us to analyse your use of our website. The information collected by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there.
In Google Analytics 4, the anonymisation of IP addresses is activated by default. Due to IP anonymisation, your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
Your user behaviour is recorded during your visit to the website. In addition to the personal data mentioned above in this declaration, the following data is recorded:
- First visit to the website
- Start of the session
- Websites visited
- Your “click path”, interaction with the website
- Scrolls (whenever a user scrolls to the end of the page (90%))
- Clicks on external links
- Internal search queries
- Interaction with videos
- File downloads
- Ads viewed / clicked on
On behalf of the operator of this website, Google will use this information to analyse your use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyse the performance of our website.
Recipients of the data are/may be
- Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor pursuant to Art. 28 GDPR)
- Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
- Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
For the USA, the European Commission adopted its adequacy decision on 10 July 2023. Google LLC is certified under the Data Privacy Framework. Since Google servers are distributed worldwide and a transfer to third countries (for example to Singapore) cannot be completely ruled out, we have also concluded the standard contractual clauses with the provider.
The data sent by us and linked to cookies is automatically deleted after 2 months. The maximum lifespan of Google Analytics cookies is 2 years. Data whose retention period has been reached is automatically deleted once a month.
The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR, which you can revoke at any time.
You can find more information on the terms of use of Google Analytics and data protection at Google here: https://policies.google.com/privacy .
b) Google Tag Manager
Our website uses Google Tag Manager, a tag management service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland (“Google”). Google Tag Manager helps us manage and deploy tags and scripts on our website. It does not directly collect or process personal data but may trigger other tags or scripts that do so. These triggered tags and scripts are separately disclosed in this privacy policy. For further information about Google Tag Manager, please refer to Google’s privacy policy at https://policies.google.com/privacy .
5. Customer Database
We store and use contact data and information received (such as business communication histories) from customers and interested parties for the purpose of processing or initiating the business relationship and brighter AI marketing or company updates through email. The processing is based on Art. 6 (1) lit. b GDPR.
As a customer database, we use ActiveCampaign CRM. The provider is ActiveCampaign, LLC Dublin, IE 160 Shelbourne Rd, Dublin, D04 E7K5, Suite 03-101, Dublin, Dublin, 2 Ireland.
Further information on data protection under ActiveCampaign CRM can be found online at: https://www.activecampaign.com/legal.
For information about security features under ActiveCampaign CRM, please visit the following website online: https://www.activecampaign.com/legal/service-level-agreement.
6. Social media and external content providers
a) Vimeo distributed by Cloudflare
We integrate videos hosted by Vimeo, distributed by Cloudflare, operated by Vimeo Inc., USA and Cloudflare, Inc., USA. Vimeo and Cloudflare may collect information such as your IP address, technical data about your device, and your interaction with the video player to facilitate load balancing and delivery of the content with high quality. Data processing is based on (Art. 6 (1) lit. f GDPR), legitimate interest.
For the USA, the European Commission adopted its adequacy decision on 10 July 2023. Both service providers are certified under the Data Privacy Framework.
Vimeo’s privacy policy is available here: https://vimeo.com/privacy.
Cloudflare’s privacy policy is available here: https://www.cloudflare.com/privacypolicy/.
b) LinkedIn
We use LinkedIn sharing features operated by LinkedIn Corporation, USA, to facilitate content sharing and engagement. LinkedIn may collect personal data regarding your approval to LinkedIn cookies, and when you interact with LinkedIn sharing functions, based on your explicit consent (Art. 6 (1) lit. a GDPR).
For the USA, the European Commission adopted its adequacy decision on 10 July 2023. LinkedIn Corporation is certified under the Data Privacy Framework.
Further details can be found in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.
c) YouTube
Our website may include embedded videos from YouTube. YouTube is a video-sharing service provided by YouTube, LLC, located at 901 Cherry Ave, San Bruno, CA 94066, USA, which is a subsidiary of Google LLC, and the designated data controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). When you visit a page with an embedded YouTube video, and you have consented to marketing cookies, your browser automatically connects to YouTube servers. This connection may result in the transmission of information such as your IP address, browser type, and other technical details. Additionally, YouTube may place cookies or use other tracking technologies to collect data about your viewing habits for purposes such as personalized advertising or analytics.
To enhance privacy, we can enable YouTube’s privacy-enhanced mode, which delays the setting of cookies until you interact with the video. However, please note that even in this mode some data (e.g., your IP address) may still be transmitted upon page load.
YouTube processes data, also in the USA. The European Commission issued its adequacy decision for the USA on 10th July 2023. It states that the USA guarantees an adequate level of data protection for transfers within this framework. Google LLC is certified under the EU-US Data Privacy Framework and an adequate level of data protection can be assumed.
The legal basis for the processing is your consent, Art. 6 para. 1 lit. a GDPR, which you can revoke at any time with effect for the future.
For more detailed information on YouTube’s data practices, please refer to YouTube’s Privacy Policy: https://www.youtube.com/howyoutubeworks/our-commitments/protecting-user-data/ and Google’s Privacy Policy https://policies.google.com/privacy.
7. Categories of recipients of personal data
To process our business transactions, we use external domestic and foreign service providers (e.g. for IT, logistics, telecommunications, sales and marketing) who may also gain knowledge of your personal data. We have concluded order processing contracts with these providers in accordance with Art. 28 GDPR, which ensure that data processing is carried out in a permissible manner.
If your personal data is passed on by us to our subsidiaries or is passed on to us by our subsidiaries (e.g. for advertising purposes), this is also done on the basis of existing order processing relationships.
8. Data transfer to recipients outside the EU
If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)), or if the processing takes place in the context of using third-party services or disclosing or transferring data to other persons, entities, or companies, this will only occur in compliance with legal requirements.
Subject to your explicit consent or when the transfer is contractually or legally required, we will process or have your data processed in third countries only if an adequate level of data protection has been recognized (Art. 45 GDPR), appropriate safeguards based on standard contractual clauses issued by the EU Commission or other permissible transfer mechanisms (Art. 46 GDPR) exist, certifications or binding corporate rules (Art. 47 GDPR) are available, or if specific exceptions under Art. 49 GDPR apply.
The data collected by products listed within the scope of this declaration from US providers or their affiliated companies, such as Google, may be stored and processed by them in the USA. Following the European Commission’s adequacy decision on July 10, 2023, establishing the EU-U.S. Data Privacy Framework (DPF), data transfers to U.S. companies certified under the DPF are now considered to have an adequate level of protection under Art. 45 GDPR. If the US service provider is not certified under the DPF, data transfers will be secured using appropriate safeguards, particularly through standard contractual clauses approved by the EU Commission, or on the basis of your explicit consent pursuant to Art. 49 (1) a) GDPR.
Please note that despite the DPF adequacy decision, there may still be residual risks when transferring data to the USA, particularly concerning potential access by US authorities for national security or law enforcement purposes. Such access could occur without you being informed and without enforceable rights or effective legal remedies being available to you.
Otherwise, we will only share your data with third parties if:
- You have explicitly consented in accordance with Art. 6 (1) sentence 1 a) GDPR;
- Disclosure under Art. 6 (1) sentence 1 f) GDPR is necessary for the establishment, exercise, or defense of legal claims, and there is no overriding interest in not disclosing your data;
- There is a legal obligation for disclosure under Art. 6 (1) sentence 1 c) GDPR; or
- It is legally permissible and necessary to process contractual relationships with you under Art. 6 (1) sentence 1 b) GDPR.
Transfers to tax authorities and social security institutions will only occur if legally required (Art. 6 (1) sentence 1 c) GDPR). Transfers to service providers will only occur based on a valid processing agreement according to Art. 28 GDPR.
8. Full list of every cookie involved in the users consent on brighter.ai.
Last update (except cookie information): February 13, 2025