Last Updated December 7, 2021

Last Reviewed October 31, 2022

At Bright Data, we are in the business of data and it’s precisely because of this that we take data privacy so seriously. Our customers entrust us to empower their businesses with clean, compliant, and ethically sourced data whilst retaining the highest standards of privacy. Our products and services operate on a global scale and as such we continuously monitor the dynamic global privacy landscape and adapt accordingly to ensure complete compliance with privacy laws including the European Union’s GDPR and California’s CCPA. If you are a resident of California, we refer you to our CCPA Privacy Notice, found at the end of this policy.

This Privacy Policy addresses both users who actively choose to use our services, as described below and also to individuals whose personal data we may process as part of our operation.

Please feel free to read on for a detailed breakdown of our privacy policy or contact us with any questions regarding our policy or data legislation compliance.

Bright Data (”Bright Data”, ”we”, or ”us”) is the owner of the website brightdata.com (”the Site”), the Bright Data software (”the Software”), the Bright Data SDK (”the SDK”) and any accompanying services, features, content, and applications offered by us (collectively referred herein as ”the Services”). We are concerned about your privacy and have designed this Privacy Policy in order to help you decide whether to use the Services and to provide all required information about our privacy practices. If applicable to you, by accessing and using the Services, or providing information to us in other formats, you agree and accept the terms of this Privacy Policy as amended from time to time and consent to the collection and use of information in the manner set out in this Privacy Policy. We encourage you to review this Privacy Policy carefully and to periodically refer to it so that you understand it and any subsequent changes made to it. IF YOU DO NOT AGREE TO THE TERMS OF THIS PRIVACY POLICY, PLEASE STOP USING THE SERVICES IMMEDIATELY AND UNINSTALL WHERE RELEVANT.

What types of information do we collect?

We collect the following types of data from you when you use the Services (”User Data”):

  • Non-Personal Information. This is information that is un-identified and non-identifiable, which is generated by a user’s activity. Such non-personal information may include the following information - browser type, web pages you visit, time spent on those pages, access times and dates.
  • Personal Information. Personal information is information that identifies you or may identify you. The Personal Information we collect and retain includes your IP address, your name and email address, identifying documents (driver license/ID/passport), office/home address, screen name, payment and billing information or other information we may ask from time to time as will be required for the on-boarding process and services provisioning. In some cases, we may record audio or video calls with you, in order to comply with User compliance evaluation requirements we are subject to and our internal guidelines. When you create an account on the Services you are able to do so by using your credentials with a designated third party website or service (”Third Party Account”) such as Gmail®. Doing so will enable you to link your account and your Third Party Account. If you choose this option, a Third Party Account pop-up box will appear that you will need to approve in order to proceed, and which will describe the types of information that we will obtain. This information includes your Personal Information stored on your Third Party Account, such as user-name, email address, profile picture, birthday, gender and preferences. Any Anonymous Information that is specifically connected or linked to any Personal Information, is treated by us as Personal Information, as long as such connection or linkage exists.
  • Registering through social network account: When you register or sign-in to the Services via your social network account (e.g., Facebook, Google+), we will have access to basic information from your social network account, such as your full name, home address, email address, birthdate, profile picture, friends list, personal description, as well as any other information you made publicly available on such account or agreed to share with us. At all times, we will abide by the terms, conditions and restrictions of the social network platform.

If we combine non-personal information with personal information we will treat the combined information as personal information.

We may also collect publicly posted personal data from various online sources. Such information will include, in most cases, basic contact information, such as name, email and job title (”Public Data”).

Processing of User Data is necessary for the performance of our contractual obligations towards you and providing you with our services, to protect our legitimate interests and to comply with our legal obligations.

Processing of Public Data is done in accordance with our legitimate interest, as long as such interest does not override your fundamental rights and freedom.

How do we use your information?

We use User Data in order to provide you with the Service and to comply with our legal requirements and internal guidelines. This means that we will use the information to set up your account, provide you with support regarding the Service, communicate with you for updates, marketing offers or concerns you may have and conduct statistical and analytical research to improve the Service. We may use Public Data in order to provide our users with our Services.

We do not rent or sell any User Data. We may share Public Data with our users in order to provide our Services.

We may disclose Personal Information to other trusted third party service providers or partners for the purposes of providing you with the Services, storage and analytics and to comply with our legal requirements and internal guidelines. We may also transfer or disclose Personal Information to our subsidiaries and affiliated companies.

Notwithstanding the paragraph above, we will not disclose your IP address to other customers. However, when other customers (e.g. other peers in the network) access the web using your IP address, the IP address may be visible to them, for example by way of looking up their current IP address.

We may also share your Personal Information and other information in special cases if we have good reason to believe that it is necessary to: (1) comply with law, regulation, subpoena or court order; (2) detect, prevent or otherwise address fraud, security, violation of our policies or technical issues; (3) enforce the provisions of this Privacy Policy or any other agreements between you and us, including investigation of potential violations thereof; (4) protect against harm to the rights, property or safety of us, our partners, our affiliates, users, or the public.

Processing of data outside the EEA

Note that we are based in Israel and some of the data recipients listed above may be located outside the European Economic Area (EEA). In such cases we will share your data only with recipients located in such countries as approved by the European Commission as providing adequate level of data protection, or enter into legal agreements ensuring an adequate level of data protection.

Security and Confidentiality

We use industry-standard information, security tools, and measures, as well as internal procedures and strict guidelines to prevent information misuse and data leakage. Our employees are subject to confidentiality obligations. We use measures and procedures that substantially reduce the risks of data misuse, but we cannot guarantee that our systems will be absolutely safe. If you become aware of any potential data breach or security vulnerability, you are requested to contact us immediately. We will use all measures to investigate the incident, including preventive measures, as required.

Your Choices and Rights

We strive to give you ways to update your information quickly or to delete it - unless we have to keep that information for legitimate business or legal purposes. When updating your personal information, we may ask you to verify your identity before we can act on your request.

If you are a resident of the European Union, note that the following rights specifically apply regarding your personal information: (1) Receive confirmation as to whether or not personal information concerning you is being processed, and access your stored personal information, together with supplementary information; (2) Receive a copy of personal information you directly volunteer to us in a structured, commonly used and machine-readable format; (3) Request rectification of your personal information that is in our control; (4) Request erasure of your personal information; (5) Object to the processing of personal information by us; (6) Request to restrict processing of your personal information by us; (7) Lodge a complaint with a supervisory authority.

However, note that these rights are not absolute, and may be subject to our own legitimate interests and regulatory requirements.

To exercise such right, you may contact us at: privacy@brightdata.com

Retention

We will retain your personal information for as long as necessary to provide the Service, and as necessary to comply with our legal obligations, resolve disputes, and enforce our policies. Retention periods shall be determined taking into account the type of information collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time.

We may rectify, replenish or remove incomplete or inaccurate information, at any time and at our own discretion.

Information Warranty Disclaimer

Notwithstanding anything else in this Policy, we are not responsible for the accuracy, correctness, and security of any of the information we gather, store, and disclose to you or to anyone else.

Our policy only addresses the use and disclosure of information we collect from you. To the extent you disclose your information to other parties or sites throughout the internet, different rules may apply to their use or disclosure of the information you disclose to them. Accordingly, we encourage you to read the terms and conditions and privacy policy of each third party that you choose to disclose information to.

Change of Ownership

In the event of a change of ownership or control of all or a part of Bright Data, including without limitation through acquisition, merger, or sale, we reserve the right to transfer all or part of the User Data and Public Data we store in our systems. You acknowledge that in the event of bankruptcy, insolvency, or receivership, we may have no control over the use and transfer of your personal information.

Changes to this Privacy Policy

This Policy may be revised from time to time at our sole discretion, so check it regularly. The last revision will be reflected in the “Last Updated” heading. Any change of this policy will be posted on the Site. Your continued use of the Services following any such changes will be considered as you consent to the amended Privacy Policy.

Contact Us

If you feel that your privacy was not treated in accordance with our Privacy Policy, or if you believe that your privacy has been compromised by any person in the course of using the Services, contact Bright Data at: privacy@brightdata.com and our Privacy Officer shall promptly investigate.

We have also appointed GDPR representatives in the EU and the UK. You can contact the representatives regarding matters pertaining to the GDPR:

GDPR - European Representative:

Pursuant to Article 27 of the GDPR, Bright Data has appointed European Data Protection Office (EDPO) as its GDPR Representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR:

UK General Data Protection Regulation (GDPR) - UK Representative:

Pursuant to Article 27 of the UK GDPR, Bright Data has appointed EDPO UK Ltd as its UK GDPR representative in the UK. You can contact EDPO UK regarding matters pertaining to the UK GDPR:

Privacy notice for California Residents

This notice addresses the specific disclosure requirements under the California Consumer Privacy Act of 2018 (Cal. Civ. §§ 1798.100–1798.199) and the California Consumer Privacy Act Regulations by the Attorney General (collectively, ”CCPA”).

If you have a disability, you may access this Privacy Policy in an alternative format by contacting privacy@brightdata.com

In the 12 preceding months, we have collected and disclosed the following categories of Personal Information:

<table><tbody><tr><td><b>Category of Personal Information Collected</b></td><td><b>Personal Information Collected</b></td><td><b>Categories of service providers to whom Personal Information was disclosed</b></td></tr><tr><td>A. Identifiers.</td><td>B. Full name, email address, device identifiers, including certain software and hardware information (e.g. IP address, internet service provider, domain server, type of computer, browser type and language and operating system).</td><td>C. Cloud services.<br>D. Website analysis.<br>E. Affiliated companies.</td></tr><tr><td>F. Personal Information Categories listed in the California Customer Records Statute (Cal. Civ. Code § 1798.80(e)).</td><td>G. Address, telephone number, financial information (e.g. credit card number).</td><td>H. Cloud services.<br>I. Affiliated companies.</td></tr><tr><td>J. Commercial Information.</td><td>K. Feedback of users.</td><td>L. Cloud services.<br>M. Affiliated companies.</td></tr><tr><td>N. Internet or Other Electronic Network Activity Information.</td><td>O. Information regarding the user's interaction with the website.</td><td>P. Cloud services.<br>Q. Website analysis.<br>R. Affiliated companies.</td></tr><tr><td>S. Geolocation Data.</td><td>T. Geolocation data based on device identifiers.</td><td>U. Cloud services.<br>V. Affiliated companies.</td></tr><tr><td>W. Professional or<br>Employment-related Information.</td><td>X. Current or past job history.</td><td>Y. Cloud services.<br>Z. Affiliated companies.</td></tr></tbody></table>

Sources of Personal Information

In the 12 preceding months, we have collected the above-mentioned categories of Personal Information from the following categories of sources:

  • Consumers directly, through the Services;
  • Operating systems.
  • Publicly available information collected from online sources.

Selling Personal Information

In the preceding twelve (12) months, we may have sold the following categories of Personal Information to third parties or businesses for commercial purposes:

  • Identifiers;

User Rights under the CCPA

Access to Personal Information

You may request, up to two times each year, that we disclose to you the categories and specific pieces of Personal Information that we have collected about you, the categories of sources from which your Personal Information is collected, the business or commercial purpose for collecting your Personal Information, the categories of Personal Information that we disclosed for a business purpose, any categories of Personal Information about you that we sold, the categories of third-parties with whom we have shared your Personal Information, and the business or commercial purpose for selling your Personal Information, if applicable.

Deletion Requests

You have the right to request that we delete any Personal Information collected from you and retained, unless an exception applies.

Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers, subcontractors, and consultants to delete) your Personal Information, unless an exception applies.

Exercising Your Rights

You can exercise your rights (such as access and deletion) by submitting a verifiable consumer request to our email address: privacy@brightdata.com or by the toll-free number 1-888-538-9204. You can also send us a mail to our physical address specified in this policy.
Only you or a person authorized to act on your behalf may make a consumer request related to your Personal Information.

The request must:

  • Provide sufficient information to allow us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative.
  • Describe your request with sufficient details to allow us to properly understand, evaluate, and respond to it.
  • We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request. We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

You may only request a copy of your data twice within a 12-month period.

If you have any general questions about the Personal Information that we collect about you how we use it, please contact us at privacy@brightdata.com

Response Timing and Format

Our goal is to respond to a verifiable consumer request within 45 days of its receipt. If we require more time, we will inform you of the reason and extension period in writing within the first 45 days period. We will deliver our written response, by mail or electronically, at your option. Any disclosures we provide will cover only the 12-month period preceding the request. If reasonably possible, we will provide your Personal Information in a format that is readily useable and should allow you to transmit the information without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

In case of rejection, the response we provide will explain the reasons for which we cannot comply with your request.

Please note that these CCPA rights are not absolute and requests are subject to any applicable legal requirements, including legal and ethical reporting or document retention obligations.

Designating Agents

You can designate an authorized agent to make a request under the CCPA on your behalf if:

  • The authorized agent is a natural person or a business entity registered with the Secretary of State of California; and
  • You sign a written declaration that you authorize the authorized agent to act on your behalf.

If you use an authorized agent to submit a request to exercise your right to know or your right to request deletion, please mail a certified copy of your written declaration authorizing the authorized agent to act on your behalf using the contact information below.

If you provide an authorized agent with power of attorney pursuant to Probate Code sections 4000 to 4465, it may not be necessary to perform these steps and we will respond to any request from such authorized agent in accordance with the CCPA.

Non-Discrimination

We will not discriminate against you if you exercise any of your privacy rights as a California Consumer. Unless permitted by the CCPA, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.