BrightSumo Get in touch
Legal

Privacy Policy

Last updated: 2026-05-16

This Privacy Policy explains how BrightSumo ("we", "us", "our") collects, uses, discloses, and safeguards information about visitors to this website (brightsumo.co) and the marketing communications we send. The products operated by BrightSumo (including Sourceloop.ai and Orchly.ai) are governed by their own product-level privacy policies, available on each product's domain.

Effective date: 2026-05-16. We will indicate any material change by updating the "Last updated" date at the top of this page and, where required by law, by additional notice.

1. Who we are (data controller)

For the purposes of the EU GDPR, UK GDPR, India's Digital Personal Data Protection Act 2023 ("DPDP"), and similar laws, the controller of personal data collected through this website is:

  • BrightSumo
  • Chandauli, Nikaspure, Dist. Samastipur
  • Bihar, 848121, India
  • Email: hello@brightsumo.co

For India DPDP inquiries and grievances, the same email address acts as our Grievance Officer contact. We will respond to verified data principal requests within the timelines required by applicable law.

2. Information we collect

We collect only the categories of information needed to operate this website and respond to you:

  • Information you submit. If you contact us by email, fill in a form, subscribe to a newsletter, request a demo, or apply for a role, we receive the information you provide (such as your name, email address, company, role, and the content of your message).
  • Technical and device information. When you visit the website, our hosting infrastructure and analytics tooling may record IP address, browser type and version, operating system, device type, referring URL, pages visited, timestamps, and approximate location derived from IP. We use this information for security, diagnostics, and aggregate analytics.
  • Cookies and similar technologies. As described in our Cookie Policy. We do not use third-party advertising cookies or cross-site tracking on this website.

We do not knowingly collect special category data (such as health, biometric, racial, political, or religious information) through this website. Please do not include such information when contacting us.

3. How we use information

We use personal information for the following purposes:

  • To operate, secure, and improve the website.
  • To respond to inquiries, demo requests, partnership conversations, and job applications.
  • To send transactional communications you have requested, and (with consent where required) to send marketing communications you can unsubscribe from at any time.
  • To produce aggregate analytics that help us understand how the website performs.
  • To comply with legal obligations, respond to lawful requests, and protect our rights and the rights of others.
  • To detect, prevent, and respond to fraud, abuse, or security incidents.

We do not sell personal information, we do not "share" personal information for cross-context behavioural advertising as defined under CCPA/CPRA, and we do not use it to build advertising profiles.

4. Legal bases for processing (EEA, UK, and similar regimes)

Where the EU GDPR or UK GDPR applies, we rely on one or more of the following legal bases:

  • Consent, for non-essential cookies and direct marketing where required by law. You may withdraw consent at any time.
  • Performance of a contract, or steps requested by you prior to a contract (for example, when you ask us for information or a demo).
  • Legitimate interests, in operating a secure website, communicating with prospects and partners, and growing our business, balanced against your rights.
  • Legal obligation, where we must process information to comply with applicable law.

You may object to processing based on legitimate interests by contacting us.

5. How we share information

We disclose personal information only in the limited circumstances below:

  • Service providers / sub-processors. We engage trusted vendors to host our website, send transactional email, provide aggregate analytics, secure our infrastructure, and process payments where applicable. These vendors act on our written instructions and are bound by confidentiality and data protection terms. A current list is available on our Sub-processors page.
  • Group companies. We may share information with entities under common control with BrightSumo for the purposes described in this policy.
  • Legal and safety. We may disclose information where we believe in good faith that disclosure is required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of BrightSumo, our users, or others.
  • Corporate transactions. If we are involved in a merger, acquisition, reorganization, financing, or sale of assets, personal information may be transferred as part of that transaction. We will notify you, where required.

We do not transfer personal information to advertising networks or data brokers from this website.

6. International data transfers

We operate from India and may use service providers located in other countries, including the European Economic Area, the United Kingdom, the United States, and other jurisdictions. Where personal information is transferred outside its country of origin, we rely on appropriate safeguards required by applicable law, such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, and adequacy decisions where they apply. You may request a copy of the relevant safeguards by emailing us at hello@brightsumo.co.

7. Retention

We retain personal information only for as long as needed for the purposes described in this policy, to comply with legal, tax, accounting, and reporting requirements, to resolve disputes, and to enforce our agreements. Typical retention windows:

  • Contact and inquiry messages: up to 24 months after our last interaction, then deleted or anonymised.
  • Marketing list entries: until you unsubscribe, then we keep a minimal suppression record so we do not contact you again.
  • Server and security logs: typically 30 to 90 days, longer for security investigations.
  • Records required for legal compliance: for the period required by law.

8. Security

We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorised access, alteration, disclosure, and destruction. These include transport encryption (TLS), access controls, principle of least privilege, segregated environments, vendor due diligence, and ongoing monitoring. A summary is available on our Security Overview page. No method of transmission or storage is fully secure, and we cannot guarantee absolute security. We will notify you and the relevant supervisory authority of a personal data breach where required by applicable law.

9. Your rights

Subject to applicable law, you may have the following rights with respect to your personal information:

  • Access: request a copy of the personal information we hold about you.
  • Rectification: ask us to correct inaccurate or incomplete information.
  • Erasure: ask us to delete personal information in specified circumstances.
  • Restriction: ask us to limit the processing of your personal information.
  • Portability: receive certain personal information in a structured, commonly used, machine-readable format.
  • Objection: object to processing based on legitimate interests or for direct marketing.
  • Withdraw consent: where processing is based on consent, withdraw it at any time without affecting prior lawful processing.
  • Complaint: lodge a complaint with a supervisory authority in your country of residence or place of alleged infringement.

To exercise these rights, email hello@brightsumo.co. We may need to verify your identity before fulfilling a request. We do not discriminate against individuals for exercising their privacy rights.

10. Notice to California residents (CCPA / CPRA)

If you are a California resident, you have the rights described in section 9 above, plus the rights to know about personal information collected, sold, or shared, to correct inaccurate information, to limit the use of sensitive personal information, and to opt out of the sale or sharing of personal information for cross-context behavioural advertising. We do not sell or share personal information for cross-context behavioural advertising as defined by the CPRA, and we have not done so in the preceding twelve months. Categories of personal information we have collected in the past twelve months include identifiers, internet or other electronic network activity information, and commercial information (inferred from inquiries). You may submit a request to know or delete by emailing hello@brightsumo.co. You may use an authorised agent; we will request reasonable proof of authorisation.

11. Notice to residents of India (DPDP 2023)

If you are located in India, you are a "data principal" under the Digital Personal Data Protection Act 2023. You have the rights to (a) confirm and obtain a summary of the personal data being processed, (b) correct, complete, update, and erase your data, (c) nominate another person to exercise your rights in case of incapacity or death, and (d) grievance redressal. To exercise these rights or raise a grievance, contact our Grievance Officer at hello@brightsumo.co. If unresolved, you may approach the Data Protection Board of India.

12. Children's data

This website is intended for adult business users and is not directed to children. We do not knowingly collect personal information from individuals under 16 (or the minimum age applicable in your jurisdiction). If you believe a child has provided us personal information, please contact us and we will take steps to delete it.

13. Automated decision-making

We do not use this website to make decisions that produce legal or similarly significant effects about you based solely on automated processing.

14. Do Not Track and Global Privacy Control

Because we do not engage in cross-site tracking from this website, browser "Do Not Track" signals and Global Privacy Control (GPC) signals do not change our behaviour; we already do not track or share for advertising purposes.

15. Third-party links

The website may contain links to third-party sites and services. We are not responsible for their privacy practices. Please review their policies before submitting information.

16. Changes to this policy

We may update this policy from time to time. The latest version will always be posted at this URL with a refreshed "Last updated" date. Where the change is material, we will provide additional notice (for example, by email or a banner on the website) before it takes effect, to the extent required by applicable law.

17. Contact

Privacy inquiries, requests, and grievances: hello@brightsumo.co.

This document is provided for transparency. It is not legal advice. If you have a question about it, contact us at hello@brightsumo.co.