Back to Home

Privacy Policy

Last updated: January 18, 2026

1. Data Controller

The data controller responsible for your personal data is:

Bryght Solutions
The Netherlands
KVK (Chamber of Commerce): 78404401
Email: info@brygthsolutions.com

2. Information We Collect

We collect the following categories of personal data:

  • Account information: Name, email address, password (encrypted), profile picture
  • Usage data: Pages visited, features used, learning progress, quiz results
  • Content: Documents you upload, AI-generated content, chat interactions
  • Technical data: IP address, browser type, device information, language preferences
  • Payment data: Processed securely by Stripe; we do not store credit card details

3. Legal Basis for Processing

We process your personal data based on the following legal grounds (GDPR Article 6):

  • Contract performance: To provide our services, manage your account, and process payments
  • Consent: For analytics cookies and marketing communications (where applicable)
  • Legitimate interest: To improve our services, ensure security, and prevent fraud
  • Legal obligation: To comply with applicable laws and regulations

4. How We Use Your Information

We use your personal data to:

  • Provide, maintain, and improve our AI learning platform
  • Process your uploaded documents and generate learning content
  • Personalize your learning experience
  • Process payments and manage subscriptions
  • Send service-related communications
  • Analyze usage patterns to improve our services
  • Ensure platform security and prevent abuse

5. AI Processing and Automated Decision-Making

Our platform uses artificial intelligence to:

  • Generate summaries, quizzes, and learning materials from your documents
  • Provide personalized learning recommendations
  • Power the AI chat assistant

This AI processing is necessary for providing our core services. No decisions with legal or similarly significant effects are made solely through automated processing. You can request human review of any AI-generated content.

6. Data Sharing and Third-Party Processors

We share your data with the following third-party processors:

  • Google (Gemini AI): For video processing
  • OpenRouter: Private hosted open source AI models
  • Stripe: For payment processing - processes payment information
  • Google Analytics: For website analytics (with your consent)
  • Railway: Cloud hosting infrastructure (EU region)
  • Google Cloud Storage: Document storage (EU region)

All processors are bound by data processing agreements and comply with GDPR requirements.

7. International Data Transfers

Your data is primarily stored and processed within the European Union. When data is transferred to processors outside the EU (e.g., for AI processing), we ensure appropriate safeguards are in place, including:

  • EU-US Data Privacy Framework certification
  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission

8. Cookies and Analytics

We use cookies for:

  • Essential cookies: Required for the platform to function (authentication, preferences)
  • Analytics cookies: Google Analytics (only with your consent)

You can manage your cookie preferences at any time through our cookie consent banner or your browser settings.

9. Data Retention

We retain your personal data for the following periods:

  • Account data: Until you delete your account, plus 30 days for backup recovery
  • Uploaded documents: Until you delete them or your account
  • Usage logs: 12 months
  • Payment records: 7 years (legal requirement)
  • Analytics data: 26 months (anonymized)

10. Your Rights Under GDPR

Under the General Data Protection Regulation, you have the following rights:

  • Right of access (Art. 15): Request a copy of your personal data
  • Right to rectification (Art. 16): Correct inaccurate or incomplete data
  • Right to erasure (Art. 17): Request deletion of your data ("right to be forgotten")
  • Right to restrict processing (Art. 18): Limit how we use your data
  • Right to data portability (Art. 20): Receive your data in a structured, machine-readable format
  • Right to object (Art. 21): Object to processing based on legitimate interest
  • Right to withdraw consent: Withdraw consent at any time for consent-based processing

To exercise any of these rights, contact us at info@brygthsolutions.com. We will respond within 30 days.

11. Right to Lodge a Complaint

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens):

Autoriteit Persoonsgegevens
Website: autoriteitpersoonsgegevens.nl

12. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Secure password hashing
  • Regular security assessments
  • Access controls and authentication
  • EU-based data storage

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through a notice on our platform. The "Last updated" date at the top indicates the most recent revision.

14. Contact Us

For any questions about this Privacy Policy or to exercise your rights, please contact us:

Bryght Solutions
The Netherlands
KVK: 78404401
Email: info@brygthsolutions.com