Privacy Policy

This policy describes how BrightSite collects, uses, and shares information when you use our website builder and hosting platform. The short version: we collect only what we need, we never sell your data, and we work hard to keep it safe.

What We Collect and Why

Identity & Access

When you sign up, we ask for your name and email. We use this to personalize your account and contact you if something needs your attention.

Billing Information

If you upgrade to a paid plan, your payment card details are handled by Stripe. We never see or store your full card number. We keep your billing history for accounting and so you can access past invoices.

Content You Create

Your websites, pages, blog posts, forms, and media files are stored on our infrastructure. This is your content — we host it so your sites work.

Usage Data

We track how you navigate the BrightSite dashboard and which features you use so we can improve the product. We do not track you across other websites.

Your Visitors' Data

BrightSite includes built-in analytics for your websites. We collect anonymous visitor data: page views, referrers, browser and device type, and country. Our analytics are cookieless and privacy-friendly — no cross-site tracking, no fingerprinting.

Technical Data

When you access BrightSite, we collect IP addresses, browser information, and operating system details. This helps us maintain the service and diagnose issues.

What We Don't Do With Your Data

We do not sell your personal information. Specifically, we do not:

• Mine your data for advertising purposes
• Build profiles about you to sell to third parties
• Share your information with third parties for their marketing
• Allow employees to access your data without authorization

When We Share Your Information

We share data only when necessary to provide the service:

→ Stripe — processes your payments securely.
→ Cloudflare — provides CDN, DNS, DDoS protection, and media storage for your websites.
→ Transactional email provider — sends account-related emails (password resets, billing receipts, notifications).

We will also share information if required by law or to investigate potential violations of our terms or threats to safety. If that happens, we'll notify you unless legally prohibited from doing so.

How We Secure Your Data

• Encryption in transit and at rest using bank-level technology
• Passwords are securely hashed — we can never see your password
• Secure cloud infrastructure with regular security reviews
• Limited and logged access to systems
• Continuous monitoring for threats

No system is perfectly immune to every possible attack, but we take reasonable and industry-standard measures to protect your data and will notify you promptly if a breach occurs.

Data Retention

We keep your account data and content as long as your account is active. Anonymous analytics data may be retained indefinitely in aggregate form.

When You Delete Your Account

When you delete your account:

• Your personal data and website content are deleted within 30 days
• Some information may persist in encrypted backups for up to 90 days
• Anonymized, aggregated data may be retained

Your Rights

You have the right to:

• Access — view and export your content through the platform
• Correct — update your account details in your settings
• Delete — remove individual content or request full account deletion
• Export — download your website content

If you're in the EU, your GDPR rights apply. If you're in California, your CCPA rights apply. We honor these rights for all users, regardless of location. To exercise any of these rights, email us at support@onbrightsite.com.

Cookies

The BrightSite admin dashboard uses essential cookies to keep you logged in. We don't use tracking cookies or advertising cookies. Websites you build on BrightSite don't set cookies by default — our built-in analytics are cookieless.

Children's Privacy

BrightSite is not intended for children under 13. We do not knowingly collect information from children. If we discover we have data from a child under 13, we'll delete it promptly.

Changes to This Policy

If we make significant changes to this policy, we'll notify you by email or through a notification on the platform before the changes take effect. Minor clarifications or formatting changes may be made without advance notice.