Introduction
Please note that your access to and any use you make of this site or the information, services, or other sites available through this site are governed by (1) this Privacy Policy and by (2) our Terms of Use, both of which we may change from time to time by posting updated versions here.
We grant you such access and use on the condition that you acknowledge such Privacy Policy and that you accept and continue to abide by such Terms of Use.
There are three types of people who legitimately access those services—and the web pages and information related to those services.
The first type consists of persons who access our company’s informational website at www.brightleaf.com and at the various subpages of that domain. Typically, these subpages are reached through subdomain uniform resource locators styled as brightleaf.com/subdomainname or subdomainname.brightleaf.com. However, in some cases our pages and subpages which may also be provided with a different internet address or page nomenclature, in which case said pages will be identified by a “Powered by Brightleaf” legend, link, or similar notice. These Terms of Use refer to persons who access any such domain or subdomain as “Visitors,” to the pages they access as a “Site” or as the “Sites,” and to the information and materials (including any text, images, marks, logos, compilations, media, data, information, publications or other content) they receive from those Sites as “Information.”
The second type of person accesses Sites as a means to view, evaluate, or use some of the technological offerings, tools, systems, accounts, automated documents or automated workflows (the “Services”) that Brightleaf from time to time provides to its customers and prospective customers (or in some cases, to the general public). This policy refers to that second group as “Users,” regardless of whether those users are Brightleaf customers, prospective customers, or other persons who receive access to the Services. Users may be subject to additional terms and conditions and may be required to indicate individually their acknowledgment of and agreement to those additional terms and conditions.
Many of our Users are lawyers. When a User with appropriate Service permissions grants a third party (for example, when a law firm grants access to a client or prospective client) access to any Site, Information, or Service, this policy refers to such a third party as a “Client User”. In this context, “Client Data” refers to any data, documents, information, or content that is uploaded, shared, or otherwise made available by the Client User through the Site or Service, including but not limited to confidential business information, legal documents, or any other proprietary data.
Any reference to “you” or “your” in this Terms of Use may refer to a Visitor, User, or Client User.
Except as described in the section below entitled “Privacy Terms for Services,” this privacy policy is designed to inform users of the Website about how we gather and use personal information that they submit to us through the Website. If you want to know about our policies regarding privacy commitments to users of our Services, please refer to Privacy Terms for Services section.
Brightleaf will take reasonable steps to protect user privacy consistent with the guidelines set forth in this policy and with applicable U.S. laws. In this policy, “user” or “you” means any person viewing the Website or submitting any personal information to Brightleaf in connection with using the Website. By using the Website, you are indicating your consent to this Privacy Policy.
IF YOU DO NOT AGREE WITH THIS PRIVACY POLICY, YOU SHOULD NOT USE THE SITE.
What Information Do We Collect?
Personal Information: The Website allows customers who are interested in Brightleaf products, services, and information to contact Brightleaf and to read, or receive downloads or transmissions of, our information. If you contact Brightleaf through the site or if you request any such information, we may collect your name and email address, any additional contact information (such as your employer, address or telephone number) that you choose to disclose to us, and the names and types of materials that you download or otherwise request from our site (together, “Personal Information”).
Aggregate Information: We may use generally-used web tracking technologies, such as cookies that collect anonymous traffic data, in order to collect information such as IP host address, pages viewed, and the manner in which you navigated through the Website, and may aggregate such information in a manner which does not identify any individual (“Aggregate Information”).
Contributed Information: We may from time to time allow Website users to post to the Site, or submit to us through the Site, their comments, suggestions, ideas, writings and views. Any rights to any information (“Contributed Information”) contained within such post, suggestion, idea, writing or view shall become the sole property of Brightleaf Solutions, Inc. upon submission. We shall have no obligation at law or equity to compensate the submitting user, nor shall we be required to post, keep posting, or remove all or any portion of this information.
Use of Cookies: A cookie is a commonly used automated data collection tool. Cookies are small text files that are placed on your computer or device by websites that you visit or HTML-formatted emails you open, in order to make websites work, or work more efficiently.
The Website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). The information generated by the cookie about your use of the Website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the Website, compiling reports on Website activity for Brightleaf, and providing other services relating to Website activity and internet usage. Google may also, consistent with its own privacy policies, transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of the Website. By using the Website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
How Do We Use the Information We Collect?
Personal Information: If you provide Personal Information to us, we may enter such information into our contact management database, and may use such database to send you our marketing materials and to contact you regarding your interest in Brightleaf products and services. In such an event, we will offer you the option to opt out of similar contacts from us in the future. We do not re-sell your Personal Information nor do we re-use it for any purpose other than that described in this paragraph.
Aggregated Data: Brightleaf uses Aggregate Information only in an aggregate form that does not identify the individual user, and only for us to understand the performance of the Website. For example, we may develop Aggregate Information on the Website and content usage, such as by keeping a count of return visitors to the Website and assessing which pages of the Website are most popular. This allows us to determine which features visitors like best to help us improve our content and site, personalize your user experience, and measure overall site effectiveness. Brightleaf allows Google to use Aggregate Information pursuant to the Website’s use of Google Analytics, described above.
Legal Exception: Notwithstanding the above, Brightleaf may use Personal Information to the extent required by law or if in Brightleaf’s reasonable discretion use is necessary to investigate fraud or any threat to the safety of any individual, to protect Brightleaf’s legal rights or to protect the rights of third parties.
Privacy Terms for Services
With the exception of this section (and its component subsections) under the heading “Privacy Terms for Services,” this policy does not govern the use or disclosure of information provided to Brightleaf by Brightleaf’s service customers or by any third parties whom those customers grant Services access to. Because the nature of the services may vary from customer to customer, our uses and disclosures of information are subject to (a) separate written agreements between Brightleaf and those customers and to (b) the written terms of use that each Services user consents to before their use of such service.
There are five common information types that we collect from service users.
- Account-specific user information, such as user name, password, contact information, employer, user permission levels, and office location. We collect and store this information as a necessary component of providing services to users and maintaining security for them. We do not re-sell any such information, nor do we use it for any purpose other than (a) providing services to that user, and (b) contacting that user about services.
- Anonymized usage pattern information or anonymized statistical comparison of documents. We may from time to time gross statistical information about the usage patterns within our services. We use such information in product refinement efforts. This information cannot be used to identify any person or entity nor can it interrelate any person or entity with any particular data. Our use of such information does not violate any user copyrights.
- User Audit Trail information that maintains a record of which users access which services, as well as when and how they use those services. We maintain this audit trail information for the purpose of fulfilling contractual obligations between us and our customers and to provide those Customers with usage information from the third parties with whom they share Services.
- Customer proprietary information. We consider the forms, templates, modules, and guides that our customers create within Brightleaf to be confidential and proprietary to those customers. We do not re-use, re-sell, transmit to third parties, copy, prepare derivative works from, or permit unauthorized access to them. Our personnel access them only when we need to in order to perform our obligations and provide the services contracted for in our customer agreements with those law firms.
- Brightleaf may aggregate and utilize data and information related to the customer’s use of services for research, development, and AI/ML model training to improve service accuracy, performance, and other functionalities (“Service Improvements”). Brightleaf will not include Client Data in a form that identifies the customer or their clients. Before using Client Data for Service Improvements, Brightleaf will employ industry-standard techniques to anonymize the data, unless the customer provides explicit consent for non-anonymized use. Anonymized data, as well as any resulting Service Improvements, will not be considered Client Data. Both Client Data and anonymized data will be protected by the security measures outlined in Brightleaf’s security policy at all times. Brightleaf retains all intellectual property rights over any Service Improvements, including enhancements to its AI/ML models.
- Most if not all of our Customers are attorneys or legal professionals who work for attorneys. We consider the client-specific and matter-specific information (which may include personal information) that those Customers, and the third-party users that those Customers share Services with, placed into our system to be highly confidential and proprietary to the firm and the firm’s client. We do not re-use, re-sell, or transmit them to third parties, nor do we condone unauthorized access to them. We do not permit use of this information for any purpose other than the conduct of business between the firm and its client. In accordance with our security policies, we restrict access to the sections of our systems where this information resides, so that only a small, select, pre-screened group of senior technical personnel, bound by confidentiality agreements, have the ability to access it, and may only access it (a) where necessary for the provision of services for the purpose of providing services to the Customer under our agreement with that Customer, (c) in compliance with applicable laws, and (d) in a manner that we can track and log.
How Do We Protect the Security of Your Information?
The security, integrity, and confidentiality of your information are extremely important to us. We have implemented technical, administrative, and physical security measures that are designed to protect guest information from unauthorized access, disclosure, use, and modification. From time to time, we review our security procedures to consider appropriate new technology and methods. If you are a user of Brightleaf Services and require additional information about our security measures, please contact our Privacy Officer, Samir Bhatia at sbhatia@brightleaf.com.
Data Breach and Security Incident Handling Procedure
Working in conjunction with other functions, the IS Coordinator is responsible for coordinating the generation, operation, and maintenance of documented incident response procedures setting out the actions to be taken when reported information security events are found to relate to security incidents, including for example the proper investigation and collection of forensic evidence and escalation to specialists and management as appropriate.
Any privacy data breach or security event should be reported to incident@brightleaf.com as soon as practicable after they occur. To this end, employees, vendors, and users will be made aware of the correct procedure for noting and reporting security events as part of the standard information security induction training and security awareness processes
Depending on the severity of the security event notified, the Functional Owners/ IS Coordinator will initiate suitable incident responses processes and engage, call out or inform relevant parties (Steering Committee/Core Team).
Where customers, suppliers, partners, regulators, or other third parties are impacted by, or otherwise need to be informed, about breach/security incidents, the decision to notify them will be ratified by the most appropriate manager (e.g. the Steering Committee Coordinator) or management committee (Security Committee). Relevant internal functions listed above will normally be consulted beforehand, along with those responsible for external communications such as Public Relations.
Following serious security incidents, asset owners in conjunction with the IS Coordinator and others are responsible for reviewing their risk management requirements to identify whether further control improvements are justified. Asset owners are also responsible for reporting serious incidents promptly and accurately to the Steering Committee detailing the severity of any losses, identifying the root cause/s, and describing the remedial actions taken or necessary to prevent a recurrence.
What Information Do We Disclose to Third Parties?
Brightleaf’s Disclosure of Personal Information: Brightleaf reserves the right to share your Personal Information) with our third-party business partners who may provide goods or services that are related to our business or that form component of our Services. Notwithstanding the foregoing, Brightleaf reserves the right to disclose any information Brightleaf collects in connection with the Website, without further notice to you (a) to any successor to Brightleaf’s business as a result of any merger, acquisition or similar transaction; and (b) to any law enforcement or regulatory authority to the extent required by law or if, in Brightleaf’s reasonable discretion, such disclosure is necessary to investigate fraud or any threat to the safety of any individual, to protect Brightleaf’s legal rights or to protect the rights of third parties.
Anonymous, Aggregated Information: We may disclose Aggregate Information to third parties such as business partners to describe our business and operations, and otherwise to operate and develop Brightleaf’s business. Google has access to certain Aggregate Information pursuant to the Website’s use of Google Analytics, described above.
Privacy terms for services that our customers provide to you
Some of our customers (for example, law firms) use our Services to create pages that they distribute to their clients and prospective clients. In such instance, that customer may post on such page or in the space below additional privacy terms regarding how they will use any Personal Information, Aggregated Information, or Contributed Information.
How Can You Opt-Out of Use and Disclosure of Your Information?
If you would like your Personal Information removed from our mailing list or database, please contact our Privacy Officer, Samir Bhatia at [sbhatia@brightleaf.com]. In the event of any such removal, Brightleaf may retain copies of the information for its archives.
Access and Updating of Information
You can update your information by using the profile editing tools on the Website. Brightleaf will respond to any reasonable request by a user to review or amend his or her Personal Information held in our mailing list or database. Brightleaf reserves the right to verify your identity in order to provide such access. Please contact us by sending an email to our Privacy Office, Samir Bhatia at [sbhatia@brightleaf.com].
General
Links: The Website may contain links to other websites. Brightleaf is not responsible for the privacy practices or the content of those websites. Users should be aware of this when they leave our site and review the privacy statements of each Web site they visit that collects information. This Privacy Policy applies solely to personal information collected by Brightleaf.
Amendments: Brightleaf may modify or amend this policy from time to time. If we make any material changes, as determined by Brightleaf, in the way in which Personal Information is collected, used, or transferred, we will notify you of these changes by modification of this Privacy Policy and placing it on the Website, where it will be available for review.
Website Visitors from outside the United States: Brightleaf and its servers are located in the United States and are subject to the applicable state and federal laws of the United States. If you choose to access the Website, you consent to the use and disclosure of information in accordance with this privacy policy and subject to such laws.
Terms of Use: This policy forms part of, and is subject to, the provisions of Brightleaf’s Terms of Service.
Effective Date of this policy: OCTOBER 1, 2014
Last Updated: May 11, 2021
Revision history: Added section for “Data Breach and Security Incident Handling Procedure”