Brightspot Security and Disclosure Policy

Last updated July 14, 2022

Security and Transparency

We often get questions from our customers and users about our security practices and what we’re doing to protect their data. We like to be as transparent as possible, therefore this document will explain some of the most important things we do to protect your data. We also will explain what you can do to protect your own data when using Brightspot especially around your password.
It is the CTO’s responsibility to see this policy is enforced.
We may revise these guidelines from time to time. The most current version of the guidelines will be available at

What we do to protect your data:

What you can do to protect your data:

Our Disclosure Policy

  • If you believe you’ve discovered a potential vulnerability, please let us know by emailing us We will acknowledge your email within five business days.

  • Provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within ten business days of disclosure.

  • Make a good faith effort to avoid violating privacy, destroying data, or interrupting or degrading the Brightspot service. Please only interact with accounts you own or for which you have explicit permission from the account holder.


While researching, we’d like you to refrain from:

Thank you for helping to keep Brightspot and our users safe! Brightspot is always open to feedback, questions, and suggestions. If you would like to talk to us, please feel free to email us at