What happens next?

When you hit submit, your data gets auto-magically moved through some encrypted tubes to search 10+ databases for information related to your home address, your email addresses, your names, etc. Within a few days an analyst reviews the data that’s been gathered to assess risks. Within the next weeks, you’ll receive your first and most robust report. Subsequent reports will drop monthly for the rest of your subscription.

Each report has a to-do list. There will be times when we’ll need your help to:

1. Tell us what you’d like us to do, and/or

2. To cut the flow of data off at the source.

We’ll also have to-dos. With your permission, we’ll request any results outside of data broker sites to remove your information. These removals usually take longer than data brokers, but we keep you informed each month on the status of the requests.

Absolutely not. In our terms of service we highlight that you “own and retain all right, title and interest in and to your own data.” And we mean that.

The data we share with your employer is limited to what they need to know to pay for your service: that you signed up and got started, and/or that your subscription is ending.

If you leave your job or your work-sponsored subscription ends, and you wish to continue paying for the subscription on your own, nothing will change.

We recommend signing up for our service with a non-work email address.

RIGHT? It can be a little uncomfortable.

We only collect information from you that is necessary to provide the Brightlines service. For our services that's a lot of data, and it includes information you're often told not to share.

We gather so much because it helps us to find all your little needles in the giant haystack of the internet. We assume an aggressor would be relentless, and we want to be ahead of them!

All of your data is stored securely and purged when no longer needed – that’s a guarantee.

To keep your data secure, we make sure that the data is only used when needed, and only accessible by those who need to use it.

The first way we do that is to assign you a random client code. We never discuss you, orally or in writing, by name or organization. We also restrict access to your personal information to those employees who need that information to provide services to you; in most cases, this is the analyst assigned to your case and the director of client services.

The following third parties manage your data, but only the data that is necessary to research you. We only choose partners who take your security seriously, and for each subprocessor, we have enforced the greatest user-side security measures across all of our users, including but not limited to, HTTPS websites and multi-factor authentication.

Some services require proof of your consent to remove information - in addition to your power of attorney. Sometimes it’s a signed version of our Terms of Service, other times it's an ID. When we share your ID, we redact your face and driver’s license number. You are also welcome to do that before sharing it with us.

Your ID, like all of your information we gather, is stored securely and purged when no longer needed - that’s a guarantee. See more about how we secure your data.

Power of attorney (POA) is a legally-binding document that allows you to appoint someone to manage your property, medical, or financial affairs. For our work together, we consider your personal identifiable information your property, and narrow the POA to that data.

We use the POA to request removal of your information from data brokers and their websites. This includes:

Submitting opt-out requests to and communicating with third-party websites like data brokers or aggregators or other parties who have control over this content

Signing opt-out documents

Creating accounts for you

Anything else we think is necessary to remove, suppress, or opt-out your personal information from unwanted sources in fulfillment of your order

That last part is key! We only automatically remove your PII on data brokers sites. For all other removals - from other kinds of websites, Google search results, images, public records - we will not act without your express permission.

The POA is only in force until you cancel your service with Brightlines.

Some sites won’t accept a POA as proof of consent to our service. This is why we ask you to upload your driver’s license, and in some cases, request you sign our Terms of Service like a contract.

That’s great! That means you have a solid understanding of how to keep yourself safe. Normally, we’d never recommend you share this data with anyone!

We’ve taken steps to make sure your data is safe to share with us.

1. Our website is running HTTPS, which encrypts data in transit from your browser to the website’s server.

2. Your member site is password protected and your login uses Secure Sockets Layer (SSL) encryption. The site is also coded to thwart anyone trying to get around the protection by disabling Javascript in their browser. We instruct search engines to never index the member pages you access.

3. The form you submit encrypts data when in transit and at rest. That means the information gets encoded so when it gets passed from the form’s host to our data warehouse, it is unintelligible if intercepted.

4. Data housed in our data warehouse is encrypted by row. Any users who access the warehouse use multi-factor authentication and / or single sign-on through their corporate Google accounts.

5. Any files you download will also only be accessible by you, the intended user.

6. We recommend inputting your data and accessing your reports over a trusted WiFi network and on a personal or otherwise trusted device. We do not recommend using a phone, computer, or tablet owned by your company to input data or download reports.

We ask you to collaborate in this work for two reasons:

1. Unlike other services, we don’t just remove your data - we help you assess the threats to you. We guide your decision-making and incorporate your personal risk preferences in mitigating your threats. Working within your preferences means that we only automatically remove your PII from data brokers. For everything else, we give you recommendations and ask for your permission or preference. We’re big believers in continuous consent.

2. To make the biggest impact on your overall online profile, we recommend you take steps that involve legal tasks. AND we get that you don’t always have the bandwidth to take on that work. So, we designed the service so that even with zero engagement, you’ll still receive benefits - throughout your subscription, we will scrub your home address, phone number, and email. This decreases the likelihood that someone can find your home address.

At Brightlines our mission is security - and that includes securing your data and privacy. We have robust internal processes and policies in place to ensure that your personal data remains secure.

You receive a Client ID upon signing up for our services and are not discussed, orally or in writing, by name or organization. We also restrict access to your personal information to those employees and contractors who need that information to provide services to you. All our team members sign non-disclosure agreements agreeing to protect your data and keep it confidential. Additionally any sensitive communication is shared via Signal or other secure means.

Our team members must adhere to our strict security protocol, which includes securing all devices with full-disk encryption and strong passcodes, and all accounts with 2FA and password manager-generated passwords. We prevent harmful trackers from being added to browsers, and ensure that data will be sent on a secure, encrypted, and user-controlled connection. We use virtual private networks (VPN) when connecting to WiFi networks in airports, air planes, coffee shops, and hotels, as well as privacy screens.

We use Secure Sockets Layer (SSL) software, which encrypts information you input and allows you to view your information securely. We store the personal information we collect from you behind a secure firewall and place the transaction site on a secure cloud server.

While you’re using the Brightlines services, we retain your personal data on our secure internal systems and limit access to it to only Brightlines team members working on your behalf and on secured devices.

Within 90 days of completing your subscription, your personal information is deleted from our internal systems. This includes the personal information provided during the intake process and the PII we found throughout the duration of our time working together.

We may retain your contact information, as well as your reports and other deliverables, in an anonymized format and in an encrypted archive, to facilitate renewal of services. We will delete all of this data within one year of your completing the subscription.