Version 1.0 –  21 July 2025 

Privacy policy

Table of Contents

  1. BrightHeart
  2. Purpose
  3. Definitions
  4. Roles and Responsibilities of BrightHeart
  5. BrightHeart as data controller
    • a. Purposes of processing
    • b. Legal basis for data processing
    • c. Categories of data subjects
    • d. Personal data processed
  6. Terms and conditions for the retention of personal data
    • a. Hosting of collected personal data
    • b. Retention period for processed personal data
  7. Sharing and communication of personal data
  8. For EU Users: Data transfers outside European Union
  9. Cookies
  10. Technical and organizational security measures
  11. Your rights regarding your personal data
  12. Privacy contact

BrightHeart

BrightHeart is a simplified joint stock company, registered with the Paris Trade and Companies Register under number 918 652 264, with its registered office at 7–11 Boulevard Haussmann, 75009 Paris.
BrightHeart’s B-Right AI Platform empowers clinicians and sonographers, facilitating comprehensive and standardized fetal heart assessments during routine anatomy scans.

Purpose

This Privacy Policy informs you of the means we have put in place to guarantee the security of your personal data when using the BrightHeart website (https://www.brightheart.ai/) and Solution (https://app.brightheart.ai/).
This Policy applies to your use of the Solution as a User. It does not apply to patients' health data.
It may evolve based on new features, legal changes, or data processing modifications.
Any revision applies to both existing and future data. Users are encouraged to consult the Policy regularly.

Definitions

  • Privacy Regulations: GDPR, HIPAA, CCPA and other applicable privacy laws.
  • Solution: BrightHeart B-Right AI Platform.
  • Controller: Entity determining purposes and means of data processing.
  • Processor: Entity processing data on behalf of the controller.
  • Customer: Organization contracting with BrightHeart.
  • User or Data Subject: Visitor or professional user of the Solution.
  • Personal data: Information identifying a person.
  • Personal Data Breach: Unauthorized access or disclosure.
  • Processing: Operations on personal data (collection, storage, etc.).

Roles and Responsibilities of BrightHeart

BrightHeart processes only necessary data, in accordance with lawfulness, transparency, and data minimization principles.

BrightHeart as Data Controller

Purposes of Processing

  • Website browsing
  • Account management
  • Security management
  • Support request management
  • Usage statistics

Legal Basis for Processing

  • Consent (Request Demo form)
  • Contract (account management)
  • Legitimate interest (usage statistics)

Categories of Data Subjects

Healthcare professionals working for BrightHeart’s Customers.

Personal Data Processed

  • Email address
  • Associated organization
  • IP address
  • Browser and OS
  • Password
  • Connection and action logs
  • Support request content

Terms and Conditions for Retention

Hosting

Data is hosted by Amazon Web Services.
EU: Frankfurt, Germany
US: North Virginia, USA

Retention Period

  • Data retained as long as the account is active
  • Support data: 12 months post closure
  • Logs: 12 months from collection

Sharing and Communication of Data

Data may be shared with:

  • BrightHeart staff and subcontractors
  • Authorities, if legally required
  • Group entities, under legal compliance
  • Third-party service providers (under SCC or equivalent)

For EU Users: Data Transfers Outside EU

Data Processor Purpose Safeguard
Amazon Web Services Hosting EU-U.S. Data Privacy Framework
Sinch (Mailjet) Emailing SCC
Datadog Monitoring EU-U.S. Data Privacy Framework
Sentry Error tracking EU-U.S. Data Privacy Framework
Atlassian (Jira) Support EU-U.S. Data Privacy Framework

Cookies

We do not use cookies.

Security Measures

  • Logical access control
  • Secure authentication
  • Data encryption
  • Physical access control
  • Regular security audits

While we apply all reasonable measures, no system is entirely immune from breaches.

Your Rights

  • Right of access
  • Right of rectification
  • Right to erasure
  • Right to restrict processing
  • Right to object
  • Right to data portability
  • Right not to be subject to automated decision-making

You may also communicate your wishes regarding your data after death. In the absence of instructions, BrightHeart commits to delete the data unless otherwise required by law.

Privacy Contact

Email: dpo@brightheart.fr
Postal: BrightHeart, Data Protection Officer, 7–11 Boulevard Haussmann, 75009 Paris

For US Users

California: contact the Attorney General or CPPA.
Other states: contact your State Attorney General.

For European Users

CNIL
3 Place du Fontenoy TSA 80715, 75334 Paris Cedex 07
https://www.cnil.fr/fr/plaintes/