Terms of Use

1) Key Definitions

• Authorized Users: Individuals you authorize to access the Portal under your account (e.g., your employees, contractors, or client personnel you enable), subject to these Terms.
• Customer Content: Content, data, files, text, images, audio, video, prompts, instructions, configurations, and other materials you or your Authorized Users submit to or through the Portal, including output generated at your direction.
• Customer Clients: If you are an MSP/reseller, the end-customers to whom you provide services and whom you permit to use the Portal.
• System Data: Telemetry, logs, diagnostics, and similar technical data relating to use and performance of the Portal.
• De-Identified / Aggregated Data: Data derived from Customer Content or System Data that is aggregated and/or de-identified so it does not reasonably identify any person or Customer.
• Third-Party Services: Third-party products, applications, integrations, datasets, models, or services that interoperate with the Portal.

2) Accounts, Eligibility, Authority

1. Account Security. Keep credentials confidential; you are responsible for all activity under your account. Use strong passwords and, where available, multi-factor authentication.
2. Eligibility. You represent that you are at least 18 and legally competent to agree to these Terms; you will ensure the same for Authorized Users.
3. Authority. If you accept these Terms for an organization (including as an MSP), you have full authority to bind it and to grant the rights herein.

3) Access Rights and Restrictions

4. License. Subject to these Terms and timely payment of applicable fees (if any), Bright grants you a limited, non-exclusive, non-transferable, non-sublicensable right for Authorized Users to access and use the Portal for your internal business purposes (and, for MSPs, to support Customer Clients) during the Term.
5. Prohibited Uses. You will not (and will not allow others to): (a) copy, distribute, or create derivative works of the Portal; (b) reverse engineer, decompile, or attempt to access source code except as permitted by law; (c) probe, scan, or test security or vulnerabilities; (d) remove proprietary notices; (e) access the Portal to build a competitive product; (f) interfere with or disrupt the Portal or other users; (g) upload malware or unlawful content; (h) exceed usage or rate limits we publish; or (i) violate Section 4 (Acceptable Use).
6. Suspension. We may suspend access immediately if we reasonably believe: (i) there is a security or legal risk; (ii) these Terms or law are being violated; (iii) there is non-payment (as applicable); or (iv) suspension is needed to protect the Portal or others. We will restore access when the issue is resolved.

4) Acceptable Use; Regulated Data

7. Acceptable Use. You are responsible for Customer Content and your Authorized Users' activity. Do not submit content that is unlawful, infringing, deceptive, defamatory, harassing, hateful, or that violates privacy or publicity rights.
8. Regulated Data (PHI/PCI/Other). (a) No Regulated Data Without Addendum. Unless we and you have executed a separate written addendum expressly covering such data (e.g., a Business Associate Agreement for HIPAA or a PCI service provider addendum), you must not submit: protected health information (PHI), payment card primary account numbers or sensitive authentication data, government-issued ID numbers, children's data subject to COPPA, or any data requiring heightened safeguards under law or contract (collectively, "Regulated Data"). (b) If You Upload Regulated Data. If you or any Authorized User (including any Customer Client of an MSP) nonetheless submit Regulated Data without the required addendum, you do so at your sole risk. To the maximum extent permitted by law, we disclaim all liability arising from such submission and may delete, disable access to, or sanitize such data. (c) Your Obligations. You represent and warrant that: (i) you have all necessary consents and authority to submit Customer Content (including any personal data) and to permit Bright to process it under these Terms; (ii) you will enter any legally required addenda with us before submitting Regulated Data; and (iii) you will flow down and enforce these obligations on your Authorized Users and, if you are an MSP, on your Customer Clients. (f) Clarification. For avoidance of doubt, Customer, MSPs, and Customer Clients are responsible for ensuring that appropriate addenda (e.g., HIPAA BAA, PCI addendum) with Bright are executed before submitting Regulated Data. Uploading Regulated Data without required addenda is at Customer's (and, if applicable, the MSP's and Customer Client's) sole risk, and Bright disclaims liability to the maximum extent permitted by law.

5) Confidentiality

Definition; Protection; Compelled Disclosure. Each party will protect the other's Confidential Information with at least reasonable care, use it only to perform under these Terms, and limit access to personnel/contractors under comparable obligations. Disclosure may occur when legally compelled, with prompt notice where lawful.

6) Data Rights and Processing

9. Ownership. As between the parties, you own Customer Content. We own the Portal, System Data, and all related IP.
10. Use of Customer Content. We will use Customer Content solely to provide, secure, maintain, and support the Portal; to prevent or address service, security, and technical issues; and to comply with law. We will not use Customer Content to train, improve, or tune models or services except as expressly set out in a separate signed agreement.
11. System Data. We may collect and use System Data (which may include de-identified usage metrics) to operate, secure, and support the Portal. We will not identify you in external reports without consent.
12. Feedback. You grant us a perpetual, irrevocable, royalty-free license to use feedback and suggestions you provide, without obligation.

7) Privacy; Security; Access Transparency

13. Privacy & DPA. Our Privacy Policy (linked in the Portal) describes our processing of personal data. If we process personal data on your behalf as a processor/service provider, the Data Processing Addendum (DPA) is incorporated by reference.
14. Security. We maintain reasonable administrative, technical, and physical safeguards designed to protect Customer Content commensurate with the nature of the data and our services. You are responsible for configuring the Portal, managing access, and securing your systems that interoperate with the Portal.
15. Access Transparency & Subprocessors. Bright personnel, contractors, Affiliates, and subprocessors with a need-to-know may access Customer Content only to operate, support, secure, or provide the Portal as permitted in Section 6.2, to investigate abuse/technical issues, or to comply with law. Bright may disclose only the categories of subprocessors publicly (e.g., cloud hosting, email delivery, logging/monitoring, analytics, payment processing, support tooling) and will provide a current subprocessor list to Customer upon request (subject to confidentiality). Bright will provide reasonable advance notice of material subprocessor changes via email or in-app notice; Customer's sole remedy for reasonable objection is to cease use of the affected feature or terminate the impacted Order.

8) Third-Party Services; MSP / Reseller Features

16. Third-Party Services. The Portal may interoperate with Third-Party Services (e.g., identity providers, communications tools, cloud storage, AI components). Your use of Third-Party Services is governed by their terms. We do not control and are not responsible for Third-Party Services.
17. MSP / Reseller Terms. If you are an MSP/reseller: (a) you may grant your Customer Clients access to the Portal (including partially branded deployments) solely to receive your services; (b) you must ensure each Customer Client and its users accept and comply with these Terms (or a binding agreement with terms no less protective to Bright); (c) you will be liable for acts and omissions of Customer Clients and their users; and (d) we may enforce these Terms directly against Customer Clients and their users.

9) Fees; Billing; Refunds

18. Plans. Access may be offered via tiered monthly plans, and custom-tailored plans may be set out in a separate written contract (each, an "Order").
19. Billing Cycle. Unless otherwise stated in an Order, billing is monthly in advance. If an Order specifies late fees, overdue amounts may incur the late fee specified in that Order and service may be suspended for nonpayment.
20. Suspension for Nonpayment. For self-serve/tiered plans without an Order-specific late-fee clause, we may suspend or terminate access for unpaid invoices after notice; no late fee applies unless stated in the Order.
21. No Refunds. All fees are non-refundable except where required by law. No cancellation fees apply unless expressly stated in an Order.
22. Taxes. Fees are exclusive of taxes; you are responsible for applicable taxes.
23. Data Retention. Following termination, non-renewal, or suspension, Bright will retain Customer Content for 30 days to enable export upon written request. After that window, Bright may delete or anonymize Customer Content per its standard schedules, subject to legal holds.

10) Intellectual Property

Except for the limited rights expressly granted, no rights are granted by implication. The Portal and all related IP (software, interfaces, features, documentation) are Bright's exclusive property.

11) Indemnification

You will defend, indemnify, and hold harmless Bright, its Affiliates, and personnel from claims, losses, and expenses (including reasonable attorneys' fees) arising out of or related to: (a) Customer Content; (b) your or your Authorized Users' use of the Portal in violation of these Terms or law; (c) your MSP/reseller activities, including acts or omissions of Customer Clients; or (d) your use of Third-Party Services.

12) Disclaimers

To the maximum extent permitted by law, the Portal and all related materials are provided "as is" and "as available." We disclaim all warranties, express or implied, including merchantability, fitness for a particular purpose, and non-infringement. We do not warrant that the Portal will be error-free or uninterrupted or that output will be accurate or complete.

13) Limitation of Liability

14) Term; Termination; Data Export/Deletion

24. Term. These Terms start when you accept and continue until terminated.
25. Convenience Termination. Either party may terminate at any time upon 30 days' notice; if you have a paid plan with a committed term, termination is effective at the end of the current term unless an Order states otherwise.
26. Termination for Cause. Either party may terminate immediately for a material breach uncured 10 days after written notice.
27. Effect. Upon termination: (a) rights to access the Portal cease; (b) you will promptly pay any due fees; and (c) upon written request within 30 days, we will make available an export of Customer Content then in our possession in a commercially reasonable format. After that window, we may delete or anonymize Customer Content per our retention schedule, subject to legal holds.

15) Changes

We may modify the Portal and these Terms from time to time. Material changes to the Terms will be notified by email, in-app notice, or posting with effective date at least 15 days before effectiveness (unless required sooner for legal or security reasons). Your continued use after the effective date constitutes acceptance.

16) Export, Sanctions, Anti-Corruption

You will comply with applicable export, sanctions, and anti-corruption laws and represent that you are not on any U.S. denied-party list.

17) Government & Regulated Uses

Unless expressly agreed in writing, the Portal is provided as "commercial items." You are responsible for determining whether your contemplated use satisfies sectoral/regulatory requirements (e.g., HIPAA, GLBA, FERPA, PCI) and for entering any required addenda before submitting Regulated Data.

18) Notices

Legal notices to Bright must be sent to legal@bright.it with a copy to Bright Information Technology LLC, Attn: Legal Notices, Davie, Florida (or any updated address Bright posts in the Portal). Notices to you may be provided via the Portal UI, email to your account email, or your billing contact.

19) Governing Law; Venue; Waivers

20) Assignment; Miscellaneous

You may not assign these Terms without our consent; we may assign to an Affiliate or in connection with a merger, acquisition, or sale of assets. If any provision is unenforceable, the remainder remains in effect. No waiver is effective unless in writing. Nothing creates an agency, partnership, or joint venture. Headings are for convenience only. These Terms constitute the entire agreement on their subject matter, superseding prior or contemporaneous communications.