Privacy Policy — Bright-Health-Standards

Last updated: 2026-01-11

1. Purpose

This Privacy Policy explains how Bright-Health-Standardsprocesses personal data in the context of its public website and web application.

Bright-Health-Standards is a doctrinal, informational, and governance platform dedicated to responsible Artificial Intelligence in health and prevention. It is not a medical service and does not provide diagnosis or treatment.

2. Data Controller

Bright-Health-Standards is operated by:
BrightNTech.AI
A trademark of 7Milestone SASU
Paris, France
legal@brightntech.ai

3. Principles Applied

  • Data minimization: no unnecessary personal data is collected.
  • No profiling: no behavioral, health, or psychological profiling.
  • No advertising: no ad tracking, no third-party marketing cookies.
  • Transparency: clear explanation of any data processing.
  • European legal alignment: GDPR by design.

4. Data Collected

4.1 Browsing Data

The website may process limited technical data necessary for operation and security, such as:

  • anonymized or aggregated traffic statistics;
  • security and abuse-prevention signals.

No cross-site tracking or advertising identifiers are used.

4.2 Signatures and Manifests

When users choose to sign a manifest:

  • only data strictly required to ensure uniqueness and integrity is processed;
  • identity verification may rely on Bright-Identity-API, a separate, privacy-preserving service;
  • clear-text personal identifiers are not publicly exposed;
  • optional public attribution requires explicit consent.

5. Purpose of Processing

Personal data, when processed, is used exclusively to:

  • ensure the integrity of signatures and manifests;
  • prevent abuse, duplication, or automated manipulation;
  • maintain accurate counts and transparency;
  • respond to legal or regulatory obligations.

Data is never used for commercial profiling, advertising, or resale.

6. Data Retention

  • Technical logs are retained for a limited duration proportionate to security needs;
  • Signature-related data is retained while the associated manifest remains active;
  • Users may request withdrawal or anonymization in accordance with applicable law.

7. Data Subject Rights

In accordance with the GDPR, users have the right to:

  • access their data;
  • request rectification;
  • request erasure where applicable;
  • object to or restrict processing;
  • lodge a complaint with a supervisory authority.

Requests may be addressed to: legal@brightntech.ai

8. Data Transfers

Bright-Health-Standards does not intentionally transfer personal data outside the European Union.

Where infrastructure providers are used, appropriate legal safeguards are applied.

9. Security

Appropriate technical and organizational measures are implemented to protect data against unauthorized access, loss, or misuse.