BrightArrow’s BrightChat Privacy Policy

Collection of Personal Information.
The personal information that we collect is limited to:

  • Full name.
  • Username.
  • Chat message content, including messages and attachments such as photos, videos, and documents. In order to send any attachments, you will be prompted for permission to access your photos, videos, or files.

Use of Personal Information.
We collect and use personal information for the following purposes:

  • To create your account.
  • To provide you with BrightChat services.
  • To provide a safe environment for two-way communication.

Disclosure of Personal Information.

  • BrightArrow never sells your information to any other party.
  • Because our services are primarily used by schools and school districts as a whole, all BrightChat message history is available for your organization’s administrators to review as needed. More specifically, administrators will have access to all messages and attachments sent through BrightChat. This is for general auditing purposes to ensure your safety and the safety of others. The information is not available to any other organization other than the customer’s organization.
  • In order to create your account, we disclose only your name and written content in your instant-messaging chats to Applozic, who assists us in providing BrightChat instant-messaging services to you. We do not disclose any of your personal contact information (other than your name and chat text) with Applozic. To review Applozic’s privacy policy, please refer to this link:

According to Applozic’s privacy policy (note: Applozic will not have your phone number or email address):

  • “If you’re an end user of Applozic’s communication solutions, you can exercise your data protection rights by submitting your request to the company which owns the app or website. Since Applozic only provides services to the companies and they are responsible for authenticating your request and passing it on to Applozic, you must submit your request to the companies. Applozic is totally committed to working with our customers to honor data protection rights to the full extent required by GDPR.”
  • “If you provide us with your personal information, you have the following rights with respect to that information: to review the user information that you have supplied to us, to request that we correct any errors, outdated information, or omissions in user information that you have supplied to us (you may do that by logging into our services), to request that your user information not be used to contact you, to request that your user information be deleted from our records, and to opt our of being contacted by Applozic or third parties.”


  • BrightArrow provides extensive security protections against unauthorized access to customer data. All data is in a 256-bit encrypted database, and a very limited number of BrightArrow personnel have access to the servers containing customer contact and account information. These employees operate within the constraints of strict employee confidentiality agreements which carefully and thoroughly protect the data. BrightArrow would automatically change the encryption keys if any of those employees left.
  • The database servers are protected by firewalls from any outside access. The are only accessible from servers within the data center which in turn run the BrightArrow-authored software that goes through a series of unit, black-box, and white-box testing before being deployed. In addition, any anomalies in the data launch automated alerts to key BrightArrow staff to investigate anything unusual. The system architecture right down the database schema includes an extra layer of customer identification to ensure that data for a customer cannot be accessed by an other party, including other customers.
  • The only way that private customer information can be breached is if the customer creates insecure passwords or lets the passwords reach the wrong hands. BrightArrow takes data security very seriously and has always gone through extreme measures in its software development and hardware architecture to ensure this security.

GDPR Compliance Statement for customers in the EU.