Brighterion Privacy Policy


Brighterion receives data from Acquirers, Issuers, banks, Processors, financial institutions and other entities to help them prevent fraud, predict risk and delinquency, detect money laundering and comply with international regulations. Brighterion does not receive data directly from consumers. This policy sets forth the manner in which such data is used and secured by Brighterion. This policy does not describe how such data may be used by our clients who received the data directly from the consumer and sent it to us. Consumers concerned about the use of their data should review the privacy policies of the companies with which they do business directly in addition to this policy.

EU-US and Swiss-US Privacy Shield Framework

Brighterion, Inc complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. Brighterion, Inc has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit

In compliance with the US-EU and Swiss-US Privacy Shield Principles, Brighterion, Inc commits to resolve complaints about your privacy and our collection or use of your personal information. European Union or Swiss individuals with inquiries or complaints regarding this privacy policy should first contact Brighterion, Inc at: and  identify “Privacy Compliance” in the subject line,


Privacy Compliance
Brighterion, Inc.
150 Spear Street, 10Th Floor
San Francisco, CA, 94105
+1 (415) 986-5600

Brighterion, Inc has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit for more information and to file a complaint.

Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.

Adherence to the EU-US and Swiss-US Privacy Shield Frameworks

Client Personal Data processed or stored by Brighterion, Inc. may be subject to contractual agreements with our clients that require more stringent privacy and security safeguards than the requirements in the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. At a minimum, however, Brighterion, Inc. handles Client Personal Data in accordance with our Privacy Policy, which is based upon the  principles identified in the Privacy Shield Framework.

Brighterion is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

Business Purposes for the Collection and Use of Personal Data

Brighterion does not receive data directly from consumers. Generally, Brighterion’s clients are processors or merchants selling goods. Brighterion receives consumer data indirectly via its clients. Brighterion’s clients may provide data relating to financial transactions.

Use of the data received.

Brighterion processes the data received from its clients using its proprietary risk management platform and external data sources to design custom models, detect money laundering, predict risk or prevent fraud.  The results of Brighterion’s analysis are made available to the client that sent the data to Brighterion. The client may use Brighterion’s case management to review historical data related to a customer or a merchant.  Transactional data is stored by Brighterion on behalf of its clients for periods of time specified in its client contracts.

Data elements may contain credit card numbers, individual and merchant names, addresses (shipping, billing …), purchase amounts …

With the written consent of the client, individual elements of the data that were used in a transaction identified by a client as suspicious may be stored by Brighterion and used for further analysis.  In addition, Brighterion may apply advanced analytics to the data received from clients to identify patterns or anomalies useful in preventing fraud, predicting risk and delinquency, detect money laundering and complying with international regulations.

Sharing the data with third parties

Brighterion, Inc also may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

Brighterion may make stored data available to government officials in response to a subpoena or other comparable lawful and compulsory request.

Except as described herein, Brighterion does not make the data received available to any other third parties.

If we ever were to engage in any onward transfers of your data with third parties for a purpose other than which it was originally collected or subsequently authorized, we would provide you with an opt-out choice to limit the use and disclosure of your personal data. In cases of onward transfer to third parties of data of EU or Swiss individuals received pursuant to the EU-US Privacy Shield and Swiss-US Privacy Shield, Brighterion, Inc is potentially liable.

Brighterion encourages its clients to provide their customers with notice of Brighterion’s role in processing the transaction data.

Brighterion encourages  its clients to disclose that the data provided will be processed by Brighterion to prevent fraud, predict risk and delinquency, detect money laundering and comply with international regulations.

Data Accuracy

Brighterion, Inc takes all necessary precautions to protect the Data from loss, misuse and unauthorized access, disclosure, alteration and destruction.

Brighterion, Inc applies the highest data level security. We have physical and system security.  We use firewalls and data encryption and apply strict procedures to protect the data we receives from unauthorized access or misuse. Only key employees have access to data.

Brighterion, Inc takes reasonable steps to ensure that the Consumer Personal Data the company processes are (i) relevant for the purposes for which they are to be used, (ii) reliable for their intended use, and (iii) accurate, complete and current.

Brighterion, Inc acknowledges that EU and Swiss individuals have the right to access the personal information/data that we maintain about them.  A EU or Swiss individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should direct his query to: and  identify “Privacy Compliance” in the subject line,


Privacy Compliance
Brighterion, Inc.
150 Spear Street, 10Th Floor
San Francisco, CA, 94105
+1 (415) 986-5600

If requested to remove data, we will respond within a reasonable timeframe.

Individuals may contact us either directly or through one of our clients, and after appropriate verification of their identity, can reasonably direct the correction or removal of data relating to them in our databases.

Contact for questions.

Any questions about the accuracy, use, processing or storage of data received by Brighterion should be directed to