Privacy Policy

Last updated: April 2026

This Privacy Policy explains how BrightParent (“BrightParent”, “we”, “us”, or “our”), operated by Valesbury Holdings Inc., collects, uses, discloses, and protects your information when you use our website, waitlist, and mobile application (together, the “Services”).

BrightParent is an educational support tool for parents and legal guardians. It is not a medical, psychological, therapeutic, diagnostic, or crisis service.

We are committed to collecting as little personal data as reasonably necessary to provide meaningful, non-clinical parenting support, while complying with applicable privacy laws, including Québec privacy law, Canadian federal law, and, where applicable, laws such as the EU/UK General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA/CPRA).

1. Who we are and roles under privacy law

BrightParent is a product of Valesbury Holdings Inc., a company organized under the laws of Québec, Canada (“we”, “us”, “our”).

For most processing activities described in this Policy, Valesbury Holdings Inc. acts as a data controller (or equivalent term under applicable law), which means we decide how and why your personal information is processed.

In limited cases, when we process personal information solely on behalf of another organization that has its own relationship with you, we may act as a data processor. In those situations, our processing is governed by our agreement with that organization.

To exercise your rights, please use our Contact page. We may need to verify your identity before responding to your request. In some cases, we may be unable to fully comply (for example, if we are legally required to retain certain records), but we will explain our reasoning where permitted by law.

2. Definitions

In this Privacy Policy:

• “Personal information” (or “personal data”) means information about an identified or identifiable individual, as defined under applicable law.
• “Services” means the BrightParent website, waitlist, and mobile app.
• “Child profile information” means non-identifying details about your child, such as age range, general temperament, and categories of challenges (e.g., “bedtime struggles”).
• “AI interaction data” means your prompts, inputs, and the AI-generated responses you receive when using BrightParent’s AI features.
• “AI Provider” means a third-party artificial intelligence model provider (for example, OpenAI or Anthropic) that processes your data to generate AI outputs.
• “Applicable law” means any data protection or privacy laws that apply to our processing of your personal information, including Québec, Canadian federal, EU/EEA, UK, and U.S. state laws where relevant.

3. Scope of this Policy

This Policy applies to:

• The BrightParent website, including brightparent.app.
• Our waitlist and email communications.
• The BrightParent mobile app, when available.

This Policy does not apply to third-party websites, apps, or services that may be linked from our Services. Those are governed by their own privacy policies and terms.

4. Who BrightParent is for (adults only)

BrightParent is designed for parents and legal guardians who are at least 18 years old (or the age of majority in their jurisdiction). We do not target children and do not knowingly collect personal information directly from children.

If you are a child, you must not attempt to create an account or use the Services directly. If you are a parent or legal guardian and believe your child has provided personal information to us, please contact us so we can take appropriate steps to delete it.

5. Information we collect

We intentionally collect as little personal data as reasonably possible while still providing meaningful, non-clinical parenting support.

5.1 Information you provide directly

• Contact details – such as your email address when you join the waitlist, sign up for updates, or create an Account.
• Basic account settings – for example, your language preference, notification choices, and display options.
• Child profile information (non-identifying) – such as age range (not exact birthdate), general temperament, challenge categories (e.g., “homework pushback”, “sibling conflict”), and relevant context.
• Parenting goals and challenges that you select or describe to help personalize suggestions.
• Feedback and communications – such as messages you send us for support, surveys, or product feedback.

We intentionally avoid collecting information that directly identifies your child (such as full name, exact birthdate, address, school, or medical record numbers). We encourage you not to include sensitive child identifiers in free-text fields.

5.2 Information we intentionally avoid collecting

We do not intentionally collect or use the following categories of information:

• Health or medical data used for clinical diagnosis or treatment.
• Mental health information used for clinical assessment or therapy.
• Precise geolocation (such as GPS-level coordinates).
• Biometric identifiers (such as facial recognition data or fingerprints).
• Photos or videos of children uploaded into BrightParent.
• Information used for targeted advertising or cross-site behavioural tracking.

5.3 Information collected automatically

When you use the Services, we may automatically collect:

• Device information (for example, device type, operating system, browser type, screen size).
• Approximate location based on IP address, primarily for security, fraud detection, and aggregate analytics (e.g., understanding which country users are in).
• Usage data – such as pages or screens visited, time spent, features used, and general interaction patterns.
• Error and crash logs – limited technical information to help us troubleshoot stability and performance issues.

5.4 Cookies and similar technologies

We use cookies and similar technologies only to:

• Remember basic preferences (for example, language or display options).
• Measure aggregate site usage and improve the experience.

We do not use cookies for targeted advertising, retargeting, or cross-site tracking.

In general, our cookies fall into these categories:

• Essential / functional – required to provide core site or app features.
• Preferences – remember your settings to keep the experience consistent.
• Analytics – help us understand how the Services are used in aggregate.

You can usually configure your browser or device to block or delete cookies. If you disable essential or functional cookies, some parts of the Services may not work as intended.

5.5 AI interaction data

When you interact with BrightParent’s AI features (for example, by describing a scenario or asking for a script), your inputs and the AI-generated responses may be:

• Processed in real time to generate educational, non-clinical guidance for you.
• Retained for a limited period to detect misuse, unsafe behaviour, or abuse of the system.
• De-identified and aggregated to improve models, safety filters, and the overall quality and reliability of the Services.

5.6 Third-party AI providers

To provide AI-generated guidance, BrightParent may send your prompts (and relevant context) to trusted third-party AI Providers such as OpenAI or Anthropic. These AI Providers process your data solely to generate responses and maintain system safety and security.

We contractually require AI Providers to protect your data and to comply with applicable privacy laws. Specifically, we do not allow them to:

• Use your data to build or train public models that are available to other customers.
• Use your data for targeted advertising or cross-site behavioural profiling.

6. How we use your information

We use personal information, as permitted by law, to:

• Provide, operate, and maintain the Services.
• Generate, personalize, and deliver AI-powered, educational parenting guidance based on age range, context, and your stated preferences.
• Configure your experience according to your settings and choices.
• Communicate with you about product updates, early access, feature changes, and important notices.
• Monitor, maintain, and improve the security and reliability of the Services.
• Detect, prevent, and address misuse, abuse, and potentially unsafe or fraudulent activity.
• Analyze aggregate usage to improve features, user experience, and safety filters.
• Comply with legal obligations and respond to lawful requests from authorities.

7. Legal bases for processing (if applicable)

For users in the EU/EEA, UK, and other jurisdictions with similar laws, our processing of personal data may rely on one or more of the following legal bases:

• Consent – for example, when you join our waitlist, create an Account, or opt in to certain communications.
• Legitimate interests – such as improving the Services, ensuring security, preventing misuse, and understanding how our Services are used, provided these interests are not overridden by your rights and freedoms.
• Contract – to provide features or services you request, including any paid subscription features.
• Legal obligations – to comply with applicable laws, regulations, or judicial or administrative orders.

8. How we share information

We do not sell your personal information.

We may share data in the following limited circumstances:

• Service providers – including hosting providers, AI Providers, analytics tools, error monitoring services, and email delivery platforms that help us operate the Services. These providers are bound by contractual obligations to protect your data and to use it only in accordance with our instructions.
• Professional advisors – such as lawyers, accountants, auditors, or insurers, under appropriate confidentiality obligations.
• Authorities and legal requests – when required by law, regulation, legal process, or where we believe in good faith that disclosure is reasonably necessary to protect the rights, safety, or property of BrightParent, our users, or others.
• Business transfers – in connection with a merger, acquisition, reorganization, or sale of all or part of our business. If such a transfer occurs, we will require the successor entity to protect personal information in a manner consistent with this Policy, or we will notify you and provide choices as required by law.

9. Data retention

We retain personal information only as long as necessary to:

• Provide and improve the Services.
• Maintain security, prevent misuse, and protect our legitimate interests.
• Comply with legal obligations and resolve disputes.

In practice, this generally means:

• Account and profile data – retained for as long as your Account is active and for a reasonable period afterward (typically up to 24 months) for backup, security, or legal purposes, unless a longer retention period is required or permitted by law.
• Waitlist and communication data – retained until you unsubscribe, exercise your rights to deletion, or we no longer need it to contact you.
• Logs and analytics – retained for a limited period (for example, several months up to 24 months) in aggregate or de-identified form.
• Secure backups – deleted information may persist in encrypted backup copies for a limited period (typically up to 90 days) for disaster recovery purposes. These backups are not used for active processing.

AI interaction data is minimized and may be anonymized or aggregated so that it no longer identifies you. Once data has been anonymized or irreversibly aggregated, it is no longer considered personal information.

10. Data security

We use reasonable and appropriate technical and organizational measures to protect personal information, including encrypted transmission in transit (for example, HTTPS) and encryption at rest, access controls, and security monitoring.

However, no method of storage or transmission over the Internet is 100% secure. While we work to protect your data, we cannot guarantee absolute security. You use the Services at your own risk.

If we become aware of a data breach that is likely to create a real risk of significant harm, we will take appropriate steps as required by law, which may include notifying affected individuals and relevant regulators.

11. International data transfers

Your data may be processed in countries where we or our service providers operate, including Canada, the United States, and other jurisdictions that may have different data protection laws than your home jurisdiction.

When we transfer personal data internationally, we use appropriate safeguards to comply with applicable laws, such as Standard Contractual Clauses or other legally recognized transfer mechanisms.

For residents of Québec, we conduct Privacy Impact Assessments before communicating personal information outside Québec, to ensure that it will receive protection equivalent to that required by Québec law.

12. Your rights and choices

Depending on your location and applicable law, you may have the right to:

• Access the personal information we hold about you.
• Request correction of inaccurate or incomplete data.
• Request deletion of your personal information in appropriate circumstances.
• Withdraw consent where processing is based on consent.
• Restrict or object to certain types of processing.
• Receive a copy of your data in a portable format (data portability), where such right is provided by law and technically feasible.

You may request full deletion of:

• Your email address and Account profile.
• Your non-identifying child profile settings.
• AI interaction logs linked to your Account, to the extent technically feasible.

To exercise your rights, please use our Contact page. We may need to verify your identity before responding to your request. In some cases, we may be unable to fully comply (for example, if we are legally required to retain certain records), but we will explain our reasoning where permitted by law.

12.1 EU/EEA and UK residents (GDPR)

If you are in the EU/EEA or UK, you also have the right to lodge a complaint with your local data protection authority if you believe your rights have been infringed.

12.2 California residents (CCPA/CPRA)

If you are a California resident, you may have additional rights under the CCPA/CPRA, including rights relating to access, deletion, and non-discrimination for exercising your privacy rights.

BrightParent does not sell personal information as that term is defined under the CCPA/CPRA, and we do not share personal information for cross-context behavioural advertising.

13. Children’s privacy

BrightParent is designed for use by parents and legal guardians, not children. We do not knowingly collect personal information directly from children.

If we learn that a child under the age of 13 (or higher age where required by local law) has provided personal information directly to us, we will take steps to delete such information promptly.

14. Non-clinical nature of the Services

BrightParent does not collect, process, or store personal information for the purpose of providing medical, psychological, or therapeutic services. All data handling is directed toward non-clinical, educational parenting support and the operation, security, and improvement of the app.

15. Automated decision-making

BrightParent uses AI to generate scripts and suggestions based on your inputs and preferences. These Outputs are meant to support your decision-making as a parent; they do not make binding decisions about you or your child.

We do not use automated decision-making to produce legal, financial, or clinical decisions about you, and we do not make decisions that have legal or similarly significant effects solely based on automated processing.

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time as our practices, the Services, or legal requirements evolve. The “Last updated” date at the top indicates when the Policy was last revised.

If we make significant changes, we may notify you via email, in-app notice, or a prominent notice on our website, where required by law. Your continued use of the Services after changes take effect means you accept the updated Policy.

17. Contact us

If you have questions, concerns, or requests relating to this Privacy Policy or our handling of personal information, please use our Contact page.