Legal

Privacy Policy

Last updated 2026-07-15. This policy is designed to align with the principles of the EU GDPR and Japan's APPI.

This policy explains how BRIDGE BRIGHT PTE. LTD. (UEN 202626245Z, registered at 68 Circular Road, #02-01, Singapore 049422) — the data controller — handles personal data in connection with the Chidori service. As a Singapore company, we are also subject to Singapore's Personal Data Protection Act (PDPA).

1. What we collect. The website URL / domain you submit for diagnosis; your email address; diagnosis and report data; and basic usage and security logs (including IP address, device / browser type, and pages viewed). We do not receive or store your full card number — payment details are entered directly with our payment provider.
2. Why we use it (purposes & basis). To provide the Service — run diagnoses, generate and send reports, operate your subscription (basis: performance of our contract); to send lifecycle and marketing emails (basis: your consent, which you can withdraw at any time); and to improve, secure and troubleshoot the Service (basis: our legitimate interests). We do not use your diagnosis or report content to train third-party AI models.
3. Recipients. Stripe acts as merchant of record for your payment and is an independent controller for payment, tax and chargeback data under its own privacy terms. Our processors — who act on our instructions — are Resend (email delivery) and Cloudflare (hosting & storage). We do not sell your personal data or share it for others' marketing. We may also disclose data where required by law or in connection with a corporate transaction (see the Terms).
4. International transfers. Your data is processed in Singapore (our operations) and may be processed by our providers in other countries, including the United States. For users in the EU / UK, we rely on the EU-US / UK Data Privacy Framework where the recipient is certified, and otherwise on Standard Contractual Clauses (a copy is available on request). For our own Singapore processing we apply SCCs or equivalent safeguards. For users in Japan, we obtain your consent to cross-border transfer where required; information on each destination country and the recipients' protective measures is available on request.
5. Retention. While your subscription is active, your account and reports are retained. For inactive accounts, diagnosis / report data is deleted approximately 180 days after your last activity. Usage and security logs are retained for up to 12 months. Billing, tax and other records we are legally required to keep are retained for the periods the law requires.
6. Your rights. Subject to applicable law, you may request access to, correction of, deletion of, or a portable copy of your personal data, object to or restrict certain processing, and withdraw consent. To exercise any of these, email us below; every marketing email also carries an unsubscribe link. You also have the right to lodge a complaint with your data-protection authority — in the EU / EEA, your national supervisory authority; in Japan, the Personal Information Protection Commission (PPC); in Singapore, the PDPC.
7. Cookies. We use only cookies that are strictly necessary for the site, security, and checkout to function. Our payment and security providers (Stripe, Cloudflare) may set their own strictly-necessary cookies, some of which are also used for cross-site fraud prevention. We set no advertising cookies.
8. Security & breaches. We use reputable infrastructure providers and reasonable technical and organisational measures to protect your data. No method of transmission or storage is perfectly secure. If a breach affecting your personal data occurs, we will notify affected users and the relevant authority as required by law.
9. Automated decisions & children. Our diagnosis analyses your website, not you as an individual; we do not make automated decisions that produce legal or similarly significant effects about you. The Service is not directed to children under 16 and we do not knowingly collect their data.
10. Changes. We will post updates here with a new "last updated" date and notify you of material changes where appropriate.
11. Contact. Privacy questions or requests: [email protected]. Our data-protection contact and, where applicable, EU / UK representative can be reached at the same address. Customers in Japan may also refer to our Japanese-language disclosures on the 特定商取引法に基づく表記 page.
Free AI check