Privacy Policy

Last updated:
June 14, 2026
Effective since:
May 14, 2026

A friendly summary

We care about your privacy and we wanted this page to feel like a real explanation, not a wall of legalese. Here's the short version.

We are Brightline, a design and strategy studio. When you visit brightline.solutions or get in touch with us through this site, we collect some information about you — your name and email when you fill in our contact form, basic analytics about how you used the site, and (if you book a call with us) the time you picked and any details you shared.

We use that information to reply to you, to understand which parts of our website are useful, and to run our small studio. We do not sell your data. We do not share it with anyone except the handful of trusted service providers we need to keep the site running, like Webflow (our website platform) and Google (analytics and calendar).

You have real rights over your information. You can ask us what we hold, ask us to correct it, ask us to delete it, and ask us to stop using it. We respect those rights wherever you live in the world.

If you have any questions, write to us at hello@brightline.solutions and we will get back to you within five business days.

The rest of this page is the full legal version. It is written as plainly as we could manage.

1. Who we are

This Privacy Policy describes how Brightline ("we," "us," or "our") collects, uses, and discloses information when you visit our website at brightline.solutions or interact with us in connection with the services we offer.

Data controller:

  • Trading name: Brightline
  • Registered name: Michaela Fodorová, operating as a sole trader (živnosť) under Slovak law
  • Place of business: Pekná 11/A, 900 28 Ivanka pri Dunaji
  • Business ID (IČO): 50161636
  • Registered in: Živnostenský register, Okresný úrad Senec, odbor živnostenského podnikania
  • Contact for privacy matters: hello@brightline.solutions

For the purposes of the EU General Data Protection Regulation (GDPR), the UK General Data Protection Regulation (UK GDPR), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), the Brazilian General Data Protection Law (LGPD), the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), the Australian Privacy Act 1988, and equivalent data protection laws in other jurisdictions, we are the data controller (or "business" under CCPA) of the personal information we collect through this website.

We are a small studio. We do not have a dedicated Data Protection Officer and we are not legally required to appoint one. The person responsible for privacy questions is reachable at hello@brightline.solutions.

2. What information we collect

We collect information in three ways: information you give us directly, information collected automatically when you use our site, and information we receive from third parties.

2.1 Information you give us directly

Contact form submissions. When you fill in the form on our /contact page, we collect:

  • Your name
  • Your email address
  • The contents of your message
  • Any other information you choose to include (project type, budget, timeline, your company name, etc.)

Booking a call. If you schedule a call with us through our embedded booking widget (currently Google Calendar appointment scheduling), we collect the time slot you selected, your name, your email, and any notes you shared with us when booking. The booking provider also processes this information directly — see Section 5 (Who we share information with).

Newsletter signups (if and when we offer one). Brightline does not currently operate an email newsletter. If we add one in the future, signing up will collect your email address and, optionally, your first name. We will only send you marketing emails after you have confirmed your subscription (double opt-in), and you will be able to unsubscribe at any time using the link in every message.

Project communications. If you become a client or are exploring a project with us, we may collect additional information through email, chat, video calls, project management tools, or shared documents. The handling of that information is governed by your project agreement with us, not by this Privacy Policy alone.

2.2 Information collected automatically

Technical information. When you load our website, our hosting platform (Webflow) and our analytics provider (Google Analytics 4) automatically receive certain information from your browser, including:

  • Your IP address (truncated/anonymized for analytics where supported)
  • The type of device, browser, and operating system you're using
  • The pages you viewed, the order you viewed them in, and how long you stayed
  • The site or link that referred you to us
  • General location information derived from your IP address (typically at country or city level)
  • Date and time of your visit

Cookies and similar technologies. Our website uses a small number of cookies and similar technologies. See Section 8 (Cookies) for the full list and your choices.

2.3 Information from third parties

We may receive information from partners, vendors, or referrers in limited circumstances — for example, if an existing client refers you to us by email, or if you find us through a directory listing that passes along your contact details. We will always tell you where we got your information when we first reach out.

3. Why we use your information

We only use your information for purposes we can clearly explain. These are the purposes and, where you are in the EU/EEA or UK, the legal bases under GDPR for each.

  • Replying to your contact form submission. We do this to respond to your enquiry and explore whether we can work together. Legal basis: legitimate interest under Article 6(1)(f), and steps prior to entering a contract under Article 6(1)(b).
  • Confirming and managing calls you book with us. We do this to keep the booking commitment and prepare for the conversation. Legal basis: steps prior to entering a contract under Article 6(1)(b).
  • Running analytics on website usage. We do this to understand which content is useful and to improve the site. Legal basis: consent under Article 6(1)(a). Analytics cookies only load after you accept them in our cookie banner.
  • Sending you marketing emails or newsletters, when applicable. We do this to share Brightline news, articles, and offers. Legal basis: consent under Article 6(1)(a). Opt-in only, easily revocable at any time.
  • Maintaining records of contracts, invoices, and project work. We do this to meet our legal obligations (accounting, tax) and to protect our legitimate interests. Legal basis: legal obligation under Article 6(1)(c) and legitimate interest under Article 6(1)(f).
  • Securing our website and preventing abuse. We do this to protect Brightline and our visitors from malicious activity. Legal basis: legitimate interest under Article 6(1)(f).

We will not use your information for any purpose that is materially different from what we describe here without first telling you, and where required, getting your consent.

4. We do not sell your personal information

Brightline does not sell your personal information. We do not rent, lease, or trade it.

We may use paid advertising platforms such as Google Ads, Meta Ads (Facebook and Instagram), or LinkedIn Ads to promote our services. When we do, those platforms may set their own cookies or pixels on our site to measure ad effectiveness or to enable retargeting. Under California law and similar US state laws, this can be classified as "sharing" personal information for cross-context behavioural advertising. We disclose this here transparently. Any such cookies or pixels will only load after you opt in through our cookie banner, and we will update this Privacy Policy to name the specific platforms in use before activating any campaign.

For visitors in California: we do not currently "sell" or "share" your personal information as those terms are defined by the CCPA/CPRA. If we begin to share your personal information for cross-context behavioural advertising in the future, we will add a clear "Do Not Sell or Share My Personal Information" control to our website, and we will honour all valid opt-outs including signals from the Global Privacy Control (GPC).

For visitors in other US states with similar laws (Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and others): if and when we engage in "targeted advertising" as defined by your state's law, you will have a clear right to opt out, which we will honour.

5. Who we share information with

We share your information only with a small set of trusted service providers who help us run our business. We do not share more information than they need, and we require each of them to handle your data securely and in compliance with applicable law.

Webflow Inc. (United States) — provides our website hosting, form submission processing, and basic site analytics. When you fill in our contact form, your submission is stored in Webflow's CMS before being emailed to us. Webflow's privacy policy: webflow.com/legal/privacy

Google LLC (United States) — provides Google Analytics 4 (website analytics) and Google Calendar appointment scheduling (booking calls). Google's privacy policy: policies.google.com/privacy

Usercentrics / Cybot (provider of Cookiebot) (European Union) — provides our cookie consent banner and stores a record of your consent choices, including a hashed key and your IP address used solely to document that consent was given. As an EU-based provider, this data stays within the EEA. Privacy information: cookiebot.com/en/privacy-policy.

Our email provider. Emails you send us and replies we send you are processed by our standard business email provider. We use industry-standard email services and do not retain your messages longer than necessary.

Email marketing provider. When we launch a newsletter, we will use a reputable email marketing platform (such as Mailchimp, Beehiiv, MailerLite, or ConvertKit) to manage subscriptions and deliver messages. We will update this Privacy Policy to identify the specific provider before sending any marketing emails.

Professional advisors. We may share information with our accountant, lawyer, or other professional advisors where strictly necessary and where they are bound by confidentiality obligations.

Authorities, if legally required. We may share information with law enforcement, courts, or regulators if we are required to do so by valid legal process, or if disclosure is necessary to protect our rights, safety, or property — or those of others.

Successors in interest. If Brightline is reorganised, merged, sold, or transfers some or all of its assets, your information may be transferred to the successor entity. We will let you know if this happens.

We do not transfer or disclose your personal information to any party for any other purpose without your consent or as otherwise described in this Privacy Policy.

6. International data transfers

We are based in Slovakia (EU). Some of our service providers, including Webflow and Google, are based in the United States and process data on servers outside the European Economic Area (EEA) and the United Kingdom.

When we transfer personal data from the EEA, UK, or Switzerland to a country that has not received an adequacy decision from the European Commission (or the UK Information Commissioner's Office for UK transfers), we rely on appropriate safeguards under Article 46 GDPR, including:

  • EU Standard Contractual Clauses (SCCs) as adopted by the European Commission, supplemented by additional technical and organisational measures where required following the Schrems II ruling
  • UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU SCCs for transfers originating in the UK
  • Participation in the EU–U.S. Data Privacy Framework, where the recipient is certified

For visitors in other jurisdictions with cross-border transfer rules (Brazil, Canada, Australia, Japan, Singapore, and others), we apply analogous safeguards consistent with those laws.

You can request a copy of the safeguards we use by writing to hello@brightline.solutions.

7. How long we keep your information

We keep your personal information only for as long as we need it for the purposes we describe in this Privacy Policy, or for as long as the law requires us to.

  • Contact form submissions where no project follows: up to 24 months from the date of your message, then deleted.
  • Contact form submissions where a project follows: held for the duration of the project plus 10 years, then deleted. The 10-year tail is required by Slovak commercial document retention rules.
  • Booked call records: up to 12 months from the date of the call.
  • Analytics data: the standard Google Analytics 4 retention period of 14 months, after which the data is aggregated and anonymised.
  • Newsletter subscriber data, when applicable: for as long as you remain subscribed, plus a short period after unsubscribe for compliance records.
  • Cookies: see Section 8 for the lifetime of each cookie category.
  • Invoices, contracts, and project deliverables: 10 years from the end of the financial year in which the work was completed, as required by Slovak tax and accounting law.

When we no longer need your information, we delete it or anonymise it so it can no longer be linked back to you.

8. Cookies and similar technologies

Cookies are small text files that websites store on your device. We use them sparingly and we explain each one in our cookie banner the first time you visit. You can change your cookie choices at any time using the "Cookie settings" link in our website footer. We use Cookiebot to manage these cookies and your consent, and you can see the full, always-current list of cookies on our Cookie Policy page.

Strictly necessary cookies. These keep the site working — for example, remembering your cookie preferences. They cannot be turned off because the site would not function without them. Lifetime: typically up to 12 months.

Analytics cookies. These tell us which pages people visit and how they move around the site. We use Google Analytics 4 for this purpose. Analytics cookies only load if you accept them in our cookie banner. Lifetime: up to 24 months.

Functional cookies. These remember choices you make on the site (such as your preferred language, when we support more than one). Lifetime: typically up to 12 months.

Marketing and advertising cookies. We do not currently load advertising or marketing cookies by default. In the future, we may use paid advertising platforms (such as Google Ads, Meta Ads, or LinkedIn Ads) to promote our services. If we do, the associated tracking pixels (Google Ads conversion tracking, Meta Pixel, LinkedIn Insight Tag, or equivalents) will be classified as Marketing in our cookie banner and will only load after you opt in to that category. You can change your choice at any time using the Cookie settings link in our footer.

UTM parameters and campaign tags. When we share links on social media, in emails, or in advertising, we sometimes add UTM parameters to the URLs (for example, ?utm_source=linkedin&utm_campaign=spring-launch). UTM parameters are not separate trackers. They are tags appended to URLs that our analytics platform (Google Analytics 4) reads to understand which channels are bringing visitors to the site. They do not set their own cookies and are covered by our Statistics cookie category.

Third-party embeds. If we embed third-party content on our site (such as a YouTube or Vimeo video, a calendar booking widget, or a social media post), that content may set its own cookies once loaded. Our cookie banner will block such embeds by default and load them only after you accept the relevant cookie category.

If you visit our site and have a "Do Not Track" or "Global Privacy Control" signal enabled in your browser, we treat that signal as a withdrawal of consent for analytics cookies, and we do not load them.

9. Your rights

You have rights over the personal information we hold about you. The specific rights you have depend on where you live, but the most common ones are described below. We honour all of them regardless of where you live, to the extent we can.

To exercise any of these rights, write to us at hello@brightline.solutions. We will respond within 30 days, or sooner where the applicable law requires it. We do not charge a fee for handling reasonable requests.

We may need to verify your identity before acting on a request. This is to protect your information from being released to someone other than you.

9.1 If you are in the European Economic Area, United Kingdom, or Switzerland (GDPR / UK GDPR)

  • Right of access — get a copy of the personal data we hold about you
  • Right to rectification — ask us to correct inaccurate or incomplete data
  • Right to erasure ("right to be forgotten") — ask us to delete your data, subject to certain exceptions
  • Right to restrict processing — ask us to stop processing your data while a question about it is resolved
  • Right to data portability — receive your data in a structured, machine-readable format and transmit it to another controller
  • Right to object — object to processing based on legitimate interests, or to direct marketing at any time
  • Right not to be subject to automated decisions — Brightline does not engage in automated decision-making or profiling that produces legal or similarly significant effects
  • Right to withdraw consent — where we rely on consent, you can withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal
  • Right to lodge a complaint with your local data protection authority. In Slovakia, that's the Úrad na ochranu osobných údajov Slovenskej republiky (dataprotection.gov.sk). In the UK, that's the Information Commissioner's Office (ico.org.uk)

9.2 If you are in California (CCPA / CPRA)

  • Right to know what categories and specific pieces of personal information we have collected, the sources, the purposes, and the categories of third parties we have shared it with
  • Right to delete the personal information we have collected from you, subject to certain exceptions
  • Right to correct inaccurate personal information
  • Right to opt out of sale or sharing of personal information — although as noted in Section 4, we do not sell or share your personal information
  • Right to limit use and disclosure of sensitive personal information — we do not use sensitive personal information for any purpose beyond what's necessary to provide our services
  • Right to non-discrimination — we will not discriminate against you for exercising any of these rights

You may make a verifiable consumer request twice in any 12-month period. You may also designate an authorised agent to make a request on your behalf, subject to identity verification.

9.3 If you are in another US state with a comprehensive privacy law

If you live in Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Tennessee, Indiana, or any other US state with a comprehensive consumer privacy law, you have rights similar to those described above for California, including the rights to access, correct, delete, and opt out of certain processing activities. To exercise your rights, contact us at hello@brightline.solutions.

9.4 If you are in Brazil (LGPD)

You have the rights of confirmation of processing, access, correction, anonymisation, portability, deletion, information about sharing, and revocation of consent, as set out in Article 18 of the Lei Geral de Proteção de Dados Pessoais.

9.5 If you are in Canada (PIPEDA)

You have the right to access the personal information we hold about you, to challenge its accuracy, and to withdraw consent for our use of it, subject to legal or contractual restrictions.

9.6 If you are in Australia

You have rights consistent with the Australian Privacy Principles, including access to your personal information, correction of inaccurate information, and the ability to make a complaint to the Office of the Australian Information Commissioner if you believe we have mishandled your information.

9.7 Other jurisdictions

If you live in a jurisdiction not specifically named above, you may still have privacy rights under your local law. Write to us at hello@brightline.solutions and we will respond consistent with the law that applies to you.

10. Children's privacy

Brightline's services are intended for businesses and the professionals who run them. We do not knowingly collect personal information from children under the age of 16 (or the equivalent minimum age under the law that applies to you).

If we learn that we have collected information from a child under 16 without verified parental consent, we will delete it as soon as we are aware. If you are a parent or guardian and you believe your child has shared information with us, please contact hello@brightline.solutions.

11. How we protect your information

We use commercially reasonable technical and organisational measures to protect your personal information. These include:

  • Encryption of data in transit (HTTPS / TLS) for everything that moves through our website
  • Encryption of data at rest, where supported by our service providers
  • Strong authentication and access controls on our internal accounts
  • Limiting access to personal information to people who need it to do their jobs
  • Regular review of our service providers and their security practices

No method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

If we ever experience a data breach that puts your information at risk, we will notify you and the relevant authorities consistent with applicable law, including within 72 hours where the GDPR applies.

12. Links to other sites

Our website may contain links to other sites that are not operated by us — for example, the websites of our clients, partners, articles we reference, or tools we recommend. We are not responsible for the content or privacy practices of those sites. We encourage you to read their privacy policies before sharing any personal information with them.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, in the services we use, or in the law. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or a prominent notice on our website.

We encourage you to review this page periodically to stay informed about how we protect your information.

14. How to contact us

If you have any questions about this Privacy Policy or about how we handle your information, we want to hear from you.

If you contact us about your privacy rights, please tell us:

  • Your full name and the email address you used when interacting with us
  • Which right you wish to exercise
  • Any other information that will help us identify your data

We will respond within 30 days. If we need more time, we will tell you and explain why.