Last updated: January 1, 2025
Bright Harbor, Inc. ("Bright Harbor," "we," "our," or "us") operates the website at brightharbor.us and provides disaster recovery support and insurance navigation services (collectively, the "Services"). This Privacy Policy describes how we collect, use, disclose, and protect information about you when you use our Services, visit our website, or communicate with us. It also describes your rights regarding your personal information and how to exercise them.
By using our Services or website, you agree to the collection and use of information as described in this Privacy Policy. If you do not agree with this policy, please do not use our Services. We may update this policy from time to time, and we will notify you of material changes by updating the "Last updated" date at the top of this page and, where appropriate, through direct communication.
Bright Harbor is a disaster recovery technology company headquartered in Denver, Colorado, USA. We help homeowners and families navigate insurance claims, access government assistance programs, and coordinate the rebuild process following natural disasters including wildfires, floods, hurricanes, and earthquakes.
For questions about this Privacy Policy or our data practices, please contact us at: help@brightharbor.us or by mail at Bright Harbor, Inc., Denver, CO, USA.
We collect information you provide to us directly, information we collect automatically when you use our Services, and information we may receive from third parties. The specific types depend on how you interact with us.
Account and registration information: When you create an account or request services, we collect your full name, email address, mailing address, phone number, and account credentials (hashed password).
Disaster and property information: To provide our recovery services, we collect information about your property (address, ownership status, mortgage details), the nature and date of the disaster affecting your property, your insurance policy details (carrier name, policy number, coverage limits, deductibles), and your claims history.
Financial information: We collect billing information including credit card numbers (processed through PCI-compliant third-party payment processors — we do not store raw card data), billing address, and subscription plan details. If you apply for government assistance programs through us, we may collect income information, tax identification numbers, and other financial details required by those programs.
Communications: When you contact us by email, phone, or through our platform, we collect the content of those communications, your contact information, and any attachments or documents you send.
Uploaded documents: In the course of case management, you may upload insurance policies, settlement offers, contractor bids, photographs of damage, receipts, and government correspondence. We collect and store these documents on your behalf to support your recovery case.
Usage data: We automatically collect information about your interactions with our website and platform, including pages visited, features used, time spent on pages, links clicked, and the order in which you navigate through the platform.
Device and connection information: We collect your IP address, browser type and version, operating system, device type, screen resolution, referring URLs, and approximate geographic location derived from IP address.
Cookies and tracking technologies: We use cookies, web beacons, and similar technologies to recognize your browser, maintain your session, remember your preferences, and analyze site usage. See Section 8 for full details and your opt-out options.
We may receive information about you from third parties including: your insurance carrier (with your authorization), government agencies in connection with program applications you authorize us to make on your behalf, payment processors, and analytics providers. We combine this information with data we collect directly.
Service delivery: We use your information to provide, maintain, and improve our recovery advocacy and case management services; to communicate with insurance carriers, government agencies, and contractors on your behalf; and to track deadlines, documentation requirements, and case progress.
Account management: We use your information to create and maintain your account, process payments, send service-related notifications, and provide customer support.
Product development: We use aggregated, de-identified usage data to analyze how our platform is used, identify areas for improvement, and develop new features. This analysis does not involve your personal case details in identifiable form.
Safety and compliance: We use your information to verify identity, prevent fraud, comply with legal obligations, respond to legal process, and protect the rights and safety of Bright Harbor, our clients, and others.
Communications: With your consent, we may send you service updates, educational content about disaster recovery and insurance, and information about new features or programs relevant to your recovery. You may opt out of non-essential communications at any time.
We do not sell your personal information to third parties. We do not share your personal information with third parties for their own marketing purposes. We share your information only in the following circumstances:
On your behalf: When you engage us as your recovery advocate, we communicate your information to your insurance carrier, government agencies (FEMA, SBA, state programs), contractors, and other parties as necessary to provide our services. You authorize these disclosures by accepting our Terms of Service.
Service providers: We share information with vendors who provide services on our behalf, including cloud storage (Amazon Web Services), payment processing (Stripe), customer communication tools (Intercom), and analytics (Google Analytics). These providers are contractually required to process data only for the purposes we specify and to maintain appropriate security standards.
Legal requirements: We may disclose your information if required to do so by law, court order, or other governmental authority; or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Bright Harbor, our clients, or others.
Business transfers: If Bright Harbor is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your personal information becomes subject to a different privacy policy.
We retain your personal information for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods:
Active client files: Retained for the duration of your case plus 7 years after case closure. This retention period supports your ability to appeal insurance decisions or reopen government assistance applications within statutory limitation periods.
Account information: Retained for the duration of your account plus 3 years after account closure.
Payment records: Retained for 7 years to comply with tax and financial record-keeping requirements.
Website analytics data: Aggregated analytics data is retained indefinitely. IP-level data is anonymized after 26 months. Cookie data is governed by the retention periods described in our Cookie Policy.
Bright Harbor takes the security of your data seriously, particularly given that we handle sensitive insurance and financial information during one of the most vulnerable periods in our clients' lives. Our security measures include:
Encryption of all data in transit using TLS 1.2 or higher. Encryption of sensitive data at rest using AES-256. Access controls limiting employee access to client data on a need-to-know basis with logging of all access. Regular security assessments and vulnerability testing. Multi-factor authentication requirements for employee accounts with access to client data.
No security system is impenetrable. If you believe your account has been compromised, contact us immediately at help@brightharbor.us. In the event of a data breach affecting your personal information, we will notify you as required by applicable state breach notification laws.
California residents have rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), including: the right to know what personal information we collect and how we use it; the right to request deletion of your personal information; the right to opt out of the sale or sharing of personal information (we do not sell personal information); the right to correct inaccurate personal information; and the right to non-discrimination for exercising your privacy rights.
To submit a California privacy rights request, email help@brightharbor.us with "CCPA Request" in the subject line. We will respond within 45 days. We may need to verify your identity before processing your request.
European Union and UK residents have rights under the General Data Protection Regulation (GDPR) and UK GDPR, including: the right to access your personal data; the right to rectification of inaccurate data; the right to erasure ("right to be forgotten") in certain circumstances; the right to restrict processing; the right to data portability; and the right to object to processing based on legitimate interests.
Our legal basis for processing personal information includes: performance of a contract (when providing our Services), compliance with legal obligations, and legitimate interests (for analytics, fraud prevention, and product improvement). To exercise GDPR rights, contact help@brightharbor.us. EU residents have the right to lodge a complaint with their national data protection authority.
We use cookies and similar tracking technologies on our website. Essential cookies are required for the site to function and cannot be disabled. Analytics cookies (Google Analytics) help us understand how visitors use our site — these are optional and can be declined through our cookie banner. Functional cookies remember your preferences and settings.
Our Cookie Policy at brightharbor.us/legal/cookies.html provides complete details about each cookie we use, its purpose, and its retention period. You can manage cookie preferences through our banner or through your browser settings. Note that disabling essential cookies may affect site functionality.
Our Services may contain links to third-party websites, and we integrate with third-party services in the course of providing recovery support. These include DisasterAssistance.gov (FEMA), SBA.gov disaster loan portal, state emergency management agency portals, and licensed contractor directories. We are not responsible for the privacy practices of these third parties, and their collection of information is governed by their own privacy policies.
Our third-party service providers relevant to data processing include: Amazon Web Services (cloud infrastructure), Stripe (payment processing), Google Analytics (website analytics), and Intercom (customer messaging). Each is a reputable provider with published security and privacy standards, and our contracts with them restrict data use to the purposes described in this policy.
Our Services are not directed to individuals under 18 years of age, and we do not knowingly collect personal information from children under 13. If we learn that we have inadvertently collected personal information from a child under 13, we will delete it promptly. If you believe we have collected information from a child under 13, please contact us at help@brightharbor.us.
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or our Services. We will update the "Last updated" date at the top of this page. For material changes — those that significantly affect how we use your personal information — we will provide advance notice by email (for registered users) or by posting a prominent notice on our website. Your continued use of the Services after the effective date of a material change constitutes acceptance of the updated policy.
For questions about this Privacy Policy, to submit a data rights request, or to report a privacy concern, contact us at:
Bright Harbor, Inc.
Denver, CO, USA
Email: help@brightharbor.us