California Consumer Privacy Act (CCPA) Notice

Last updated February 2022

This notice (“Notice”) is provided pursuant to the California Consumer Privacy Act (“CCPA”). The CCPA applies only to California Residents. BrightFi LLC (“BrightFi”) values the privacy of your Personal Information and takes steps to keep information you provide to us safe and secure. This Notice describes how BrightFi collects, uses, and discloses Personal Information as defined by and subject to the CCPA. This Notice also describes consumer’s rights under the CCPA.

BrightFi is a financial technology company that operates the platform that manages transactional accounts that operate through its mobile app (“Mobile App”) and website (“Site.”) Bank accounts and banking services associated with your BrightFi account are provided by Webster Bank, N.A., member FDIC. BrightFi shares Personal Information with Webster Bank in the course of providing services to you.

Please refer to BrightFi’s U.S. Consumer Privacy Notice, which outlines how BrightFi collects, uses, and shares information governed by the Gramm-Leach Bliley Act. Please refer to Webster Bank's Privacy Notice, which outlines how Webster Bank collects, uses and shares information.


Personal Information is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly with a particular resident. It includes, but is not limited, information like your real name, alias, address, unique personal identifier, internet protocol address, email address, account name, social security number, driver’s license number, or similar identifiers. It also includes information like your bank account number or debit card number. Personal Information can also include internet activity information, including but not limited to browsing history, search history and information regarding a consumer’s interaction with a website, application or advertisement, but only to the extent such information is linked or linkable to a particular consumer or household.

The CCPA does not apply to information that we collect that is subject to The Gramm-Leach Bliley Act, the Fair Credit Reporting Act, Driver’s Privacy Protection act of 1994, and certain other state or federal privacy laws.


Categories of Personal Information we have collected during the past 12 months are listed below. Most of the information we have collected is done in the context of providing financial products or services and is subject to the Gramm-Leach Bliley Act, therefore not subject to the CCPA. The categories of Personal Information that we collect, use or disclose about a California resident will depend on our specific relationship or interaction with that individual.

Specific types of information we collect  
Identifiers (e.g., Real name, postal address, email address, online identifier, IP address, social security number, driver license or government ID number, or similar identifiers)
Name, postal address,  email address, IP address, social security number, state driver’s license or  other government- issued photo identification, and “selfie” (still and/or  live) of user.  
Personal information categories listed in California Customer Records statute (Cal. Civ. Code 798.80(e)) (such as Identifiers, financial information [e.g. bank account or debit card number], contact information [e.g. address, telephone number]).
Name, postal address, mobile telephone number, social security number, bank account number, debit card number.  
Commercial Information (e.g. records of personal property, products or services purchased, obtained or considered, or other purchasing or consuming histories or tendencies)
Information about past transactions or purchases
Internet or other similar network activity
Browsing history, search history, information on a consumer’s interaction with a website, application or advertisement
Geolocation Data
Device location
Audio, biometric information, electronic,  visual, thermal, olfactory or similar information
Call recordings, data extracted from photograph  or “selfie” used to confirm identity of customer/user

In the past 12 months, we have collected Personal Information in the categories listed above relating to California residents from the following sources:

        1. Information you provide to us when opening account through our Mobile App or Site.
        2. Information received from third parties that you have authorized or directed to share information with us.
        3. Information received from Site activity, Mobile App activity, or social media.
        4. Information received from internet search engines
        5. Publicly available records


We use the Personal Information we collect for the following purposes:

        1. Providing and maintaining our products (e.g., opening accounts, completing transactions, servicing accounts, providing customer service)
        2. For tailoring marketing and general marketing efforts
       3. Our everyday business operations (legal, audit, compliance, investigations, error resolution, etc.)
        4. Detecting fraud or illegal activity
        5. Detecting and responding to security incidents


BrightFi may disclose your Personal Information to a third party for a business purpose. Bightfi shares Personal Information with:

        1. Our affiliates
        2. Service providers
       3. Third parties with whom you authorize or direct us to share Personal Information
        4. Government entities and others with whom we are legally required to share information       

BrightFi does not sell your Personal Information or share it with non-affiliates for marketing purposes.


Right to know:

You have the right to request that we tell you what Personal Information has been collected about you over the past 12 months. Once we receive, confirm, and verify a consumer request we will disclose to you:

        1. Specific pieces of Personal Information we collected about you
        2. The categories of Personal Information we have collected about you
        3. The categories of sources from which the Personal Information is collected
        4. Categories of Personal Information about you that we have disclosed to third parties for a business purpose
        5. Categories of third parties to whom the Personal Information was disclosed for a business purpose, and
        6. Our business or commercial purpose for collecting and disclosing the Personal Information

Right to Deletion:

You have the right to request that Personal Information be deleted. Subject to exceptions set forth below, and other exceptions that may exist, on receipt of a verifiable request from you, we will:

        1. Delete your Personal Information from our records and
        2. Direct any service providers to delete your Personal Information from their records. Any information not required by law or business necessity can be requested to be deleted.

We may not delete Personal Information if it is necessary to:

        1. Provide the services requested by you or otherwise perform our obligations to you in connection with your account
        2. Detect or respond to security incidents, protect against malicious, deceptive, fraudulent or illegal activity; or prosecute those responsible for such activity
        3. Comply with a legal obligation
        4. Otherwise use your Personal Information, internally, in a lawful manner that is compatible with the context in which you provided the information

How to Request Information or Deletion:

You may request information, or request the deletion of information by calling us at 1.888.627.5407, or by sending an email to

We will take reasonable steps to verify your request. If we are unable to verify your request, we will not respond or share responsive information. We will respond within 45 days of receipt of a verifiable request, though if reasonably necessary we may extend that period for an additional 45 days one time.  

We may not honor your request where an exception applies, such as where the disclosure of Personal Information would adversely affect the rights and freedoms of another consumer or where the Personal Information we maintain about you is not subject to the CCPA as such information is exempted under the Gramm-Leach Bliley Act, the Fair Credit Reporting Act, Driver’s Privacy Protection Act of 1994, or other state or federal privacy laws.

We are not obligated to respond to a request for information as set forth above more than twice in a 12-month period from anyone consumer.

We will not provide social security numbers, driver’s license numbers or government issued identification numbers, financial account numbers, health care or medical identification numbers, account passwords or security questions and answers, or any specific pieces of information if the disclosure presents the possibility of unauthorized access that could result in identity theft or fraud or unreasonable risk to data or systems and network security.        


We will not discriminate against you because you exercised any of your rights under the CCPA. This means we will not, among other things:

        1. Deny goods or services to you;
        2. Charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
       3. Provide a different level or quality of goods or services to you; or
        4. Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

Please note that we may charge a different price or rate, or provide a different level or quality of services to you, if that difference is reasonably related to the value provided to us by your Personal Information.

BrightFi is currently pausing new account openings. If you have any questions, please reach out to the MyBrightFi customer support team by calling 1-888-627-5407.