Close
  • There are no suggestions because the search field is empty.
Get in Touch
Sign in

Privacy Policy

Last Updated: November 28, 2025

BrightOutcome Inc. ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our GEMINI™ platform ("Platform"), a digital behavioral health research platform designed to support research studies conducted by academic institutions, healthcare organizations, and research groups ("Research Entities").

1. Information We Collect

Study Participants

We collect the following information from participants enrolled in research studies using the Platform:

Account Information: Name, email address, username, password

Study Participation Data: Responses to assessments and questionnaires, course content interactions, completion status of learning activities, practice session data (written exercises, audio/video practice), journaling entries, community forum posts and interactions, check-in responses, group session participation

Demographics (Optional): When enabled by Research Entities for specific studies, we may collect demographic information such as age, gender, location, or other study-specific data points

Usage Data: Login timestamps, pages visited, time spent on content, feature usage patterns, device and browser information

Important Note: All Participant data is associated with and controlled by the Research Entity conducting the study in which you are participating. Your Research Entity determines what information is collected and how it is used in accordance with their research protocol and your informed consent.

Researchers and Institutional Users

For researchers and institutional users accessing GEMINI through a Master License and Service Agreement (MLSA):

Account Information: Name, email address, institutional affiliation

Usage Data: Information about how you use the Platform to design and manage studies

Note: Detailed terms for institutional users are governed by the MLSA executed between the Research Entity and BrightOutcome.

2. How We Collect Information

We collect information through:

Direct Input: Information you provide when creating your account, completing assessments, participating in course activities, posting in community forums, or responding to check-ins

Automated Collection: Usage data and technical information collected automatically when you access and use the Platform

Research Entity Configuration: Information configured by your Research Entity based on their study protocol and requirements

3. How We Use Information

Participant Data

We use participant information to:

  • Provide access to your assigned study curriculum and learning materials
  • Enable completion of assessments, questionnaires, and study activities
  • Facilitate group sessions and community forums (when enabled for your study)
  • Deliver automated scoring and feedback for assessments
  • Track your progress through the study curriculum
  • Enable your Research Entity to monitor study participation and collect research data
  • Enable your Research Entity to provide participant support (technical issues are reported to your Research Entity, who coordinates with us as needed)
  • Improve our Platform

Researcher Data

We use researcher information to:

  • Provide and maintain Platform access
  • Enable study design, participant management, and data collection
  • Provide technical support and training
  • Communicate about Platform updates and features
  • Improve our services

Research and Improvement

We may retain and use properly de-identified, aggregated data for internal research purposes to improve our services and advance digital behavioral health research. This research use helps us enhance the effectiveness of our Platform. No individual identification is possible from such aggregated data.

4. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share information in the following circumstances:

With Your Research Entity

Your study participation data is shared with the Research Entity conducting your study in accordance with the informed consent you provided. The Research Entity controls this data and determines how it is used for research purposes.

With Other Study Participants (When Applicable)

If your study includes group sessions or community forums, information you post or share in these features will be visible to other participants in your study group and to your Research Entity, as described in the Terms of Use.

Service Providers

We work with trusted third-party service providers who assist us in operating our Platform:

Lightedge (formerly Connectria): Cloud hosting services (US-based servers)

Video Hosting Services: YouTube, Vimeo, or Brightcove for embedded video content

Email Services: For sending notifications and reminders

These providers are contractually obligated to protect your information and use it only for the services they provide to us.

Legal Requirements

We may disclose information if required by law, legal process, or government request, or to protect the rights, property, or safety of BrightOutcome, our users, or others.

Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our Platform of any change in ownership or uses of your personal information.

5. HIPAA and Protected Health Information

When studies involve Protected Health Information (PHI) as defined by the Health Insurance Portability and Accountability Act (HIPAA), BrightOutcome and your Research Entity will protect your PHI in accordance with HIPAA regulations. A Business Associate Agreement will be in place as required by law.

Important: Do not post PHI in community forums or group sessions unless specifically required by your study protocol and you have provided all necessary consents. Your Research Entity is responsible for ensuring compliance with all applicable privacy laws and obtaining required consents for PHI collection.

6. Data Security

We implement industry-standard security measures to protect your information:

Encryption: AES-256 encryption for data at rest and in transit

Access Control: Role-based access control, secure authentication, auto-logout features, password strength requirements

Infrastructure Security: 24/7/365 secure hosting with intrusion prevention, antivirus protection, server integrity monitoring, managed security patches, and encrypted offsite backups

Compliance: Our hosting environment complies with HIPAA/HITECH, HITRUST, SOC 2 Type 2, PCI/DSS, ISO 27001, FISMA, and FERPA requirements

Regular Assessments: Annual third-party NIST CSF, HIPAA/HITECH, and FERPA risk assessments

Important Note: While we implement strong security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention and Study Completion

During Active Studies

Your data is retained for the duration of your participation in the research study and as long as your Research Entity maintains an active Platform license and chooses to retain the data.

After Study Completion or Withdrawal

When you complete a study or withdraw from participation:

  • Contact your Research Entity regarding data retention, as they control your study data
  • Research Entities typically have 30 days after their license expires to download study data in CSV format
  • After this period, we may retain de-identified, aggregated data for internal research purposes as described in Section 3
  • Individual-identifiable records are deleted in accordance with the Research Entity's data management plan and applicable regulations

8. Your Rights and Choices

For Participants

Since your data is collected as part of a research study, data access, correction, and deletion rights are primarily exercised through your Research Entity in accordance with:

  • The informed consent you provided
  • Applicable research ethics requirements
  • Data protection laws in your jurisdiction
  • Your Research Entity's data management policies

Accessing Your Data: You can view your own submissions and progress through the Platform while your study is active.

Correcting Your Data: Contact your Research Entity to request corrections to your personal information. Note that some research data may not be modifiable after submission to maintain study integrity.

Deleting Your Data: Contact your Research Entity to request deletion of your personal information. The Research Entity will handle your request in accordance with research ethics requirements and applicable laws.

Withdrawing from Study: You may withdraw from your research study at any time by contacting your Research Entity. Data retention after withdrawal will be handled according to your informed consent and applicable regulations.

For Researchers

Institutional users can access and export study data through the Platform's researcher portal. Contact us at gemini@brightoutcome.com for data access or deletion requests related to your institutional account.

9. International Users

Canadian Users (PIPEDA Compliance)

Canadian users have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA), including access to personal information and the ability to challenge the accuracy of data. Contact your Research Entity to exercise these rights.

Other International Users

Users outside the United States should be aware that information collected through our Platform may be transferred to and processed in the United States, where privacy laws may differ from those in your jurisdiction. By participating in a study using the Platform, you consent to this transfer as described in your informed consent documents.

10. Children's Privacy

Our Platform is not intended for individuals under 18 years of age unless the Research Entity has obtained appropriate institutional approval (such as IRB approval) for the research study and verified parental consent as required by applicable regulations. We do not knowingly collect personal information from children under 18 outside of such approved research contexts. If we become aware that we have collected personal information from a child under 18 without proper authorization, we will take steps to delete such information.

For participants under 18, a parent or legal guardian must create the account and provide consent as required by the research protocol and applicable laws.

11. Accessibility

We are committed to making our Platform accessible to individuals with disabilities. We use accessWidget from accessiBe to support Revised Section 508 standards and Web Content Accessibility Guidelines (WCAG) 2.1 Success Criteria (Levels A and AA).

12. Third-Party Links and Services

The Platform may contain links to third-party websites (such as video hosting platforms) or integrate with third-party services (such as teleconferencing tools). We are not responsible for the privacy practices or content of these third-party sites and services. We encourage you to read their privacy policies.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new Privacy Policy on the Platform and updating the "Last Updated" date. Your Research Entity will also be notified of material changes. Your continued use of the Platform after such changes constitutes acceptance of the updated Privacy Policy.

14. Contact Information

For Participants: If you have questions about your study data or privacy rights, please contact your Research Entity (the organization conducting your research study). They are best positioned to address your concerns about study participation and can contact us on your behalf if needed.

For Research Entities and Institutional Users: If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

BrightOutcome Inc.

Attention: Privacy Officer

1110 Lake Cook Road, Suite 167

Buffalo Grove, IL 60089

Email: gemini@brightoutcome.com

For technical support or general inquiries related to your research study, please contact your Research Entity directly. Your Research Entity will coordinate with BrightOutcome if technical platform assistance is needed.

Note: This Privacy Policy applies to the GEMINI Platform provided by BrightOutcome Inc. It does not apply to the BrightOutcome company website or other BrightOutcome products (such as ACS3 or SAGE LEAF), which have their own privacy policies.