Bright Kids


Bright Kids Privacy Policy

Thank you for your interest in our Bright Kids APP (hereinafter “APP”). The protection of your personal data during the collection, processing and use of our APP is an important concern for us.

Before using the APP, please read this Privacy Policy carefully. This Privacy Policy sits in line with Hong Kong`s Personal Data (Privacy) Ordinance (Cap. 486) (“PDPO”) and the General Data Protection Regulation (“GDPR”). Please direct any questions, comments, or concerns about privacy and how we handle your personal data directly to us.

About the APP

When designing the APP, we have made sure that no data that directly identifies you is collected. As however some countries including the Hong Kong and EU have a broad definition of personal data this policy covers it. In this sense we would need to first of all explore the definition of personal data.

Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, IP address, Device IP, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

The Controller

The responsible entity within the meaning of the PDPO and the GDPR is:

Sugar Computing Company

10F Si Toi Commercial Building

Sheung Wan

Hong Kong


Collection and processing of data

Only data that is required to fulfil the functionality of the APP will be collected. The data is only collected and processed for a specific purpose. To help you enjoying our APP, we collects some basic technical data as you use our APP, for example access logs, as well as information from third parties If you want additional info, we go into more detail below.

The only way for us to collect personal data that directly identifies you such as your name or email address is if you contact us. If you do the data, you provide will be stored so that your message can be answered. This is done in accordance with our legitimate interest. Your data provided will not be used for any other purposes.

Installation of our APP

Our APP can be downloaded from the APP stores to install our APP. Downloading our APP may require prior registration with the respective APP store and installation of the APP store software. As far as we are aware, Google collects and processes the following data;

  • License check,
  • network access,
  • network connection,
  • WLAN connections,
  • location information,

We cannot influence which personal data app store processes with your registration and the provision of downloads in the respective app store and app store software.

Device information

We collect information from and about the device(s) you use to access our APP, including hardware and software information such as IP address, device ID and type, device-specific and APP settings and properties, APP crashes, advertising IDs (AAID), information about your wireless and mobile network connection such as your service provider and signal strength; information about device sensors such as accelerometer, gyroscope and compass.

Third Party Services

What other information do we collect?

  • Registration Data. For your Registration we will need your mobile number. Legal basis: Necessary to perform our contract which is necessary to perform our contract with you to create your account and to provide the services.
  • Profile Data. If you want to share your Profile with others this includes any information you provide to other users or information about you provided by other users, including status posts. Legal basis: Necessary to perform our contract which is necessary to perform our contract with you to create your account and to provide the services.
  • Image Data. Our app uploads users Images information for our image sending/sharing feature to work.
  • Chat Data. Content of communication between you and another user or group of users. We do not store chat data permanently on our servers and it only passes through our servers so that it can be distributed to your intended recipients. Chat data is only stored on your device and the devices of the users you have sent messages to. Legal basis: Necessary to perform our contract which is necessary to perform our contract with you to create your account and to provide the services.
  • List of contacts Your on-device contact list. Necessary connect you with your friends and other users. Legal basis: Necessary to perform our contract which is necessary to perform our contract with you to create your account and to provide the services.
  • Location data. To facilitate your use of location-based services, e.g.: sharing your real-time location via chat, which relies on your GPS; Manually geotagging a location in status post; Location data used for all other purposes will be retained for a period of 3 months from the date of collection. Legal basis: Necessary to perform our contract which is necessary to perform our contract with you to create your account and to provide the services.

When you contact us

If you contact us, we will receive your email address and may store your IP address and the information you give us so that we can process your request. We store correspondence with you for up to 6 years after your account is deleted. This is done in accordance with our legitimate interest. Your data provided will not be used for any other purposes.

How we share information and data

We share some user information with service providers and partners who help us operate the Services, and in some cases with legal authorities.

We use third parties to help us operate and improve our services (see above). These third parties assist us with various tasks, including data hosting and maintenance, analytics, customer support and security measures.

We follow a rigorous vetting process before engaging a service provider or working with a partner. All our service providers and partners should commit to strict confidentiality.

We may transfer your data if we are involved in whole or in part in a merger, sale, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy or other change of ownership or control.

We may disclose your information if reasonably necessary: (i) to comply with a legal process, such as a court order, subpoena or search warrant, government/legal investigation or other legal requirement; (ii) to assist in the prevention or detection of crime (in each case, subject to applicable law); or (iii) to protect the safety of any person.

We may also disclose data: (i) if disclosure would reduce our liability in actual or threatened litigation; (ii) if necessary to protect our legal rights and the legal rights of our users, business partners or other interested parties; (iii) to enforce our agreements with you; and (iv) to investigate, prevent, or take other action regarding illegal activities, suspected fraud or other misconduct.

We may ask for your consent to share your information with third parties. In any such case, we will make clear why we want to share the information.


You can stop the collection of information by the APP by uninstalling it using the standard uninstall procedure for your device. When you uninstall the APP from your mobile device, the unique identifier associated with your device will still be stored. If you reinstall the APP on the same mobile device, we may again associate that identifier with your previous transactions and activities.

Contact Permissions


The Users Contacts are not uploaded to the server anytime. All contacts saved in the Users Device are one by one pinged to the server to check if the contact is already registered as a user. USER DEVICE CONTACTS ARE NEVER UPLOADED. It is only checked by fetching each user if registered in the database but never uploading the contact list.

Push messages

When using the APP, you will receive so-called push messages from us, even if you are not currently using the APP. These are messages that we send you as part of the performance of the contract, but also promotional information. You can adjust or stop receiving push messages at any time via the device settings of your device.

Storage period

Unless a more specific retention period is stated within this privacy policy, we will retain your personal data until the purpose for processing it no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, the data will be deleted once these reasons no longer apply.

Note on data transfer to the USA

Our main operations are based in Hong Kong and your personal information is generally processed, stored and used in global data centers of Google Firebase. Among other things, tools from companies based in the USA are integrated in our APP. If these tools are active, your personal data may be transferred to the US servers of the respective companies. We would like to point out that the USA is not a safe third country in the sense of Hong Kong/ EU data protection law. US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g., intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.

Data Breaches/Notification

Databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.

Authorizations and Access

We may request access or permission to the camera and gallery (camera permissions) of your device. The legal basis for data processing is our legitimate interest and the provision of contractual or pre-contractual measures. You can your permissions at any time via the Settings Menu.


In certain countries, including in the European Union, you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how we process information. The data protection authority you can lodge a complaint with notably may be that of your habitual residence, where you work or where we are established. We would, however, appreciate the chance to deal with your concerns before you approach any data protection authority, so please contact us in the first instance.

Your rights

Please contact us at any time with questions and suggestions regarding data protection and to enforce your rights as a data subject. These rights are standardized in the PDPO and GDPR. This includes:

  • The right to information,
  • The right to erasure,
  • The right to rectification,
  • The right to data portability (GDPR only),
  • The right to restriction of data processing,
  • The right to object to data processing.

To assert these rights, please contact us.

When you send a data subject access request

The legal basis for the processing of your personal data in the context of handling your data subject access request is our legal obligation and the legal basis for the subsequent documentation of the data subject access request is both our legitimate interest and our legal obligation.

The purpose of processing your personal data in the context of processing data when you send a data subject access request is to respond to your request. The subsequent documentation of the data subject access request serves to fulfil the legally required accountability.

Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the processing of a data subject access request, this is three years after the end of the respective process.

You have the possibility at any time to object to the processing of your personal data in the context of the processing of a data subject access request for the future. In this case, however, we will not be able to further process your request. The documentation of the legally compliant processing of the respective data subject access request is mandatory. Consequently, there is no possibility for you to object.

 Legal Bases for Processing

The processing of your personal data may be based on the following legal grounds:

  • consent serves as our legal basis for processing operations where we obtain your consent for a specific processing purpose.
  • contract, insofar as the processing of personal data is necessary for the performance of a contract, e.g., if you use our APP. The same applies to such processing operations that are necessary for the performance of pre-contractual measures, for example in the case of enquiries about our APP.
  • Legal obligation, insofar as we are subject to a legal obligation that requires the processing of personal data, such as for the fulfilment of tax obligations.
  • legitimate interest, applies on the basis of our legitimate interests, e.g., when using service providers as part of our APP. Our interest is directed towards the use of a user-friendly, appealing, and secure presentation as well as optimization of our APP, which serves our business interests as well as meeting your expectations.

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Automated decision-making

We do not use automated decision-making or profiling.

Do Not Sell My Personal Information

We do not sell information that directly identifies you.

Updating your information

If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so within your user account or contact us. For your protection and the protection of all of our users, we may ask you to provide proof of identity before we can answer the above requests.

Keep in mind, we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user. Also, we may not be able to accommodate certain requests to object to the processing of personal information, notably where such requests would not allow us to provide our service to you anymore.


This policy and our commitment to protecting the privacy of your personal data can result in changes to this policy. Please regularly review this policy to keep up to date with any changes.

Queries and Complaints

Any comments or queries on this policy should be directed to us. If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should notify us.