Privacy policy
Last updated: 23rd September 2025
Bright Matter (Hug and Balance Ltd) (“we”, “us”, “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and share your information when you interact with us, including when you use our website, purchase our products, or subscribe to our services.
1. Who We Are
Bright Matter is operated by Hug and Balance Ltd, registered in England & Wales.
Data Controller: Hug and Balance Ltd
71–75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
Email: team@trybrightmatter.com
If you have any questions about this Privacy Policy or how your data is handled, please contact us.
Data Controller: Hug and Balance Ltd
71–75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
Email: team@trybrightmatter.com
If you have any questions about this Privacy Policy or how your data is handled, please contact us.
2. Personal Data We Collect
We may collect and process the following categories of personal data:
- Identity and contact details: name, email address, phone number, billing and shipping addresses.
- Account information: username, password, subscription details.
- Order and purchase history: details of products purchased, frequency, and payment method.
- Payment data: processed securely by our payment providers (e.g. Stripe). We do not store or have access to your full payment card details.
- Marketing and communication preferences: including interactions with our emails, ads, and website.
- Survey and feedback data: information you provide through surveys, reviews, or customer support.
- Technical data: IP address, browser type, device identifiers, cookies, and tracking technologies.
3. How We Use Your Personal Data
We use your data for the following purposes and legal bases under the UK GDPR:
- To perform a contract with you (Article 6(1)(b)):
- Process and deliver your orders.
- Manage your subscription and payments.
- Provide customer service.
- For our legitimate interests (Article 6(1)(f)):
- Improve and personalise our website, services, and communications.
- Run surveys, focus groups, and product feedback.
- Prevent fraud, monitor security, and protect our business.
- With your consent (Article 6(1)(a)):
- Send marketing communications (email, SMS, ads).
- Use cookies and similar technologies for analytics and advertising.
- You can withdraw your consent at any time.
- To comply with legal obligations (Article 6(1)(c)):
- Maintain business records.
- Comply with tax, accounting, and regulatory requirements.
4. Marketing & Cookies
- We may send you marketing if you have subscribed or purchased from us and have not opted out. You can unsubscribe anytime via the link in our emails.
- Our website uses cookies, pixels, and tracking technologies (e.g. Google Analytics, Meta Pixel, TikTok Pixel) to improve site performance and deliver relevant ads.
- You can manage or disable cookies in your browser settings. See our [Cookie Policy] for more detail.
5. How We Share Your Personal Data
We may share your data with:
- Service providers: e.g. payment processors (Stripe), fulfilment partners (ShipBob), email providers (Klaviyo), analytics and ad platforms.
- Professional advisers: e.g. lawyers, accountants, insurers.
- Authorities and regulators: where required by law.
- Business transfers: if we merge, sell, or reorganise our business.
We never sell your personal data to third parties.
6. International Transfers
Some of our service providers are located outside the UK/EEA (e.g. US-based). In such cases, we ensure adequate safeguards are in place (such as UK-approved Standard Contractual Clauses).
7. Data Retention
We keep your data only as long as necessary:
- Customer and account data: for as long as you are a customer, plus 6 years for tax/accounting purposes.
- Marketing data: until you withdraw consent or opt out.
- Technical/cookie data: in line with our Cookie Policy.
8. Your Rights
Under UK GDPR, you have the following rights:
- Access to your personal data.
- Rectification of incorrect or incomplete data.
- Erasure (“right to be forgotten”).
- Restriction of processing.
- Data portability.
- Object to processing (including direct marketing).
- Withdraw consent at any time.
To exercise these rights, contact us at team@trybrightmatter.com. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at www.ico.org.uk.
9. Security
We use appropriate technical and organisational measures to protect your data from loss, misuse, and unauthorised access.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or via our website.