Who We Are

BrightWaveSpark operates from our office at 233 Nguyễn Khuyến, Tân Lợi, Thành phố Buôn Ma Thuột, Đắk Lắk 630000, Vietnam. We provide blockchain security auditing and testing services to clients worldwide, with particular focus on the Southeast Asian market.

When we say "we," "us," or "our," we're talking about BrightWaveSpark. When we say "you," we mean anyone who visits our website, requests our services, or becomes our client.

Information We Collect

We only collect information that helps us provide better security audit services. Here's what that includes:

Information You Give Us Directly

• Contact details (name, email address, phone number) when you reach out to us
• Company information if you're representing an organization
• Technical details about your blockchain project when you request an audit
• Payment information when you become a client (processed securely through third-party providers)
• Communication records when we exchange emails or messages with you

Information We Collect Automatically

• Basic website usage data (pages visited, time spent, browser type)
• IP address and general location information
• Device information (mobile or desktop, operating system)
• Referral source (how you found our website)

How We Use Your Information

Everything we collect serves a specific purpose. We're not in the business of selling data or bombarding you with marketing.

Purpose	What We Use
Responding to inquiries	Your contact information and message content
Conducting security audits	Technical project details, communication records
Processing payments	Billing information (handled by secure payment processors)
Improving our website	Anonymous usage statistics
Legal compliance	Records required under Vietnamese law

We occasionally send updates about our services to existing clients, but you can opt out anytime. We respect your inbox.

Legal Basis for Processing (Vietnam Context)

Under Vietnamese data protection regulations, we process your information based on:

• Consent: You've agreed to share information with us when requesting services
• Contract Performance: We need your data to deliver the audit services you've hired us for
• Legal Obligation: Vietnamese law requires us to maintain certain business records
• Legitimate Interest: We have valid business reasons to process data (like improving our services) that don't override your privacy rights

Who We Share Information With

We're pretty protective of your data. We don't sell it, rent it, or trade it. But there are a few situations where we share information:

Service Providers We Trust

Sometimes we work with third parties who help us run our business. These might include:

• Email service providers (to send and receive communications)
• Payment processors (to handle transactions securely)
• Cloud storage providers (to store audit documentation)
• Technical infrastructure providers (hosting and security services)

All these providers are bound by strict confidentiality agreements. They can only use your data for the specific services we've hired them for.

Legal Requirements

We'll disclose information if required by Vietnamese law, court order, or government regulation. We'll notify you if this happens unless legally prohibited from doing so.

Business Transfers

If BrightWaveSpark is acquired or merges with another company, your information would transfer to the new entity. We'd notify you before this happens.

International Data Transfers

Our primary operations are in Vietnam, but we serve clients globally. This means your information might cross borders.

When we transfer data internationally, we take these steps:

• Use secure, encrypted transmission methods
• Work only with providers who meet international security standards
• Ensure contracts include data protection clauses
• Comply with both Vietnamese regulations and international best practices

If you're based in a region with specific data protection laws (like GDPR in Europe), we'll honor those requirements even though we operate from Vietnam.

How We Protect Your Information

Security is literally our business, so we take data protection seriously.

Technical Measures

• Encrypted data transmission (TLS/SSL certificates)
• Secure server infrastructure with regular security updates
• Access controls limiting who can see your information
• Regular security audits of our own systems (yes, we audit ourselves)
• Secure backup procedures with encryption

Organizational Measures

• Staff training on data protection and confidentiality
• Clear internal policies about data handling
• Limited access principle (team members only see data they need)
• Regular review of our privacy practices

That said, no system is completely invulnerable. We do everything reasonable to protect your data, but we can't guarantee absolute security. If we experience a data breach that affects your information, we'll notify you promptly and explain what happened.

How Long We Keep Your Information

We don't hoard data indefinitely. Here's our general approach:

Type of Information	Retention Period
General inquiries (non-clients)	2 years from last contact
Client project files and audit reports	5 years after project completion (Vietnamese business record requirements)
Payment and invoicing records	7 years (Vietnamese tax law requirement)
Website usage analytics	14 months maximum
Marketing communications	Until you unsubscribe or 3 years of inactivity

After these periods, we securely delete or anonymize your information. Some data might be kept longer if required by law or if there's an ongoing legal matter.

Your Rights and Choices

Your data belongs to you. Here's what you can do:

Access Your Information

You can request a copy of the personal information we hold about you. We'll provide this within 30 days, in a readable format.

Correct Inaccuracies

If information we have about you is wrong or outdated, let us know. We'll update it promptly.

Request Deletion

You can ask us to delete your personal information. We'll comply unless we have a legal obligation to keep it (like tax records) or need it for ongoing services you've requested.

Object to Processing

If you disagree with how we're using your information, you can object. We'll stop unless we have compelling legitimate grounds to continue.

Data Portability

For certain types of data, you can request a machine-readable copy to transfer to another service provider.

Withdraw Consent

If we're processing your data based on consent, you can withdraw that consent anytime. This won't affect processing that happened before you withdrew consent.

How to Exercise These Rights

Contact us at contact@brightwavespark.com with your request. We'll respond within 30 days. We might need to verify your identity before processing certain requests.

Children's Privacy

Our services aren't directed at children under 16. We don't knowingly collect information from minors. If you're a parent and believe your child has provided us with personal information, contact us and we'll delete it immediately.

Changes to This Policy

We update this policy occasionally to reflect changes in our practices or legal requirements. When we make significant changes, we'll notify you by:

• Posting the updated policy on our website with a new "Last Updated" date
• Sending an email to clients if the changes affect how we handle existing client data

We encourage you to review this policy periodically. Continuing to use our services after changes are posted means you accept the updated policy.

Third-Party Websites

Our website might link to other sites (like blockchain explorers or industry resources). This privacy policy only covers brightwavespark.com. We're not responsible for the privacy practices of other websites. Check their policies before sharing information.