This Privacy Policy (“Policy”) governs the collection, use, storage, disclosure, transfer, retention, and protection of personal information collected, processed, or maintained by Bright Solar Inc (“Bright,” “we,” “our,” or “us”), a Texas corporation, in connection with the provision of solar energy, roofing, water filtration, and related services, including inspections, installations, maintenance, financing, and warranties.

Bright operates with zero tolerance for confusion or misinterpretation regarding privacy. If you provide information, you are legally and contractually consenting to our collection, processing, and use of that data exactly as described herein.

This Policy applies to all individuals interacting with Bright via websites, applications, forms, email, text, phone, in-person submissions, or any other channel. Ignorance of this Policy is not a defense.

Bright Solar Inc adheres strictly to:

• Texas Data Privacy and Security Act (TDPSA), Tex. Bus. & Com. Code § 541 et seq.

• California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)

• Gramm-Leach-Bliley Act (GLBA), 15 U.S.C. § 6801 et seq.

• Telephone Consumer Protection Act (TCPA), 47 U.S.C. § 227

• CAN-SPAM Act, 15 U.S.C. §§ 7701–7713

• Federal Trade Commission Act (FTCA), 15 U.S.C. § 41 et seq.

• Electronic Communications Privacy Act (ECPA), 18 U.S.C. §§ 2510–2522

• Other applicable federal, state, and local statutes and regulations governing data protection, cybersecurity, and communications.

If you cannot handle this Policy, do not interact with Bright. Continuing engagement constitutes full acknowledgment and consent.

Personal Information: Identifying information, including name, address, email, phone, financial accounts, social security numbers, IP addresses, device identifiers, geolocation, and project documentation.

Sensitive Personal Data: Financial, government-issued identifiers, biometric, or health-related information.

Consumer: Anyone interacting with Bright.

Controller: Bright Solar Inc, which determines how and why your data is processed.

Opt-In: Explicit affirmative consent. Affiliate: Bright-owned entities assisting in service delivery. Data never leaves Bright’s control. Processing: Any operation on personal data — collection, storage, use, disclosure, combination, destruction. Project Data: Media, photos, videos, IP logs, and documentation from inspections, installations, and maintenance. Communication Methods: Phone, SMS, email, postal mail, and other messaging channels. Do Not Call (DNC): Federal or state registry status. Opt-in waives DNC for Bright communications. Fraud Mitigation Measures: IP tracking, geolocation, device fingerprinting, and other anti-hacking mechanisms.

Bright collects information relentlessly, deliberately, and lawfully via: Voluntary Submissions: Forms, email, calls, texts, in-person submissions, and chat interfaces. Project Documentation: Photos, videos, and media from inspections and installations. Financing Information: Internal and external financing data, including SSNs, income verification, financial accounts, and credit info. Technical Data: IP addresses, device identifiers, geolocation, browser/OS information for security, fraud prevention, and operational control. Communication Metadata: Logs of emails, calls, texts, including timestamps and content when permissible. Cookies & Tracking Pixels: Used strictly for fraud prevention and operational efficiency — never for external marketing.

Bright uses collected information only to: Respond to inquiries and schedule inspections, installations, or maintenance. Provide quotes, estimates, and project details. Process financing internally or via authorized partners. Deliver installation, warranty, and maintenance services. Send project updates, invoices, and reminders. Enhance operational efficiency, cybersecurity, and fraud mitigation. Comply with legal and regulatory obligations. Attempting to repurpose this data for other purposes without written authorization from Bright is strictly prohibited.

Bright does not share, sell, trade, or exchange personal information externally. Internally, data may be accessed by Bright affiliates solely to execute and manage your project, including financing, installation, and warranty coordination. Misrepresentation of this policy will be met with legal action.

Bright does not sell personal information. Any claim that we do will be treated as frivolous and actionable.

By opting in, you waive your DNC status for communications regarding Bright services. All communications are based on affirmative opt-in consent. Do not presume you can object retroactively if you initiated contact or consented.

Bright Solar Inc will aggressively defend itself against any baseless TCPA, CAN-SPAM, or similar claims: Counterclaims & Damages: We will sue for every recoverable dollar, including attorneys’ fees and costs. Equitable Relief: Injunctions, declaratory relief, and other measures will be pursued to stop frivolous litigation. Legal Fees & Expenses: All costs defending meritless claims will be sought from the claimant. Maximum Statutory Remedies: We will pursue all remedies allowed by federal and state law, including unjust enrichment and abuse-of-process claims. Good-Faith Defense: We rely on documented opt-in consent and safe-harbor provisions; challenging lawful communications will provoke full response. Do not test this clause.

Texas residents have rights under TDPSA. Do not assume these are optional. You may: Access and obtain your data. Correct inaccuracies. Request deletion. Demand portability. Opt-out of sale or sharing (Bright does not sell or share data — so spare us). All requests must be submitted in writing ONLY to: Email: support@gobrightsolar.com

Mail: Bright Solar Inc, 400 E Las Colinas Blvd, Fourth Floor, Suite 30, Irving, TX 75039 Bright will respond within 45 days. No excuses, no delays, no exceptions. Abusive, frivolous, or repeated submissions will be ignored or met with full legal response.

Bright maintains robust security measures: Encryption, secure servers, IP monitoring, and fraud mitigation. Data is retained only as necessary for services, warranties, or legal compliance. Expired data is securely deleted or anonymized. Attempting unauthorized access will be treated as a criminal offense.

Limited cookies/tracking pixels for fraud prevention. No external marketing tracking. Disabling cookies may limit site functionality.

Governed exclusively by Texas law. Disputes must first be negotiated; if unresolved, binding arbitration in Texas applies. Bright reserves all rights to seek remedies to the fullest extent of the law.

Bright complies with: TDPSA (Tex. Bus. & Com. Code § 541 et seq.) CCPA / CPRA GLBA TCPA (47 U.S.C. § 227) CAN-SPAM (15 U.S.C. §§ 7701–7713) FTCA (15 U.S.C. § 41 et seq.) ECPA (18 U.S.C. §§ 2510–2522) All applicable federal, state, and local privacy, cybersecurity, and communications laws

Bright Solar Inc does not and will not cold call. All communications are initiated only after explicit opt-in consent via forms, phone inquiry, email, or authorized request. Any contrary claims are baseless and actionable.