Software for serious operators

Clearer systems for industries that cannot afford guesswork.

Brightvale is a parent company building and operating focused B2B software for regulated operations, data-intensive teams, and organizations past the spreadsheet stage. Founded in 2019, we ship narrow products with enterprise-grade security, documentation, and support.

Request a conversationHow we work
SOC 2 audit in progressGDPR DPA availableUS-based infrastructure
12+Operating product units
140+Engineers & operators
99.95%Platform uptime (12 mo.)
24/7Incident response

Built for operators in

Healthcare operationsFinancial servicesCritical infrastructureLogistics & supply chainProfessional servicesPublic sector programs

Industries we serve

We partner with teams where reliability, auditability, and compliance are part of daily operations — not a slide in a sales deck.

Healthcare operations

Revenue cycle, prior auth, and clinical operations tooling with audit-ready workflows.

  • HIPAA-aligned infrastructure and BAAs for covered components
  • Role-based access with break-glass procedures
  • Integration patterns for HL7/FHIR and major EHR vendors

Financial services

Controls-friendly software for lending ops, treasury workflows, and compliance teams.

  • Immutable activity logs and exportable evidence packs
  • Segregation of duties in approval chains
  • Encryption in transit and at rest (AES-256)

Infrastructure & utilities

Field coordination and asset health systems for teams managing physical networks.

  • Offline-tolerant mobile workflows
  • Geographic redundancy and disaster recovery runbooks
  • Change management with rollback checkpoints

Logistics & supply chain

Exception handling and carrier coordination without spreadsheet sprawl.

  • SLA-oriented alerting and escalation paths
  • API-first integrations with TMS/WMS platforms
  • Per-tenant data isolation on multi-tenant products

Professional services

Delivery operations, utilization, and client reporting for complex B2B engagements.

  • Workspace-level permissions and customer data boundaries
  • Export controls for client deliverables
  • SOC 2–aligned control environment (parent + products)

Public & regulated programs

Procurement-ready documentation and support for government-adjacent operators.

  • US data residency options for eligible workloads
  • Documented subprocessors and DPAs
  • Dedicated compliance liaison for enterprise accounts

What we deliver

Brightvale operates a portfolio of independent products — each with its own subdomain, terms, and support channel.

Operational clarity

Replace tribal knowledge with systems that show ownership, status, and next actions across teams.

Evidence by default

Every meaningful change leaves a trace — who did what, when, and under which policy version.

Narrow product surfaces

We ship focused tools instead of suites. Each product has its own roadmap, terms, and support channel.

Human escalation paths

Automation where it is safe; staffed support when judgment, context, or regulatory nuance is required.

How we work

Enterprise procurement and security review from day one — not bolted on after a pilot.

  1. 01

    Discovery & risk framing

    We map workflows, regulatory constraints, and failure modes before writing production code.

  2. 02

    Evidence-led build

    Product decisions reference customer evidence, not trend decks. Scope stays intentionally small.

  3. 03

    Controlled rollout

    Staged launches with feature flags, observability, and rollback plans — especially for regulated users.

  4. 04

    Operate & measure

    Uptime, support SLAs, and usage telemetry inform what we improve next — with customer-visible changelogs.

  5. 05

    Govern & renew

    Annual reviews, access certifications, and subprocessors list updates keep enterprise buyers current.

Security & compliance

Policies, subprocessors, and security documentation — no chasing PDFs over email.

Security overviewCompliance
SOC 2 Type IIAudit in progress (2026)
ISO 27001Control framework aligned
GDPRDPA available on request
HIPAABAA for eligible products

Accessing your product

No public catalog on this site. Use the subdomain from your administrator — e.g. yourproduct.brightvale.co.

Support: support@brightvale.co

Leadership

Operators and builders across engineering, legal, and customer operations.

EM

Elena Marchetti

Chief Executive Officer

Former operator at two healthcare infrastructure companies. Focused on disciplined product portfolios and enterprise trust.

JO

James Okonkwo

Chief Technology Officer

Led platform engineering at a global payments processor. Owns security architecture, reliability, and engineering standards.

PN

Priya Nandakumar

General Counsel & Chief Compliance Officer

Counsel to B2B SaaS and regulated data processors. Oversees privacy program, contracts, and vendor risk.

ML

Marcus Lindqvist

Chief Operating Officer

Built customer operations for high-touch enterprise SaaS. Runs support, implementations, and customer success.

About Brightvale · Careers

Global presence

Boston, MACorporate headquarters
New York, NYFinancial services practice
Chicago, ILHealthcare & operations
Remote (US & EU)Engineering & customer success

Frequently asked questions

Is Brightvale a single product or a portfolio?
Brightvale is the parent company. Each product is operated on its own subdomain with dedicated terms, support, and data boundaries. You reach products via the address your organization was given — not a public catalog on this site.
Where is customer data stored?
Production workloads run on US-based infrastructure by default. EU residency and additional contractual terms are available for eligible enterprise agreements. See our Privacy Policy and Subprocessors list for detail.
How do I request a Data Processing Agreement (DPA)?
Email compliance@brightvale.co with your entity name, product subdomain, and security questionnaire if applicable. We typically respond within five business days.
Do you offer a security questionnaire or SOC 2 report?
Yes. Enterprise prospects can request our security packet under NDA, including control narrative and penetration test summary. SOC 2 Type II audit is in progress for the parent platform.
How do I report a security vulnerability?
See our Security page for coordinated disclosure guidelines. We acknowledge valid reports within two business days and do not pursue legal action for good-faith research.
What support SLAs are available?
Standard business-hours support is included with all contracts. Premium tiers add 24/7 paging, named technical account managers, and quarterly business reviews — scoped per product.
Can we restrict subprocessors?
Enterprise customers may request subprocessor notification and objection rights where contractually supported. The current list is published and updated with 30-day notice.
Who do I contact for billing or procurement?
Email sales@brightvale.co for order forms, W-9, and vendor onboarding. For existing customers, include your subdomain and account ID in the subject line.

Ready to speak with our team?

Enterprise sales, compliance, and partnerships — response within two business days.

Contact BrightvaleRequest DPA