Security posture
Big Brain Labs keeps the security model simple: collect less, store less, and make local-first tools work without unnecessary accounts or cloud storage.
How we reduce risk
- Local-first by default: most classroom data stays in the teacher's browser storage.
- No student accounts by default: students should not need email addresses or passwords for normal classroom activities.
- HTTPS hosting: public sites and app pages are served over encrypted connections.
- Limited service providers: when cloud features are used, they are listed in the Privacy Policy.
- No behavioral advertising: Big Brain Labs does not use ad networks or sell student data.
Teacher responsibilities
Because many tools store classroom data on the device, teachers and schools should use passcode-protected devices, avoid shared unmanaged browsers, and clear local classroom data when a device is reassigned or the school year ends.
Reporting a security issue
If you believe you found a vulnerability, email support@bigbrainlabs.org. Please include the page or app name, what you observed, and steps to reproduce it. Do not include real student data in security reports.
District review
Schools that need vendor paperwork, a DPA, or a state-specific privacy review can start with Districts & Compliance.