Student privacy is the foundation, not a feature.
BrainTrail is built for children, families, and schools. Here’s how we protect the data you trust us with — and the commitments we don’t compromise on.
Our commitments
What we will — and won’t — do
We never sell student data
Student personal information is never sold, rented, or used to build advertising profiles — full stop.
No ads shown to students
The student experience is ad-free by design. Learning is the product; children are never the product.
You stay in control
Schools and parents own their data and can review, export, or request deletion of a student’s information at any time.
Compliance
FERPA & COPPA, by design
- FERPA: When used by a school, we act as a “school official” with a legitimate educational interest, use records only as the school authorizes, and never re-disclose them except as directed or permitted by law.
- COPPA: For students under 13, we rely on school or verifiable parental consent, and collect only the information reasonably necessary for the learning activity.
- Data Privacy Agreements: Schools and districts that require a signed DPA can request one before rollout.
- Data minimization: We collect only what’s needed to run the learning experience — account, learning, rostering, and basic technical data.
How we protect data
Security practices
Encryption in transit & at rest
Data is protected with industry-standard encryption as it moves over the network and while stored.
Role-based access control
Access to student information is limited to the roles that need it — students, families, staff, and admins each see only what’s appropriate.
Vetted subprocessors
We work with a small set of service providers (such as cloud hosting and authentication) under contract, with access limited to what their function requires.
Retention & deletion
We retain learning data while an account is active or as the school directs, and delete or de-identify it on account closure or verified request.
Questions?
Talk to us about your requirements
Reviewing BrainTrail for a school or district and need a DPA, a security questionnaire completed, or details on our subprocessors and data handling? We’re happy to help. Reach our team at [email protected], and see our full Privacy Policy for the complete details.
This page summarizes BrainTrail’s current security and privacy practices for transparency. Where a school or district has executed a Data Privacy Agreement with us, that agreement governs.