Big Brain Labs does not sell student data, does not run ads, and does not use behavioral advertising. Most tools are local-first and do not require student accounts. Designed to support FERPA, COPPA, and NY Education Law §2-d compliance. Schools and districts should still review Big Brain Labs against their own local privacy, procurement, and legal requirements.
Quick summary for privacy reviewers
- Most of what we ship is local-only. Morning Lab, Centers Lab, SeatLab, Manipulatives Lab — student data lives in the teacher's browser storage, never on our servers.
- One narrow exception — Escape Classroom. To let students join a teacher's escape-room session by code, we store first name + game inventory in our database. Auto-deleted 30 days after the session ends. A "Test Mode" toggle keeps everything local if your district prohibits any cloud sync.
- No advertising, no analytics, no third-party tracking on any Big Brain Labs property.
- Adult-teacher product — accounts (when present) are for educators, not students. Students never enter email, phone, or other PII beyond a first name in Escape Classroom.
- Signed DPAs available on request. Email support@bigbrainlabs.org.
1. Company information
- Legal name
- Big Brain Labs LLC
- Entity type
- New York limited liability company
- Operator
- A working public-school teacher (sole proprietor of the LLC)
- Privacy contact
- support@bigbrainlabs.org · usually responds within 1 business day
- District inquiries
- School / District contact form
- Hosting
- Cloudflare Pages — United States data centers
2. Data flow per app
| App | What it stores | Where | Retention |
|---|---|---|---|
| Morning Lab | Roster names, calendar/weather settings, daily routines | Browser localStorage | Until teacher clears |
| Centers Lab | Roster names, optional student photos, center labels & rotations | Browser localStorage | Until teacher clears |
| SeatLab | Roster names, seating charts, room layouts, themes | Browser localStorage | Until teacher clears |
| Manipulatives Lab | Manipulative arrangements, drawings — no student data at all | Browser localStorage | Until teacher clears |
| Escape Classroom (cloud mode) | Room template (items, codes, lockboxes); per-student first name + inventory | Supabase (US region) | Auto-deleted 30 days after session ends |
| Escape Classroom (test mode) | Same data as cloud mode, but stored locally only | Browser localStorage | Until teacher clears |
| brb. (sister site) | Sign-out kiosk roster & photos | Browser localStorage (encrypted at rest) | Photos auto-delete after 30 days |
3. Sub-processors / vendors
Big Brain Labs uses these third-party services. Only Supabase ever receives any student data, and only the limited Escape Classroom session data described above:
| Vendor | Purpose | Receives student data? |
|---|---|---|
| Cloudflare | Hosting, content delivery, basic server logs | No |
| Supabase | Email signup storage; Escape Classroom session storage | Yes — Escape Classroom only (first name + inventory) |
| Google Fonts / jsDelivr CDN | Web font + JS library delivery | No |
4. Compliance posture
FERPA (Family Educational Rights and Privacy Act)
For local-only apps, Big Brain Labs does not access, store, or transmit education records. Records remain entirely within the school district's control on the educator's device. For Escape Classroom, the limited student data we process (first name + game inventory) is processed under the educator's direction as a "school official" with a "legitimate educational interest" under FERPA's school-official exception.
COPPA (Children's Online Privacy Protection Act)
Our apps are configured by adult teachers, not students. For local-only apps we do not engage in "operator collection" because no student data leaves the device. For Escape Classroom, where students enter a first name to join a session, we operate under the school-authorization model: the school or teacher provides COPPA consent in lieu of parents (Section 312.5(c)(6)). We collect only data reasonably necessary to provide the educational service.
New York Education Law §2-d
- Local data storage: For local-only apps, all student PII is stored exclusively on the educator's device.
- Minimal cloud collection: For Escape Classroom, we collect only first name and game inventory needed for the service, with automatic 30-day deletion.
- No sale or marketing use: We do not sell, share, or use student information for advertising.
- Parental rights: Requests by parents to inspect, correct, or delete student data are handled by the school or educator at the device level (local apps) or by emailing us directly (Escape Classroom).
Other state laws
The local-first architecture means our compliance posture is identical or simpler under California (SOPIPA, CCPA), Illinois (SOPPA), Connecticut, Colorado, Virginia, and most other state-level student-privacy laws. Email support@bigbrainlabs.org if your state has specific requirements you'd like us to address.
5. Security measures
- Transport: All traffic uses HTTPS / TLS 1.2+.
- Server-side data at rest: Encrypted by our hosting provider (Cloudflare) and database provider (Supabase).
- Access control: Row-level security on Supabase tables; only Big Brain Labs LLC has database access.
- Local data security: Securing the device is the most important step. Use device passcode, physical security, and clear roster data at end of school year using each app's "Clear" button.
- Breach notification: Affected users notified within 72 hours by email.
6. Vendor-review documents available on request
- Signed Data Processing Agreement (DPA)
- W-9 (vendor tax form for procurement / business offices)
- Student Data Privacy Consortium (SDPC) National Data Privacy Agreement
- NY Education Law §2-d Parents' Bill of Rights addendum
- California / Illinois / Colorado state-specific addenda
- SOC 2 / security questionnaire responses
- Custom contract amendments (we are small, flexible, and a teacher reads every email)
How to request: email support@bigbrainlabs.org with your school/district name and what you need. Most documents turn around within 2 business days.
7. Pricing for schools and districts
Big Brain Labs tools are one-time purchases for individual teachers; some tools are still in preview and improve over time. For schools deploying to 10+ classrooms, we offer:
- Volume pricing (typically 30–50% off list)
- One PO / invoice per district instead of individual purchases
- Direct support during the school year
- Custom configuration help if you need something specific
Pricing isn't published online because school budgets vary too much for a fixed sticker price to be useful. Email support@bigbrainlabs.org with your numbers and we'll send a real quote within 1 business day.
8. Common questions from schools
Does this require student accounts?
Most tools require no student accounts at all. The brb. kiosk and any sync features require teacher sign-in. In Escape Classroom cloud sessions, students enter a first name to join — no email, no password, no profile.
Can students use first names or nicknames only?
Yes. Teachers control the roster in every app, and nothing requires a last name, email, or full name. Many teachers use first name + initial or a classroom nickname.
Can data be exported?
Yes. Local apps export rosters, schedules, and other classroom data via in-app download buttons (CSV / JSON / printable PDF). For Escape Classroom cloud sessions, the teacher dashboard can export session reports.
Is there advertising?
No. Big Brain Labs runs no advertising, no third-party trackers, no behavioral advertising, and no data brokerage. Subscriptions and purchase pages are the only places anything monetary happens.
Can a school request a privacy agreement?
Yes. Email support@bigbrainlabs.org for a signed DPA, SDPC documents, NY Ed Law §2-d addendum, or state-specific paperwork. Most turn around within 2 business days.
Does it work on Chromebooks?
Yes. Big Brain Labs is a browser-based suite — no install, no extension, no plugin. Tested on managed school Chromebooks running current Chrome / ChromeOS.
Does it work on iPads?
Yes. Tested on iPad Safari and Chrome. Touch interactions are supported across apps. Some apps work best in landscape orientation on tablet-size screens.
What happens if the internet goes down?
Most Big Brain Labs apps are local-first — once the page is loaded, the day's roster, schedule, and routines keep working without internet. Escape Classroom cloud sessions are an exception (they need connectivity to sync between teacher and student devices), but every cloud-mode feature has a Test Mode that stores everything locally if connectivity drops or your district prohibits cloud sync.
Get a quote — or request documents
One form for everything: pricing quotes, signed DPA, SDPC docs, NY Ed Law 2-d addendum, demos. We respond within one business day.