Privacy Policy

Last updated: January 30, 2026

1. Introduction

Brilla Lab ("we," "us," or "our") operates Brilla Coach and Brilla Student (collectively, the "Services"). This Privacy Policy explains how we collect, use, store, and protect your personal information. We are deeply committed to safeguarding the privacy of our users, including coaches, students, and school administrators.

2. Information We Collect

Account Information

  • Name, email address, and school/organization name provided during registration.
  • Password (stored in hashed form — we never store or have access to your plaintext password).

Usage Data

  • Practice session activity, question responses, and performance metrics.
  • AI interaction data (messages sent to Kaufmann AI and other AI features).
  • Device information and browser type for security and service optimization.

Payment Information

Payment processing is handled by our third-party payment provider. We do not store credit card numbers, mobile money PINs, or other sensitive payment credentials on our servers.

3. How We Use Your Information

  • Service delivery: To provide, maintain, and improve the educational features of our platform.
  • Personalization: To tailor practice sessions, AI coaching, and analytics to your learning needs.
  • Communication: To send important account notifications, service updates, and (with your consent) educational tips.
  • Security: To detect, prevent, and respond to fraud, abuse, or security incidents.
  • Analytics: To understand how the platform is used and identify areas for improvement. All analytics data is aggregated and anonymized.

4. Data Protection and Security

We take the security of your data seriously and implement industry-standard measures to protect it:

  • Encryption: All data is encrypted in transit (TLS/SSL) and at rest.
  • Access controls: Strict role-based access controls limit who can access user data within our organization.
  • Infrastructure: Our services are hosted on secure, SOC 2-compliant cloud infrastructure.
  • Authentication: We use secure session management with HTTP-only cookies and device fingerprinting to prevent unauthorized access.
  • Regular audits: We conduct periodic security reviews to identify and address vulnerabilities.

5. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data to any third party. Period.

We may share limited data only in the following circumstances:

  • Service providers: With trusted third-party services that help us operate the platform (e.g., hosting, payment processing, analytics). These providers are contractually obligated to protect your data and use it only for the services they provide to us.
  • Legal requirements: If required by law, court order, or governmental regulation.
  • Safety: To protect the rights, property, or safety of Brilla Lab, our users, or the public.

6. Student Data Protection

We recognize the sensitive nature of student data and apply additional protections:

  • Student performance data is only visible to the student and their authorized coach.
  • We do not use student data for advertising or marketing purposes.
  • Student data is never shared with other schools, organizations, or competing platforms.
  • Coaches can only see data for students in their own squads.
  • We comply with applicable data protection regulations regarding minors' data.

7. AI and Data Processing

Our AI features (including Kaufmann AI, question generation, and performance analytics) process user inputs to provide personalized educational content. Your interactions with AI features:

  • Are processed to deliver the specific educational service you requested.
  • Are not used to train third-party AI models.
  • Are subject to the same security protections as all other user data.

8. Data Retention

We retain your data for as long as your account is active or as needed to provide the Services. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

9. Your Rights

You have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your account and associated data.
  • Portability: Request your data in a portable format.
  • Objection: Object to certain types of data processing.

To exercise any of these rights, contact us at support@brillalab.com.

10. Cookies

We use essential cookies for authentication and session management. We also use analytics cookies (Vercel Analytics) to understand platform usage. These analytics are privacy-focused and do not track individual users across websites.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by posting the updated policy and updating the "Last updated" date. We encourage you to review this policy periodically.

12. Contact

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Brilla Lab
Email: support@brillalab.com