Sign in to your account >

About BiggerBrains
Search
Request Course Catalog
Pricing & Free Trials

Privacy Policy

Last updated: April 17, 2026

[activecampaign form=10 css=1]

Contact Us

If you have any questions about this Privacy Policy, You can contact us by visiting this page: https://getbiggerbrains.com/contact/

1. Introduction

Triple Tech LLC, doing business as Bigger Brains (“Bigger Brains,” “we,” “us,” or “our”), is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at https://getbiggerbrains.com, our applications, and our related services.

This Privacy Policy applies to all users of our products and services worldwide, including users in the European Economic Area (EEA), the United Kingdom, California, and other jurisdictions with specific privacy laws. We have designed this policy to meet or exceed the requirements of the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), the Children’s Online Privacy Protection Act (COPPA), and other applicable data protection laws.
By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our Services.

2. Services Covered

This Privacy Policy covers the following Bigger Brains products and services (collectively, the “Services”):

    • BrainStation LMS – Our cloud-based learning management system for delivering and tracking eLearning courses.
    • BrainWave LMS – Our learning management system platform.
    • BrainBot – Our AI-powered learning assistant and chatbot.
    • Bigger Brains eLearning App for Microsoft Teams – Our eLearning application integrated within Microsoft Teams and Microsoft 365.
    • EmailCheck – Our email security awareness application.
    • SCORM, AICC, and xAPI Course Content – Our eLearning course files delivered for use within third-party learning management systems.
    • Digital Badges – Our digital credentialing service for course completions.
    • Our Website – https://getbiggerbrains.com and related web properties.

 

3. Data Controller Information

For the purposes of applicable data protection laws, the data controller is:
Triple Tech LLC dba Bigger Brains
3871 Hwy 24, Anderson, SC 29626, USA
Phone: +1 864-421-6950
Data Protection Contact: dpo@bigger-brains.com
When Bigger Brains provides Services to an organization (such as an employer, school, or reseller) that directs how personal data should be used, that organization is the data controller and Bigger Brains acts as a data processor on their behalf. In such cases, please refer to that organization’s privacy policy for information about how your data is handled.

4. Information We Collect

4.1 Personal Data You Provide

When you register for or use our Services, you may provide us with the following personal data:

    • Identity Data: Your name, username, or similar identifier.
    • Contact Data: Your email address, phone number, or mailing address.
    • Account Data: Login credentials (passwords are encrypted and not accessible by Bigger Brains staff).
    • Transaction Data: Payment and billing information when you purchase our Services.
    • Content Data: Information you submit through BrainBot interactions, knowledge checks, course assessments, forms, or EmailCheck simulations.

4.2 Data Collected Automatically

When you use our Services, we automatically collect:

    • Usage Data: Pages visited, features used, courses accessed, time spent, completion status, quiz scores, and interaction patterns.
    • Technical Data: IP address, browser type and version, operating system, device type, unique device identifiers, time zone, and language settings.
    • Cookie and Tracking Data: Information collected through cookies, web beacons, pixel tags, and similar technologies (see Section 8).

4.3 Data Collected via SCORM, AICC, and xAPI Courses

When our course content is hosted in your organization’s learning management system (LMS), the following data may be transmitted to our licensing server:

    • User ID (as reported by the LMS—this may or may not be personally identifiable).
    • Student name (as reported by the LMS).
    • License key, course identifier, course progress, and scores.

Organizations may request our encrypted course file option, which automatically anonymizes all user information before transmission. Note that enabling encryption may prevent certain features such as Digital Badges and Microsoft Teams integration from functioning.

4.4 Data Collected for Digital Badges

When you opt to receive a Digital Badge upon course completion, the following data is collected and stored on our badging server: your name, course ID, course score and seat time (if available), and the name of the provider organization.

4.5 Data from Third-Party Sources

We may receive personal data about you from third-party sources, including organizations that introduce you to our Services, Single Sign-On (SSO) identity providers such as Microsoft Entra ID, analytics providers, and publicly available sources.

4.6 Sensitive Data

We do not intentionally collect or process sensitive categories of personal data (such as racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data).

5. How We Use Your Information

We use your personal data for the following purposes and on the following legal bases:

5.1 To Provide and Maintain Our Services (Contractual Necessity)

    • Deliver, personalize, and improve your learning experience.
    • Manage your account and authenticate your identity.
    • Process transactions and send related information.
    • Enable administrators and instructors to run reports on usage and assessment results.
    • Provide Digital Badges and certificates of completion.
    • Provide customer support and respond to your requests. 

5.2 To Improve and Develop Our Services (Legitimate Interest)

    • Analyze usage trends and effectiveness of our content.
    • Conduct research and development to improve our platform.
    • Monitor and ensure the security and integrity of our Services.

5.3 To Communicate with You (Legitimate Interest or Consent)

    • Send service-related notices, updates, and security alerts.Conduct research and development to improve our platform.
    • Provide news, special offers, and information about our products and services, where you have opted in or where permitted by law. You may opt out at any time.

5.4 To Comply with Legal Obligations

We may process your data as necessary to comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

6. Artificial Intelligence and Automated Processing

Certain features of our Services incorporate artificial intelligence (AI) and machine learning technologies, including but not limited to BrainBot (our AI-powered learning assistant) and other AI-enhanced features across our platforms.

When you interact with AI-powered features, your inputs (such as questions, prompts, and responses) may be processed to generate relevant outputs. We use this data to provide the requested functionality and may use aggregated, de-identified interaction data to improve our AI models and Services.

We do not use AI to make automated decisions that produce legal effects or similarly significant effects on you without human involvement. If this changes, we will update this policy and, where required by law, obtain your consent or provide you with the right to opt out.

Our AI features may rely on third-party AI service providers. When third-party AI providers are used, your data is processed in accordance with our data processing agreements with those providers and subject to the protections described in this Privacy Policy.

7. How We Share Your Information

Bigger Brains does not sell your personal data to third parties. We may share your information in the following limited circumstances:

    • Service Providers and Sub-Processors: We engage trusted third-party service providers to help operate our Services, including cloud hosting (Microsoft Azure, Amazon Web Services), payment processing, analytics, and marketing platforms. These providers are contractually bound to use your data only as directed by us and to maintain appropriate security measures.
    • Your Organization: If you access our Services through an employer, school, reseller, or other organization, we may share your usage data, assessment results, and progress information with authorized administrators and instructors within that organization.
    • Microsoft: When you use our Microsoft Teams app or SSO via Microsoft Entra ID, certain data is shared with Microsoft as necessary to provide the integration. Microsoft’s use of such data is governed by Microsoft’s own privacy policy.
    • Legal Requirements: We may disclose your data if required to do so by law, regulation, court order, or other legal process, or to protect the rights, property, or safety of Bigger Brains, our users, or others.
    • Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred to the successor entity. We will notify you before your data becomes subject to a different privacy policy.
    • With Your Consent: We may share your data for other purposes when we have obtained your explicit consent.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information about your use of our Services. These include:

    • Essential Cookies: Required for the operation of our Services, including authentication, session management, and security. These cannot be disabled.
    • Functional Cookies: Remember your preferences and settings (such as language, login details, and display options) to provide a personalized experience.
    • Analytics Cookies: Help us understand how our Services are used, which pages are most popular, and how users navigate our platforms. We use Google Analytics and similar tools for this purpose.
    • Marketing Cookies: Used to deliver relevant advertisements and measure the effectiveness of our marketing campaigns. These may be set by our advertising partners.

You can manage your cookie preferences through your browser settings. Most browsers allow you to refuse or delete cookies. However, disabling certain cookies may affect the functionality of our Services.

We honor “Do Not Track” (DNT) signals and Global Privacy Control (GPC) signals where required by applicable law. When we detect a GPC signal from a California resident, we treat it as a valid opt-out request under the CCPA/CPRA.

9. International Data Transfers

Your personal data is processed and stored in the United States, primarily on servers hosted by Microsoft Azure (US East region) and Amazon Web Services (AWS). If you are located outside the United States, your data will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.

9.1 Transfers from the EEA and UK

When we transfer personal data from the European Economic Area (EEA) or the United Kingdom to the United States or other countries outside those regions, we implement appropriate safeguards to ensure your data receives an adequate level of protection, including:

    • Standard Contractual Clauses (SCCs) approved by the European Commission and/or the UK Information Commissioner’s Office (ICO).
    • Transfer to countries recognized by the European Commission or UK authorities as providing adequate data protection.
    • The EU-U.S. Data Privacy Framework, where applicable.

You may request further information about the safeguards we use by contacting us at dpo@bigger-brains.com.

10. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, regulatory, tax, accounting, or reporting requirements.
 
To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process it, whether we can achieve those purposes through other means, and applicable legal requirements.
 
When your data is no longer required, we will securely delete or anonymize it. Anonymized data (which can no longer identify you) may be used indefinitely for research and statistical purposes.
 
Bigger Brains practices data minimization—we collect only the personal data essential for the provision and improvement of our Services.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:
    • Encryption of sensitive data at rest (including passwords and payment information) and all data in transit using HTTPS/SSL and TLS 1.2 or higher.
    • All data is hosted in private databases with no public access.
    • Regular backups of user, e-commerce, and course data.
    • Network security monitoring, including Microsoft Cloud Defender for Azure-hosted components and 24/7 monitoring for AWS components.
    • Regular security assessments, including PCI compliance scans every 90 days, annual penetration testing, and annual security reviews.
    • Physical access restrictions for data centers and authorization controls for data access.
    • Security patches applied daily to cloud infrastructure, with security-related bugs patched or mitigated within 48 hours of discovery.
    • Access to personal data limited to authorized personnel on a need-to-know basis, all of whom are subject to confidentiality obligations.

While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security but are committed to promptly addressing any breach in accordance with applicable laws.

12. Your Privacy Rights

Depending on your location and applicable law, you may have some or all of the following rights with respect to your personal data:

12.1 Rights Under the EU GDPR and UK GDPR

If you are located in the European Economic Area or the United Kingdom, you have the following rights under the General Data Protection Regulation (EU GDPR and UK GDPR):

    • Right of Access: You have the right to request confirmation of whether we process your personal data, and to obtain a copy of that data.
    • Right to Rectification: You have the right to request correction of inaccurate or incomplete personal data.
    • Right to Erasure (“Right to Be Forgotten”): You have the right to request deletion of your personal data where there is no compelling reason for its continued processing. Some data may be retained in backup archives or for legal compliance.
    • Right to Restrict Processing: You have the right to request that we limit the processing of your data in certain circumstances.
    • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
    • Right to Object: You have the right to object to processing based on legitimate interests, direct marketing, or automated decision-making (including profiling).
    • Right to Withdraw Consent: Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.
    • Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority.

We will respond to rights requests within 30 days (or such shorter period as required by law). We may need to verify your identity before processing your request.

In the event of a data breach involving your personal data that is likely to result in a risk to your rights and freedoms, we will notify the applicable supervisory authority within 72 hours of becoming aware of the breach and will notify affected individuals where required by law.

12.2 Rights Under the California Consumer Privacy Act (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA) provides you with the following additional rights:

    • Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purposes for collecting it, and the categories of third parties with whom we share it.
    • Right to Delete: You have the right to request the deletion of your personal information, subject to certain exceptions.
    • Right to Correct: You have the right to request the correction of inaccurate personal information.
    • Right to Opt Out of Sale or Sharing: Bigger Brains does not sell your personal information and does not share your personal information for cross-context behavioral advertising. However, if this practice changes, we will provide a “Do Not Sell or Share My Personal Information” link on our website.
    • Right to Limit Use of Sensitive Personal Information: We do not collect or use sensitive personal information beyond what is necessary to provide our Services.
    • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. You will not receive different pricing or quality of service as a result of exercising your rights.

To exercise any of these rights, please contact us at dpo@bigger-brains.com. We will verify your identity and respond within 45 days.

12.3 Rights Under Other Applicable Laws

Residents of other jurisdictions (including but not limited to Virginia, Colorado, Connecticut, Utah, and other U.S. states with comprehensive privacy laws, as well as Canada, Brazil, and other countries) may have similar rights under their local data protection laws. We are committed to honoring applicable rights requests from all jurisdictions. Please contact us to exercise your rights, and we will process your request in accordance with applicable law.

13. Children’s Privacy

Bigger Brains takes children’s privacy seriously. Our Services are generally intended for use by adults and by minors only under the supervision of a parent, legal guardian, or authorized educational institution.

We do not knowingly collect personal data from children under the age of 13 (or the applicable age in your jurisdiction) without verifiable parental or guardian consent. Where our Services are used by schools or educational organizations that may include users under 13, we require that the school or organization obtain and maintain all necessary parental consents and act as the responsible party for those students’ data.

If we become aware that we have inadvertently collected personal data from a child under 13 without appropriate consent, we will promptly delete such data and terminate any associated account. If you believe that a child under 13 has provided us with personal data without proper consent, please contact us immediately at dpo@bigger-brains.com.

For users between the ages of 13 and 16 in the EEA or UK, we require parental or guardian consent for the processing of their personal data, in accordance with the GDPR. For users aged 16 and over (or the applicable age of consent in their jurisdiction), consent may be provided directly by the user.

14. Third-Party Links and Integrations

Our Services may contain links to third-party websites, plug-ins, and applications (such as Microsoft, LinkedIn, YouTube, and others). Clicking on those links or enabling those connections may allow third parties to collect or share data about you.

We do not control these third-party services and are not responsible for their privacy practices. We encourage you to read the privacy policy of every third-party service you interact with.

When you use our Microsoft Teams app, SSO via Microsoft Entra ID, or share Digital Badges to LinkedIn, the respective third-party’s privacy policy governs their handling of your data.

15. “Do Not Sell or Share” Disclosure

Bigger Brains does not sell your personal data and does not share your personal data for cross-context behavioral advertising purposes. We have not sold or shared personal data in the preceding 12 months.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated policy on our website with a revised “Last Updated” date and, where required by law, by email or a prominent notice on our Services prior to the change becoming effective.

We encourage you to review this Privacy Policy periodically. Your continued use of our Services after the effective date of any changes constitutes your acceptance of the updated policy.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Triple Tech LLC dba Bigger Brains

3871 Hwy 24, Anderson, SC 29626, USA

Phone: +1 864-421-6950

Email: dpo@bigger-brains.com

Website: https://getbiggerbrains.com

 

For EU/UK data protection inquiries, you also have the right to lodge a complaint with your local data protection supervisory authority.

Bigger Brains Course Catalog

Fill out the information below to receive a download link for our latest course catalog.