Privacy Policy
Last updated: February 14, 2026
Board Room ("we," "us," or "our") operates the website at brdrm.ai and the Board Room platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
1. Information We Collect
Account Information
When you create an account, we collect:
- Full name
- Work email address
- Password (stored securely via Supabase Auth — we never see or store your plaintext password)
- Your industry and target industries
Usage Data
As you use the Service, we automatically collect:
- Learning progress (modules completed, lesson scores, XP earned)
- Practice session results and coach conversation performance scores
- Meeting prep reports you generate
- Companies you research or add to watchlists
- IP address and user agent string (for rate limiting and security)
- Session identifiers and timestamps
Payment Information
If you subscribe to a paid plan, payment is processed entirely by Stripe. We never receive or store your credit card number, bank account details, or other sensitive payment information. We only store your Stripe customer ID and subscription status.
Public Leaderboard
If you use the platform, your name and XP totals may appear on the public leaderboard. You can contact us to opt out of the leaderboard.
2. How We Use Your Information
- Provide the Service: Personalize training content based on your industry, track your progress, and deliver AI coaching and meeting prep.
- Monitor and analyze usage: Track how users interact with the Service, including feature usage, learning patterns, session behavior, engagement metrics, and performance data, to understand how the platform is used.
- Improve the platform: Use usage data, feedback, and behavioral analytics to develop, test, and enhance training content, AI features, user experience, and overall Service quality.
- Create aggregated insights: Compile, aggregate, anonymize, and de-identify usage data to create benchmarks, industry reports, analytics products, and other derivative data sets. These aggregated and anonymized data products do not identify individual users.
- Process payments: Manage your subscription through Stripe.
- Communicate with you: Send service-related emails, product updates, and (if opted in) newsletter content.
- Security: Monitor for abuse, enforce rate limits, and protect against unauthorized access.
3. Third-Party Services
We share limited data with the following third-party services to operate the platform:
| Service | Data Shared | Purpose |
|---|---|---|
| Supabase | Account data, learning progress, usage logs | Database, authentication, and data storage |
| Stripe | Email, user ID | Payment processing and subscription management |
| Anthropic (Claude AI) | Coaching conversation messages, practice prompts, company context | AI-powered coaching, practice questions, and company research |
| Beehiiv | Email, name, industry preferences | Newsletter delivery (if opted in at signup) |
| Financial Modeling Prep | Company ticker symbols (no user data) | Financial data for company research features |
| SEC EDGAR | Company ticker symbols (no user data) | Public SEC filings for company research |
| YouTube / Google | Standard embedded player data (IP, device info, viewing behavior — collected by Google directly) | Embedded video content for educational purposes |
| Vercel | Standard web request data (IP, user agent) | Website hosting and serverless functions |
We do not sell your personal information (such as your name, email, or account details) to third parties. However, we may share, license, or sell aggregated and anonymized data that does not identify you personally — see Section 5 below. We do not use third-party advertising trackers, analytics pixels, or cross-site tracking tools.
4. AI Coaching & Data
When you use our AI coaching or practice features, your conversation messages are sent to Anthropic's Claude API for real-time processing. These conversations are used solely to generate responses during your session. We store performance scores and feedback summaries, but we do not use your coaching conversations for advertising or share them with other users.
5. Third-Party Video Content & Embedded Players
The Service may embed video content from third-party platforms, including YouTube, using embedded player technology (such as YouTube's iframe embed API). When you view embedded video content on our platform:
- Data collected by third parties: The embedded YouTube player may collect data directly from your browser, including your IP address, device information, cookies, and viewing behavior. This data collection is governed by Google's Privacy Policy, not ours. We do not control and are not responsible for Google's data collection practices.
- No ownership of content: BRDRM.AI, ChrisSchaum.com, Christopher Schaum, and their associated entities claim no ownership over any video content displayed through embedded third-party players. All video content remains the intellectual property of its respective creators and copyright holders.
- Your responsibility: By viewing embedded YouTube videos on our platform, you are accessing YouTube's service and are subject to YouTube's Terms of Service and Google's Privacy Policy. You are responsible for reviewing and complying with these third-party terms.
- Cookie implications: YouTube's embedded player may set cookies on your device. These cookies are controlled by Google, not by Board Room. You can manage these cookies through your browser settings or Google's privacy controls.
6. Aggregated & Anonymized Data
We may aggregate, anonymize, or de-identify data collected through the Service so that it no longer identifies you personally. We may use, share, license, and sell such aggregated and anonymized data for any lawful business purpose, including but not limited to:
- Publishing industry benchmarks, trend reports, and performance analytics
- Licensing anonymized data sets to third parties for research, analytics, or commercial purposes
- Creating and marketing data-driven products and services derived from platform usage patterns
- Improving artificial intelligence models and training data sets
Aggregated and anonymized data is not considered personal information under this Privacy Policy. Once data has been anonymized, it cannot be re-identified to you, and this policy's restrictions on personal information do not apply to it.
7. Data Retention
- Account data: Retained for as long as your account is active. If you delete your account, we will delete your personal data within 30 days.
- Usage logs: IP addresses and analytics data are retained for up to 12 months for security and service improvement, then automatically purged.
- Payment records: Stripe customer IDs and subscription history are retained as required for tax and legal compliance.
- Cached company data: Public financial data cached from third-party APIs expires automatically (1 to 7 days depending on data type).
8. Data Security
We implement industry-standard security measures to protect your data:
- All data is transmitted over HTTPS/TLS encryption
- Passwords are hashed and salted (managed by Supabase Auth)
- Database access is restricted with Row-Level Security policies — users can only access their own data
- API endpoints are protected with rate limiting, CORS restrictions, and input validation
- Admin endpoints require additional authentication
- Security headers (CSP, X-Frame-Options, X-Content-Type-Options) are enforced on all pages
9. Cookies
Board Room uses minimal cookies:
- Authentication cookies: Set by Supabase to maintain your login session. These are essential for the Service to function.
- Stripe cookies: Set during the payment process by Stripe for fraud prevention.
We do not use advertising cookies, social media tracking pixels, or third-party analytics cookies.
10. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request that we correct inaccurate or incomplete data.
- Deletion: Request that we delete your personal data and account.
- Portability: Request your data in a structured, machine-readable format.
- Opt out of newsletter: Unsubscribe from marketing emails at any time via the link in any email or by contacting us.
- Leaderboard opt-out: Request removal from the public leaderboard.
To exercise any of these rights, email us at BRDRM@ChrisSchaum.com. We will respond within 30 days.
11. Children's Privacy
Board Room is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will delete it promptly.
12. International Data Transfers
Our Service is hosted in the United States via Vercel and Supabase. If you access the Service from outside the United States, your data may be transferred to and processed in the United States. By using the Service, you consent to this transfer.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.
14. Contact Us
If you have questions about this Privacy Policy or how we handle your data, contact us at:
Board Room
Email: BRDRM@ChrisSchaum.com