Privacy Policy


When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address. We also collect payment details but that information if stored by Shopify

We do not store your payment details in Podio; that information is stored by Shopify. In this situation, Shopify is the data controller. For more information on how they process your data refer to section 4 or read here.  

Other personal information is then stored in our CRM (Customer Relationship Management system) - Podio. In this situation, Podio is the data processor and Bright Little Labs is the data controller.  

We use the personal information collected to help us (Bright Little Labs) create the best experience for our agents (the children who receive and use our products). For example, we store your email address in our CRM, if a child then signs up to use our app, they need to input their legal guardian’s email address, we can then match this against an email address that was used when a purchase was made on our website. We then know that the child has received one of our other products, and can offer them a more personalised experience as we understand what interactions they’ve had with our other products. The CIA Privacy Policy details how we store and process agents’ data when they use our website or app.

We can also use this information to help understand what new products from Bright Little Labs, you will be interested in. If you give us permission to send marketing material to you we may send you emails about new products or other updates based on the information you provide us (e.g if you would like to know more about STEM news or if you would only like to be contacted via post). You can ask us to stop using this information at any time by emailing

We also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system. For more information please see section 7  which tells you about the cookies we use.


How do you get my consent?

When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.

If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your express consent.

How do I withdraw my consent?

If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at or mailing us at:

Bright Little Labs
69 Old Street


We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.


In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us. In this case, we are the data controller and the third party is the data processor.

We have a Data Processing Agreement in place with all data processors (“DPA”) which is a contract in writing between us which clearly sets out the subject matter of the processing and its duration as well as the nature and purposes of processing, the types of personal data, any particular special categories of data and the obligations and rights of both parties with respect to processing the data.

Certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions, this is because they act as the data controller and they make the decisions over how to process your data.

For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by them.

Once you leave our store’s website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms of Service.

Here’s a summary of all the third parties we work with to provide our store:




Data Controller

Data processor


Dublin, Ireland

  • Processing payments and personal information
  • Hosts store
  • Allows integration of third party apps
  • If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.


(Payment details)



Atlanta, Georgia, United States

  • Storing email addresses and names for marketing purposes
  • Collecting consent for marketing communications



Kalkbrænderiløbskaj 4
2100 København

  • Managing & storing customer information (, address and email address) but NOT payment details.


Google Analytics

Mountain View, California, United States

  • Collecting anonymised data about who visits our site and what pages are being looked at.


Google Data Studio

Mountain View, California, United States

  • A reporting tool for visualizing data collected from multiple sources



Wellington, New Zealand

  • Online accounting software used to manage Bright Little Labs accounts which stores names of customers for bookkeeping purposes
  • Xero will comply with BLL’s written instructions to access, correct, amend, or delete the Personal Information;



California, United States

  • If you choose to pay using Paypal then Paypal stores your payment details and will be the data controller. All payments are protected by Paypal Buyer Protection and are PCI DSS compliant.



Hanoi, Vietnam

  • Allows users to share our website onto their social media platforms. Data collected anonymous clicks on navigation bar.



When you click on the links on our store (e.g. our social media links), they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.


To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.

All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.

PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

For more insight, you may also want to read Shopify’s Terms of Service ( or Privacy Statement (


To understand more about what Cookies are, and how we use them, please read our Cookies Policy.


By using this site, you agree to be at least 13 years of age.


We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect as soon as we post them on the website. If we make material changes to this policy, we will notify you that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.

If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.


If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact or by mail at

[Re: Privacy Compliance Officer]
Bright Little Labs, 69 Old Street, EC1V 9JB