Ceresant Solutions, Inc. Sub-Processors

Last Updated January 17, 2026

 
What Are Sub-Processors?

Sub-processors are third-party service providers that Ceresant engages to process Student Data or other personal information on your behalf. Your privacy policy specifically mentions this in the Data Processing Agreements section:

"Limitations on subprocessing and requirements for subprocessor agreements" 

These are essentially vendors who may process data on Ceresant’s behalf to support the operation and delivery of its services.

Scope of This Page

Ceresant operates multiple web properties, including (i) Ceresant.com (including the BrainDash product page), (ii) gobraindash.com (a branded domain that redirects to Ceresant.com), and (iii) schools.gobraindash.com (the BrainDash application used by Schools). Sub-processors may support different aspects of these services. Not all sub-processors have access to Student Data, and sub-processors used for marketing or website operations are not permitted to access Student Data unless expressly authorized and governed by applicable Data Processing Agreements.

Our Approach to Sub-Processors

Ceresant takes the selection and management of sub-processors seriously. Before engaging a sub-processor that may access Student Data or other personal information, Ceresant evaluates the vendor’s role, the nature of the data involved, and the security and privacy risks associated with the engagement.

As appropriate based on the vendor’s role and risk profile, Ceresant may implement contractual, technical, and organizational safeguards, including data protection obligations, confidentiality requirements, and security commitments consistent with this Privacy Policy and applicable Data Processing Agreements.

Ceresant maintains information about approved sub-processors and reviews sub-processor relationships periodically to ensure continued alignment with privacy and security expectations.

Current Sub-Processors 

Ceresant currently uses the following sub-processors:

Sub-Processors Used for Ceresant.com and gobraindash.com (Marketing and Website Operations)
These sub-processors support website delivery, security, analytics, communications, and form submissions.

  • Cloudflare, Inc. (traffic optimization, distribution, security)

  • Google LLC (security and analytics)

  • HubSpot, Inc. (analytics, CRM, communications)

  • TYPEFORM S.L (data collection and surveys) 

Sub-Processors Used for schools.gobraindash.com (BrainDash Application)
These sub-processors support the BrainDash application and, depending on School configuration, may process School or Student Data.

Identity and Student Information System Integrations
BrainDash integrates with certain School-provided identity and student information systems to support user verification and access management. At a minimum, these integrations may provide limited identifying information, such as student and counselor names, to enable account creation, role assignment, and appropriate access to the Services. Depending on School configuration and future feature enablement, additional student or staff information may be processed in accordance with applicable agreements and this Privacy Policy.

Ceresant processes SIS-provided data solely for purposes authorized by the School and does not independently determine the scope of data shared through these integrations.

  • Google LLC – identity and authentication services used by some Schools to verify user identity, role, or affiliation

  • Veracross – student information system integrations used by some Schools to verify enrollment or synchronize limited student records

  • Blackbaud, Inc. – student information system integrations used by some Schools to verify enrollment or synchronize limited student records

  • Google Cloud Platform (Google LLC)
    Infrastructure hosting, data storage, networking, and security services for the BrainDash application.

  • Google Gemini (Google LLC)
    Artificial intelligence services used to support specific BrainDash application functionality. Gemini is accessed through a controlled API configuration and is not permitted to browse the web or initiate independent actions. Ceresant configures its use of Gemini to operate solely within defined application workflows and subject to contractual, technical, and organizational safeguards. Gemini is not authorized to use Student Data to train models, and any processing occurs only to support BrainDash features as instructed by Ceresant and the School.

At this time, BrainDash primarily relies on first-party infrastructure and a limited set of service providers. Additional sub-processors may be introduced as platform functionality evolves, and this page will be updated accordingly.

Use of Student Data by Sub-Processors

Ceresant does not permit sub-processors, including cloud and AI service providers, to use Student Data for their own purposes or to train models, except where explicitly authorized by the School and governed by applicable agreements.

Ceresant may update this list from time to time as sub-processors change. Material changes will be reflected by updating the “Last Updated” date above.

Schools can request this documentation by contacting privacy@ceresant.com.