Gradency

Privacy Policy

Last updated:

Template notice

This is a good-faith template. Have qualified counsel review before launch, especially for FERPA / GDPR / state-level obligations.

What we collect

  • Account information — username, email, hashed password (bcrypt), account creation timestamp, last login.
  • Course content you upload — answer key PDFs, scanned student exam PDFs, rubrics, custom prompts.
  • Student information you provide — names, emails (optional), student indices, custom-field values.
  • Grading outputs — AI-generated scores, per-question feedback, manual overrides, audit trail.
  • Usage data — token usage per grading call (for cost accounting), basic request logs (IP, timestamp, route, response code; retained 30 days).
  • Communications — emails you send to students through the Service (subject, recipient, send timestamp).

What we do NOT collect

  • We do not collect biometric, financial, or health data.
  • We do not use third-party advertising trackers.
  • We do not sell or rent your data.
  • We do not use your content to train AI models.

How we use your data

  • To provide grading, splitting, rubric generation, and email-sending features you've explicitly invoked.
  • To send service notifications you've opted into (objection alerts, grading-complete summaries, weekly summaries — toggleable in Settings → Notifications).
  • To detect and prevent abuse (rate limiting, security monitoring).
  • To respond to your support inquiries.

Third parties we share data with

Third partyWhat we sendWhy
Automated grading providerAnswer key + student exam page images + rubric textGenerating grading suggestions
Hosting / network providerAll HTTP traffic to/from the ServiceDNS, TLS, DDoS protection
Email delivery providerRecipient address, subject, bodySending student emails

The list of specific sub-processors is available to enterprise customers and to data subjects on request via our contact page.

Each third party has its own privacy policy. Their handling of your data is governed by their terms; we choose providers we believe meet reasonable industry standards.

How long we keep your data

We retain your data for as long as your account is active. When you delete your account, we delete:

  • Your account record and all derived data within 30 days.
  • Course content, students, exams, grades, and uploaded PDFs immediately on account deletion.
  • Backup copies are purged within 90 days of account deletion.

Audit logs and usage records may be retained up to 1 year for security and accounting purposes.

Your rights

Depending on your jurisdiction, you may have rights to access, correct, export, or delete your personal data. To exercise these rights:

  • Access / export: use Settings → Profile to view your data, or contact us for a structured export.
  • Correction: edit your profile via Settings.
  • Deletion: use Settings → Danger Zone → Delete Account, or email us.
  • Other requests: use our contact page.

Security

We employ industry-standard practices: HttpOnly authentication cookies, CSRF protection, encrypted at-rest backups, role-based access control, and rate limiting on authentication endpoints. See the Security page for technical details.

Children

Gradency is intended for educators. Account holders must be of legal age in their jurisdiction (typically 18+, or 13+ with guardian consent in the US). Student data uploaded by educators may include minors; that is the educator's responsibility under their institution's policies.

International transfers

The Service may transfer your data to servers located outside your country. By using the Service, you consent to such transfers. Where required, we rely on standard contractual clauses or equivalent safeguards.

Changes to this policy

Material changes will be communicated by email or in-app notice at least 14 days before they take effect.

Contact

Privacy inquiries: please use our contact page.