Privacy Policy
Last updated: 2026-01-01 · Version 1.0-draft
⚠ [ATTORNEY DRAFT REQUIRED] — This page contains placeholder legal text that has not been reviewed or approved by a licensed attorney. Do not rely on this content for legal compliance. Replace all placeholder sections before production launch.
1. What We Collect
- Account information: Teacher name, email address, and school name.
- Usage data: Feature usage and session data. We do not include student PII in usage analytics.
- Student data: Essay text, grades, and feedback — collected on behalf of the school under FERPA.
- Technical data: IP addresses for security and audit logging only, never for profiling.
2. What We Do NOT Collect
- Student email addresses, phone numbers, photos, or demographics
- Precise location data
- Any data for advertising purposes
3. How We Use Data
- To provide the grading service
- To improve the service — using aggregated, anonymized usage data only; never individual student data
- For security and fraud prevention
- To communicate with account holders (teachers, not students)
4. Student Data — Special Protections
Student data is processed solely to provide the educational service. Student data is:
- Never sold, rented, or disclosed to third parties except service providers under DPA
- Never used to train AI models without explicit written school consent
- Never used to build student profiles for advertising or non-educational purposes
References: FERPA, COPPA, applicable state laws (e.g., SOPIPA, NY Education Law §2-d).
5. Who We Share Data With (Subprocessors)
| Provider | Purpose | Data Shared |
|---|---|---|
| OpenAI | Essay processing for AI grading | Essay text only — no student names or identifiers |
| Railway | Infrastructure hosting (US) | All application data |
| Stripe | Payment processing | Teacher billing data only — no student data |
6. Data Retention
- Active accounts: data retained for the duration of subscription + 1 year
- Deleted accounts: student data deleted within 30 days; teacher account data within 90 days
- Audit logs: retained for 3 years for compliance purposes
7. Your Rights
- Access your data
- Request deletion of your teacher account or school data
- For student data rights: contact your school administrator — we act on the school's instruction
8. Security
- Encryption in transit (TLS) and at rest
- Access controls and authentication requirements
- Regular security reviews
- Breach notification within 72 hours
9. Children's Privacy (COPPA)
GradeWise is a teacher tool. We do not collect personal information directly from students. Students do not have accounts; their data is uploaded and managed by teachers on their behalf.
10. Changes to This Policy
We will notify account holders by email at least 30 days before any material changes to this policy take effect.
11. Contact
For privacy questions or to exercise your rights, contact us at [email protected]. For FERPA-specific questions, see our FERPA Notice.