Privacy Policy

Effective Date: April 28, 2026

Gradeport ("we," "us," or "our") provides tools for extracting grades from marked papers, reviewing results, and exporting or updating gradebooks. This Privacy Policy explains how we collect, use, disclose, retain, and delete information when you use Gradeport.

For school-specific privacy information, see our Student Data & Privacy page.

1. Information We Collect

We may collect:

• account information such as name and email address
• uploaded documents and images, including graded papers
• imported rosters and gradebooks
• extracted scores, question-level marks, totals, and matched student entries
• corrections and edits made by authorized users
• operational logs, device information, and security events
• waitlist information including role, grading volume, and feedback

2. Student Education Records

If you upload graded papers, gradebooks, student names, student scores, or related records, those materials may contain personally identifiable information from education records.

3. Limited Use of Student Data

4. AI / OCR Providers

Some service features rely on third-party OCR or AI providers to extract text and scores from uploaded materials.

For student-record workflows, Gradeport is intended to use paid processing configurations under which uploaded content is not used to improve general-purpose models, consistent with provider documentation and applicable contractual terms.

5. School / Institution Control

Gradeport is designed to support institution-controlled workflows for processing grading information. Where Gradeport is used by an educational institution, uploaded and extracted data is processed only to provide the service, subject to the institution's instructions, applicable agreements, and legal obligations.

Gradeport is designed to support privacy-aligned school use, subject to school policies, contracts, and configuration. We do not claim FERPA or FIPPA certification — these are laws, not certification programs.

6. How We Use Information

We use information to:

• operate and improve Gradeport
• manage waitlist signups and beta access
• communicate with you about early access, product updates, and support
• protect the service from abuse, fraud, or misuse
• comply with legal obligations

7. Disclosure of Information

We may disclose information:

• to service providers and subprocessors that help operate the service
• when required by law
• to protect rights, safety, and service security
• in connection with a merger, acquisition, or reorganization, subject to lawful handling requirements

Any service provider handling student-record data must be bound by confidentiality and data-protection obligations appropriate to the role they perform.

8. Security Safeguards

Gradeport uses the following safeguards to protect information:

• Encryption in transit: all data is transmitted over TLS/HTTPS
• Encryption at rest: data stored in Supabase is encrypted at rest by default
• Access controls: row-level security (RLS) on every database table ensures users can only access their own data
• Authentication: Google OAuth with JWT verification on every API request
• Private storage buckets: uploaded papers and exports are stored in private buckets, not publicly accessible
• Service-role isolation: the backend service key is never exposed to the frontend

No method of transmission or storage is completely secure. We cannot guarantee absolute security. In the event of a security incident affecting user data, we will notify affected users and institutions as required by applicable law.

9. Retention and Deletion

Current retention defaults:

• Uploaded papers: retained until the user deletes the associated class or account, or requests deletion
• Extracted grade data: retained until explicitly deleted by the user
• Exports: retained until the user deletes them or requests account deletion
• Account data: retained until the user deletes their account

Users can delete all data or their full account at any time from Account Settings within the app. Deletion removes associated database records and uploaded files from storage.

For institutional deletion requests or data return at contract termination, contact privacy@gradeport.org. We will respond within a reasonable timeframe and provide written confirmation of deletion on request.

10. De-identified and Operational Data

We may use de-identified, aggregated, or operational data that does not identify a student for security, debugging, billing, fraud prevention, uptime monitoring, and service improvement.

11. Your Choices

You may update account details, request deletion where available, and contact us about privacy rights or institutional data questions at privacy@gradeport.org.

12. Subprocessors & Vendors

We work with a small number of trusted service providers to operate Gradeport. These vendors may process data on our behalf, including uploaded papers and grade records.

Current vendors include: Supabase (database, auth, storage), Google Gemini API (OCR/AI extraction), Vercel (frontend hosting), Railway (backend hosting), Resend (transactional email), and Google OAuth (sign-in).

We update this list when vendors are added or changed. For institutional review, contact privacy@gradeport.org.

13. Children's Privacy

Gradeport is not intended for children under 13, and we do not knowingly collect personal information from children under 13.

14. Changes

We may update this Privacy Policy from time to time. If we make material changes, we will update the effective date and provide notice where appropriate.

15. Contact

Privacy inquiries and student-data requests: privacy@gradeport.org
General contact: hello@gradeport.org
Website: www.gradeport.org