Privacy Policy

1. Introduction

GraderGenie ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered exam creation and grading platform at gradergenie.com (the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy. This Privacy Policy complies with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable privacy laws.

2. Information We Collect

2.1 Personal Information

• Account Information: Name, email address, password (encrypted)
• Profile Information: Educational institution, role, profile picture
• Billing Information: Payment details (processed securely by our payment processors)
• Communication Data: Support tickets, feedback, correspondence

2.2 Educational Content

• Exam Content: Questions, answer keys, exam instructions you create
• Student Data: Exam submissions, responses, grades (when permitted by educational institutions)
• Usage Data: How you interact with our AI grading features

2.3 Technical Information

• Device Information: IP address, browser type, device type, operating system
• Usage Analytics: Pages visited, features used, time spent, performance data
• Cookies: Essential and analytics cookies (see our Cookie Policy)

3. How We Use Your Information

3.1 Service Provision

• Create and manage your account
• Process exam creation and AI grading requests
• Generate analytics and insights
• Provide customer support

3.2 AI Processing

• Train and improve our AI grading algorithms
• Analyze exam content for quality assessment
• Generate automated feedback and suggestions
• Detect potential plagiarism or academic misconduct

3.3 Legal Bases (GDPR)

• Contract Performance: Providing our services
• Legitimate Interest: Improving our platform, security, analytics
• Consent: Marketing communications, non-essential cookies
• Legal Obligation: Compliance with applicable laws

4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share information in the following circumstances:

4.1 Service Providers

• Cloud Hosting: Firebase/Google Cloud (data processing agreement in place)
• AI Processing: Google AI/Genkit for automated grading
• Payment Processing: Stripe (PCI DSS compliant)
• Analytics: Privacy-focused analytics tools

4.2 Educational Institutions

If you're using GraderGenie through your educational institution, we may share relevant data with authorized personnel in accordance with FERPA and other educational privacy laws.

4.3 Legal Requirements

We may disclose information if required by law, court order, or to protect our rights, safety, or the safety of others.

5. Data Security

• Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based access with multi-factor authentication
• Regular Audits: Security assessments and vulnerability testing
• Incident Response: 72-hour breach notification procedure
• Data Minimization: We collect only necessary information

6. Data Retention

• Account Data: Retained while account is active, deleted within 30 days of account closure
• Exam Content: Retained for 3 years after last access or as required by educational institution
• Student Submissions: Retained according to institutional policies, typically 1-7 years
• Usage Analytics: Anonymized data may be retained longer for service improvement

7. Your Rights

7.1 GDPR Rights (EU Residents)

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate information
• Erasure: Delete your data ("right to be forgotten")
• Portability: Export your data in machine-readable format
• Restriction: Limit processing of your data
• Objection: Object to processing based on legitimate interest

7.2 CCPA Rights (California Residents)

• Know what personal information is collected
• Know whether personal information is sold or disclosed
• Say no to the sale of personal information
• Access personal information
• Request deletion of personal information
• Equal service and price, even if you exercise your privacy rights

To exercise these rights, contact us at privacy@gradergenie.com

8. Children's Privacy

GraderGenie is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will delete such information immediately.

For educational use involving minors, we require appropriate consent and comply with COPPA, FERPA, and similar regulations.

9. International Data Transfers

Your information may be processed in countries outside your residence. We ensure adequate protection through:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions for data transfers
• Compliance with applicable data protection laws

10. Updates to This Policy

We may update this Privacy Policy periodically. We will notify you of any material changes by:

• Email notification to registered users
• Prominent notice on our website
• In-app notifications

Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

11. Contact Information

For privacy-related questions or to exercise your rights, contact us: