Zurück

Privacy Policy

Last updated: January 20, 2026

1. Introduction

GradeAI ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered test analysis service. This policy is designed to comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

GradeAI, operating under the legal entity [Company Name], is the data controller responsible for your personal data. You can contact our Data Protection Officer at privacy@gradeai.com

3. Information We Collect

3.1 Personal Information

When you create an account, we collect:

  • Name
  • Email address
  • Password (encrypted)
  • Account creation date

3.2 Children's Information

You may choose to provide information about your children:

  • Child's name (first name only recommended)
  • Grade level
  • School type

3.3 Test Data

When you upload tests for analysis:

  • Test images or PDF files
  • Extracted text from OCR processing
  • Detected grades and scores
  • AI-generated analysis results
  • Upload timestamps

3.4 Usage Data

  • Browser type and version
  • IP address (anonymized)
  • Pages visited and time spent
  • Device information
  • Language preferences

4. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

  • Consent: You have given explicit consent for processing your data
  • Contract: Processing is necessary to provide our services
  • Legal Obligation: We must comply with legal requirements
  • Legitimate Interest: To improve our services and prevent fraud

5. How We Use Your Information

We use your information to:

  • Provide and maintain our AI analysis services
  • Process and analyze uploaded test documents
  • Track academic progress over time
  • Send service-related notifications
  • Improve our AI models and algorithms
  • Detect and prevent fraud or abuse
  • Comply with legal obligations
  • Respond to support requests

6. Data Storage and Security

We implement robust security measures to protect your data:

  • End-to-end encryption for data transmission (TLS/SSL)
  • Encrypted storage of sensitive data
  • Regular security audits and vulnerability assessments
  • Access controls and authentication mechanisms
  • Secure database hosting with PostgreSQL
  • Regular automated backups
  • Staff training on data protection

Data is stored on secure servers within the European Union to ensure GDPR compliance.

7. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy. Test data and analysis results are kept for the duration of your account. When you delete your account, all associated data is permanently deleted within 30 days, except where we are required by law to retain certain information.

8. Third-Party Services

We use the following third-party services:

  • AI Providers: Claude (Anthropic), Gemini (Google), Mistral, DeepSeek for test analysis
  • Cloud Storage: Vercel Blob for file storage
  • Authentication: NextAuth.js for secure authentication
  • Hosting: Vercel for application hosting
  • Database: Neon (PostgreSQL) for data storage

These services are GDPR-compliant and process data according to their own privacy policies. We have data processing agreements in place with all third-party processors.

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right to Access: Request copies of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Request limitation of data processing
  • Right to Data Portability: Receive your data in a structured format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time
  • Right to Lodge a Complaint: File a complaint with a supervisory authority

To exercise any of these rights, please contact us at privacy@gradeai.com

10. Cookies and Tracking

We use essential cookies to:

  • Maintain your session and authentication
  • Remember your language preference
  • Ensure security and prevent fraud

We do not use third-party tracking cookies or advertising cookies. You can control cookies through your browser settings.

11. International Data Transfers

Your data is primarily stored and processed within the European Union. If we transfer data outside the EU, we ensure adequate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

12. Children's Privacy

Our service is intended for use by parents and guardians. We do not knowingly collect personal information directly from children under 16. Parents have full control over their children's data through their account and can delete it at any time.

13. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through a prominent notice on our service. Your continued use after such changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact:

Data Protection Officer

GradeAI

Email: privacy@gradeai.com

Supervisory Authority: Your local data protection authority (for EU residents)