Privacy Policy summary
- We do not run ads in Gradebird, and we do not sell student or instructor data to advertisers.
- We access uploaded educational data only when needed for support, security, abuse prevention, troubleshooting you request, or legal compliance.
- We delete hosted data on request, subject to reasonable constraints.
Detailed privacy policy
- Information we collect: We collect account information such as name, email address, login details, and organization affiliation. We also collect information users choose to upload or create in Gradebird, which may include course rosters, student identifiers, exam content, rubric materials, scanned responses, assessment records, and operational metadata.
- How we use information: We use information to provide and secure the service, authenticate users, support printing and scan workflows, generate assessment candidates, maintain audit history, respond to support requests, prevent abuse, and improve reliability and usability.
- What we do not do: We do not provide an advertising business inside Gradebird, and we do not sell educational records or student submissions to third-party advertisers. We do not use uploaded educational content for unrelated marketing to students.
- Who can access data: Access is primarily controlled by the institution and its authorized users. Limited Gradebird personnel may access data when reasonably necessary for support, debugging requested by the customer, security review, abuse prevention, incident response, or compliance with law.
- Retention and deletion: Gradebird retains data for as long as needed to provide the service, maintain system integrity, preserve audit history, and satisfy legal or operational requirements. When an authorized institution requests deletion, we will work in good faith to delete applicable hosted data within a reasonable timeframe, subject to backup cycles, security logging, and any legal retention obligations.
- Individual instructor responsibility: If an individual instructor chooses to upload non-anonymized student data, that instructor remains responsible for ensuring they have the institutional permission and lawful authority required to do so.
- FERPA and educational compliance: Official U.S. Department of Education FERPA guidance explains that schools may disclose education records without consent to certain contractors or service providers acting as “school officials” when the school has determined they have a legitimate educational interest and the school's own FERPA notice and policies support that use. Gradebird is intended to support that kind of institution-directed workflow when used appropriately.
- Institutional responsibility: Gradebird does not itself determine whether a school has met FERPA's conditions. Each institution remains responsible for deciding whether it may use Gradebird, what contract terms it needs, what notices or consents are required, and whether any local, state, institutional, or international privacy requirements also apply.
- Security posture: We use reasonable administrative, technical, and organizational measures to protect data in our systems. No internet-based service can guarantee absolute security, so institutions should avoid uploading information they are not authorized to process.
- Questions and deletion requests: If your institution needs a privacy review, deletion request, or compliance discussion, please contact us through the demo request workflow so we can route the request appropriately.