GradeGenius

Privacy Policy

Last updated: 24 May 2026

1. Introduction

GradeGenius Ltd ("we", "us", or "our") is committed to protecting the privacy of our users, particularly children who use our educational platform. This Privacy Policy explains how we collect, use, store, and protect your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller: GradeGenius Ltd
Contact Email: [email protected]

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, password, and user type (student/parent)
  • Student Information: Year group, school name (optional), and learning preferences
  • Payment Information: Processed securely through Stripe; we do not store card details
  • Communication: Messages sent to our support team

2.2 Information Collected Automatically

  • Usage Data: Quiz answers, progress, time spent on activities, and performance metrics
  • Device Information: Browser type, device type, operating system, and IP address
  • Cookies: Essential cookies for functionality and optional analytics cookies (see Section 7)

3. How We Use Your Information

We use your personal data for the following purposes:

  • Service Delivery: To provide personalised learning experiences and track progress
  • AI Personalisation: To generate tailored questions and recommendations
  • Account Management: To manage your subscription and communicate about your account
  • Improvement: To analyse usage patterns and improve our service
  • Legal Compliance: To comply with legal obligations and protect our rights

4. Legal Basis for Processing

We process your personal data based on:

  • Contract: Processing necessary to provide our services
  • Consent: Where you have given explicit consent (e.g., marketing emails)
  • Legitimate Interests: To improve our services and ensure security
  • Legal Obligation: To comply with applicable laws

5. Children's Privacy

We take children's privacy seriously. For users under 13 years of age:

  • A parent or guardian must create and manage the account
  • We collect only information necessary for educational purposes
  • We do not serve targeted advertising to children
  • Parents can review, modify, or delete their child's information at any time

For users aged 13-17, we recommend parental involvement in account setup and monitoring.

6. Gradie Talk – Voice Chat Feature

"Gradie Talk" (also known as "Hey Gradie") is an optional voice-enabled AI tutoring feature available to users with eligible subscription plans. This section explains how we handle voice data in compliance with UK GDPR and children's privacy requirements.

6.1 Voice Data Collection

When using Gradie Talk, we collect:

  • Voice Recordings: Audio captured when the user speaks to Gradie
  • Transcriptions: Text versions of spoken questions converted from audio
  • Conversation Context: Previous exchanges within a single session to provide relevant responses

6.2 How Voice Data Is Processed

  • Speech-to-Text: Voice recordings are sent to OpenAI's Whisper API for transcription. Audio is processed in real-time and is not stored by OpenAI beyond the processing request.
  • AI Response Generation: Transcribed text is processed by Anthropic's Claude AI to generate educational responses. No personally identifiable information is included in these requests.
  • Text-to-Speech: Written responses are converted to audio using ElevenLabs' text-to-speech service to provide a natural, engaging voice for Gradie.

6.3 Voice Data Retention

  • Audio Recordings: Voice recordings are processed in real-time and are not permanently stored on our servers. Audio data is discarded immediately after transcription.
  • Transcriptions: Text transcriptions may be temporarily retained during the active session to maintain conversation context, but are cleared when the session ends.
  • Conversation History: By default, voice conversation history is not stored beyond the active session unless explicitly required for educational progress tracking.

6.4 Parental Controls for Voice Features

For child users, parents or guardians have full control over voice features:

  • Opt-In Required: Gradie Talk is disabled by default for all child accounts. A parent must explicitly enable this feature from the Parent Dashboard.
  • Can Disable Anytime: Parents can disable voice chat at any time, immediately preventing their child from using the feature.
  • No Voice Data Without Consent: If voice features are disabled, no audio data is captured or processed.

6.5 Child Safety Measures

  • AI responses are specifically designed for educational purposes and age-appropriate content
  • Gradie is programmed to redirect off-topic or inappropriate queries back to learning
  • No personal data (name, location, school) is requested or stored through voice interactions
  • Voice conversations are not used for advertising or marketing purposes

7. Data Sharing and Third Parties

We share your data with the following third parties:

  • Supabase: Authentication and database hosting (EU servers)
  • Stripe: Payment processing (PCI-DSS compliant)
  • Anthropic: AI processing for educational content generation and Gradie responses
  • OpenAI: Speech-to-text transcription for Gradie Talk voice feature (Whisper API)
  • ElevenLabs: Text-to-speech audio generation for Gradie's voice responses
  • Resend: Transactional email delivery

We do not sell your personal data to third parties. All service providers are bound by data processing agreements and must comply with UK GDPR requirements. For voice-related services (OpenAI and ElevenLabs), we have confirmed their data processing practices do not retain user audio beyond immediate processing requirements.

8. Cookies

We use the following types of cookies:

  • Essential Cookies: Required for the platform to function (authentication, security)
  • Functional Cookies: Remember your preferences and settings
  • Analytics Cookies: Help us understand how you use our service (optional)

You can manage your cookie preferences through our cookie consent banner or your browser settings.

9. Data Retention

We retain your data for the following periods:

  • Account Data: Until you delete your account, plus 30 days for backup recovery
  • Learning Progress: Retained while your account is active
  • Payment Records: 7 years as required by UK tax law
  • Support Communications: 2 years after resolution
  • Voice Data: Not retained; processed in real-time and immediately discarded (see Section 6)

10. Your Rights

Under UK GDPR, you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Request limited processing of your data
  • Portability: Receive your data in a portable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

11. Data Security

We implement appropriate technical and organisational measures to protect your data:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Secure authentication with hashed passwords
  • Regular security assessments and updates
  • Access controls limiting employee access to personal data
  • Incident response procedures for data breaches
  • Voice data transmitted over encrypted connections and not stored after processing

12. International Transfers

Your data may be processed by service providers located outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office (ICO), to protect your data. This includes voice data processed by OpenAI and ElevenLabs, which operate under appropriate data protection frameworks.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through our platform. The "Last updated" date at the top of this policy indicates when it was last revised.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been violated:ico.org.uk

Back to Home