Introduction
This Privacy Policy applies to GradeLab Infotech LLP and all services operated under the GradeLab brand. This policy describes how GradeLab collects, uses, shares, and secures the personal data you provide. It also describes your choices regarding use, access, and changes to your personal data.
Data collected through our service will be limited solely to the purpose of providing the service for which you (the Client) have engaged GradeLab. When third-party companies provide related services to support our platform, such as cloud hosting, authentication, or document processing, we ensure that these third-party companies meet our security standards and those of applicable legislation through comprehensive Data Processing Agreements.
We refer to our platform and website collectively as the "Site."
Why we collect personal data
When you create an account with us, or when a student has their work processed by GradeLab, we process personal data (such as name, email address, role, and institution) so that we can correctly administer your account and provide you with the best service experience.
All personal data we process is directly linked to a specific purpose, such as:
- • Grading assignments
- • Processing educational documents
- • Providing authentication services
- • Delivering customer support
Your Control
At any time, you can access, update, rectify or erase any personal data by logging into your account and clicking "Account Settings" or "Privacy Controls," or by contacting Customer Support at info@gradelab.io.
Protecting your data
We endeavor to keep your personal data safe and secure at all times. Personal data is processed in various locations depending on the specific service and your institution's preferences:
Infrastructure Overview
- • Global Infrastructure: Our platform utilizes enterprise-grade cloud infrastructure with data centers in the United States, Europe (EU), and other regions as required
- • Regional Data Residency: European institutions can opt for EU-based data storage and processing, with limited exceptions for certain AI-powered features like handwritten formula recognition
- • India-based Operations: As an India-based company, we maintain operational oversight and compliance from our Ahmedabad headquarters
Security Safeguards
In all cases, we have robust technical and organizational safeguards in place to protect personal data:
- • Encryption: TLS 1.3 for data in transit, AES-256 encryption for data at rest
- • Access Controls: Multi-factor authentication required, role-based access control, and strict authorization policies
- • Continuous Monitoring: 24/7 security monitoring through our compliance platform
- • Regular Audits: Annual SOC 2 Type II audits and quarterly security assessments
Important Security Notice
Passwords are required to access your personal data, so please remember to keep your password confidential. Even with the best security systems, it is impossible to guarantee 100% protection from hackers and unauthorized third parties who capture information provided over public networks.
Document Processing
When a document is submitted to GradeLab, it is processed using our proprietary grading and assessment technology, supported by AI-powered optical character recognition (OCR) for handwritten and scanned content.
Important: GradeLab does not maintain a repository of student papers for comparison purposes. Each institution determines data retention policies through their administrator settings, and we can remove student data from our systems at the request of a school administrator or student (as permitted by institutional policy).
What's most important
Compliance
GradeLab serves a global community of educators and students, whose views on data privacy may differ significantly. Our platform and services, as well as our privacy policies, are regularly audited and inspected by both employees and external consultants to ensure that we meet, and exceed where possible, privacy expectations and requirements.
GradeLab conducts periodic compliance reviews through our Sprinto continuous compliance platform to verify that this Privacy Policy is accurate, comprehensive, prominently displayed, lawful, complete, implemented, and accessible.
Accountability: Any employee who violates this Privacy Policy will be subjected to disciplinary action.
Model Contract Clauses
Where necessary, for data transfers outside the EEA, we utilize the Model Contractual Clauses (Standard Contractual Clauses). In each case, we put in place appropriate technical and organizational measures to protect personal data.
All our third-party service providers—including hosting providers, authentication services, AI processing partners, and customer communication platforms—have executed comprehensive Data Processing Agreements with Standard Contractual Clauses where applicable.
Evolving Legislation
Due to the ever-changing nature of legislation around data privacy, we reserve the right to make lawful changes as needed and recommend that you periodically check this Privacy Policy to see if there have been any new developments or changes.
We continually look for ways to move toward more robust protection. As an India-based company serving global customers, we comply with:
- • Digital Personal Data Protection Act (DPDPA) in India
- • GDPR for European users
- • Other applicable international data protection regulations
Personal data
Because we provide education services, we are vocal advocates for safeguarding student data and privacy and want to make sure that parents, educators, and schools know this. We are committed to protecting the privacy rights of students and educators and maintain GDPR compliance through continuous monitoring and regular audits.
Data We Collect
When an institution's administrator or instructor creates an account with us, we ask for their personal data such as name, email, institution name, and role, so that we can correctly administer their account and provide them with the best service.
Purpose of Data Collection
The type of information we request is connected to a specific purpose, namely to:
- • Verify your identity and connection with a specific institution, to determine your eligibility to use our services
- • Provide secure authentication and access control to the platform
- • Process and grade educational documents and assignments
- • Provide receipt and confirmation of successful document uploads
- • Send important messages about our service, such as any changes to functionality
- • Send system emails, including account setup and password reset information, as well as digital confirmations when you submit assignments
- • Provide additional product and service support as needed
- • Improve our AI-powered grading and document processing features
AI and Document Processing
When you submit documents for grading or assessment, we may use AI-powered services for optical character recognition (OCR), handwriting recognition, and document analysis.
Privacy Guarantee: These AI services process your documents temporarily and in real-time. Documents are held only for the duration necessary for processing and are automatically deleted within 24 hours from AI processing systems. We do not use student documents to train AI models without explicit consent.
Putting You in Control
We always give you the choice to opt out of email communication, with the exception of system emails, such as digital receipts and password reset information.
How to Access or Modify Your Data
At any time, customers may access, correct, change completely or anonymize the personal data that you have provided us by following these steps:
- 1. Log in to your account using your username and password
- 2. Click the "Account Settings" or "Privacy Controls" link to open your user profile and view or make changes to your personal data
- 3. Use the data export function to download your data in machine-readable format (JSON/CSV)
Need Help?
If you have any trouble or would like for us to make changes for you, please email info@gradelab.io.
Our Customer Support can also provide you with information about whether we hold, or process on behalf of a third party, any of your personal data.
Response Time: We respond to requests within 30 calendar days
Exceptional Circumstances
We may disclose your personal data in order to comply with a subpoena, court order, or similar legal process or government request when we are required by law to do so.
If GradeLab is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our website, of any change in ownership, uses of your personal data, and choices you may have regarding your personal data.
We will only disclose your personal data to a third party with your prior consent or as required by law.
Tracking technologies
Cookies
GradeLab and its partners may use cookies or similar technologies to analyze trends, administer the Site, track users' movements around the Site, and gather demographic information about the user base as a whole.
We do not use cookies for profiling or targeted advertising.
You can control whether or not cookies are allowed through your browser. If you choose to disable cookies, it may limit use of certain features or functions of our platform or service.
Social Media Features & Widgets
Our Site may include social media features, such as share buttons or interactive mini-programs. These features may collect your IP address, record which pages you visit on our site, and set a cookie to enable the feature to function properly.
These features and widgets may be hosted by a third party. Your interactions with these features are governed by the privacy policy of the company providing the specific feature.
Ads
No Advertising: We do not serve ads on our site. We do not partner with third parties for advertising based on browsing activities.
Log Files
As is true of most websites, we gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data.
We may combine this automatically collected log information with other information we collect about you. We do this to improve services we offer you, enhance platform security, and improve site functionality.
Retention: Log data is retained for 12-24 months for security and compliance purposes.
Choice
We always give you the choice to opt out of email communication, with the exception of system emails, such as assignment confirmations, grade notifications, and password reset information.
- • You have the opportunity to opt-out of receiving communications from us when we first request your personal data
- • You can opt out of receiving further communications by using the unsubscribe link in our emails or visiting your account privacy settings
- • You can modify your personal data anytime by logging into your account, selecting "Account Settings" or "Privacy Controls," and making changes as desired
RB2B Tracking & Cookies
Overview
GradeLab uses RB2B tracking technologies on our website to enhance user experience, understand visitor behavior, and improve our services. This section provides detailed information about how RB2B tracking works, what data is collected, and your rights regarding this data processing.
What is RB2B?
RB2B (Retention.com) is a tracking and analytics service that helps us understand how visitors interact with our website. It uses cookies and similar technologies to collect information about website usage patterns and visitor behavior.
How RB2B Tracking Works
When you visit or log in to our website, cookies and similar technologies may be used by our online data partners or vendors (including RB2B) to:
- • Track your activities and interactions on our website
- • Associate these activities with other personal information they or others have about you
- • Link your website visits with your email address or other identifiers
- • Provide analytics and insights to improve our services
- • Enable us to send relevant communications and marketing materials
Standard Data Processing Notice
When you visit or log in to our website, cookies and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others have about you, including by association with your email. We (or service providers on our behalf) may then send communications and marketing to these email addresses. You may opt out of receiving this advertising by visiting https://app.retention.com/optout.
Important Clarification
GradeLab, as your service provider, does not directly contact individuals based solely on RB2B data collection. This notice ensures transparency with our website visitors about potential communications from us or our service providers based on information collected through these tracking technologies.
International Company-Level Identification & GDPR
If you are accessing our services from the European Economic Area (EEA), United Kingdom, or other regions with data protection regulations, additional protections apply:
GDPR-Compliant Data Processing Notice
When you visit or log in to our website, cookies and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others have about you, including by association with your email. We (or service providers on our behalf) may then send communications and marketing to these email addresses.
You may opt out of receiving this advertising by visiting https://app.retention.com/optout.
You also have the option to opt out of the collection of your personal data in compliance with GDPR. To exercise this option, please visit https://www.rb2b.com/rb2b-gdpr-opt-out.
Your Privacy Rights & Opt-Out Options
We respect your right to control how your data is collected and used. You have multiple options to opt out of RB2B tracking:
Standard Opt-Out (All Users)
Opt Out of RB2B Tracking
Visit: https://app.retention.com/optout
This will opt you out of receiving advertising and communications based on RB2B tracking data.
GDPR Opt-Out (EU/EEA/UK Users)
GDPR-Compliant Data Collection Opt-Out
Visit: https://www.rb2b.com/rb2b-gdpr-opt-out
This will opt you out of the collection of your personal data in compliance with GDPR requirements.
Additional Opt-Out Methods
- • Browser Settings: Configure your browser to block third-party cookies or disable cookies entirely (note: this may limit website functionality)
- • Cookie Banner: Use our cookie consent management tool to customize your cookie preferences when you first visit our site
- • Account Settings: If you have a GradeLab account, you can manage your privacy preferences in "Account Settings" → "Privacy Controls"
- • Email Us: Contact our Privacy Team at privacy@gradelab.io to request manual opt-out
Data Collected by RB2B
RB2B may collect and process the following types of information:
| Data Category | Examples | Purpose |
|---|---|---|
| Website Activity | Pages visited, time on site, navigation paths | Analytics, user experience improvement |
| Device Information | Browser type, operating system, device type | Technical support, compatibility optimization |
| Geographic Data | IP address location, timezone | Regional service customization |
| Referral Sources | How you found our website | Marketing effectiveness analysis |
| Interaction Patterns | Clicks, scrolls, form interactions | Website usability improvements |
Third Parties
GradeLab works with trusted third-party service providers to deliver our services. These partners are carefully selected and contractually obligated to maintain the same high standards of data protection that we uphold.
Service Providers
We may share your data with the following types of third parties:
- • Cloud Infrastructure Providers: For hosting and data storage
- • Authentication Services: For secure user login and account management
- • AI Processing Partners: For document analysis and grading assistance
- • Communication Platforms: For sending emails and notifications
- • Analytics Services: For website and product usage analysis
All third-party service providers are bound by Data Processing Agreements that include Standard Contractual Clauses where applicable, ensuring your data is protected according to the highest international standards.
Data Sharing
We do not sell, trade, or rent your personal data to third parties for marketing purposes. Data sharing is limited to the purposes necessary to provide our services and is always conducted in compliance with applicable data protection laws.
Security
Security is fundamental to our operations. We employ multiple layers of protection to safeguard your data throughout its lifecycle.
Technical Security Measures
- • Encryption: All data is encrypted in transit and at rest using industry-standard protocols
- • Access Controls: Strict role-based access controls and multi-factor authentication
- • Network Security: Web Application Firewalls and DDoS protection
- • Monitoring: Continuous security monitoring and threat detection
Organizational Security
- • Employee Training: Regular security awareness training for all staff
- • Incident Response: Established procedures for security incidents
- • Audits: Regular security audits and compliance assessments
- • Background Checks: Thorough screening of employees with data access
Security Limitations
While we implement comprehensive security measures, no system is completely immune to threats. We encourage users to maintain strong passwords and report any suspicious activity immediately.
Data Integrity
We are committed to maintaining the accuracy, completeness, and reliability of the personal data we process.
Data Quality
We implement measures to ensure data accuracy:
- • Regular data validation and cleansing processes
- • User verification procedures for account creation
- • Automated checks for data consistency
- • Manual review processes for sensitive data
Data Minimization
We collect only the data necessary for our legitimate business purposes and regularly review our data collection practices to ensure compliance with data minimization principles.
Data Portability
You have the right to receive your data in a structured, commonly used format, and to transmit that data to another controller where technically feasible.
Policy Changes
This Privacy Policy may be updated periodically to reflect changes in our practices, technology, legal requirements, or other factors.
Notification of Changes
When we make material changes to this Privacy Policy, we will:
- • Update the "Last Updated" date at the top of this policy
- • Notify users via email (where applicable)
- • Post prominent notices on our website
- • Provide a summary of key changes
Continued Use
Your continued use of our services after changes to this Privacy Policy become effective constitutes acceptance of the updated policy.
Review Recommendations
We recommend reviewing this Privacy Policy periodically to stay informed about how we protect your data.
Notices
All notices required under this Privacy Policy will be provided in writing and delivered by email or through our platform notification system.
Contact Information
For privacy-related inquiries or to exercise your rights, please contact:
Privacy Team
Email: privacy@gradelab.io
Address: C-1201, Casa Vyoma, Bh Alphaone Mall, Vastrapur, Jodhpur Char Rasta, Ahmedabad, Gujarat, IN 380015
Response Time: We aim to respond to all privacy inquiries within 30 calendar days.
Language
This Privacy Policy is provided in English. In case of any discrepancies between different language versions, the English version shall prevail.
GDPR Compliance
As an organization serving users in the European Economic Area (EEA), we are committed to full compliance with the General Data Protection Regulation (GDPR).
Your GDPR Rights
Under GDPR, you have the following rights regarding your personal data:
- • Right to Information: To be informed about how your data is processed
- • Right of Access: To obtain confirmation that your data is being processed and to access your data
- • Right to Rectification: To have inaccurate data rectified or incomplete data completed
- • Right to Erasure: To have your data erased ("right to be forgotten")
- • Right to Restriction: To restrict processing of your data
- • Right to Data Portability: To receive your data in a structured format
- • Right to Object: To object to processing based on legitimate interests
- • Rights Related to Automated Decision-Making: To not be subject to automated decisions with significant effects
Lawful Basis for Processing
We process your data based on the following lawful bases:
- • Contract: Processing necessary for the performance of a contract
- • Legitimate Interest: Processing necessary for our legitimate business interests
- • Legal Obligation: Processing necessary to comply with legal obligations
- • Consent: Where you have given explicit consent for specific processing
Data Protection Officer
Our Data Protection Officer can be contacted at privacy@gradelab.io for any GDPR-related matters.
International Data Transfers
For data transfers outside the EEA, we implement appropriate safeguards including Standard Contractual Clauses to ensure adequate protection of your data.