Privacy Policy

Last updated: March 2026

GradeView ("the Service") is operated by Sean Hart, doing business as Emergent Instruments ("we," "us," or "our"). This Privacy Policy explains how we collect, use, disclose, and protect information when you use our web application, mobile application, and related services.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Name and email address (via Google OAuth or email/password registration)
• Authentication tokens and session data

1.2 School Portal Credentials

To access grade data on your behalf, you provide us with login credentials for your school district's portals (such as Frontline and BLEND/Canvas). These credentials are:

• Encrypted at rest using AES-256 encryption before storage
• Used solely to authenticate with school portals and retrieve grade data
• Never shared with third parties other than the school portals themselves
• Never stored in plaintext

1.3 Student Education Records

Through the school portal connections you authorize, we collect:

• Student names
• Course names and teacher names
• Assignment names, grades, scores, and due dates
• Grade point averages and class averages
• Missing or incomplete assignment information

1.4 Usage Data

We automatically collect:

• Device type and operating system
• App usage patterns (pages viewed, features used)
• Error logs and performance data
• IP address and approximate location (country/region level only)

2. How We Use Your Information

We use the collected information to:

• Retrieve and display grade data from school portals on your behalf
• Generate AI-powered analysis and insights about academic performance, including trend detection, missing assignment identification, and actionable recommendations
• Match assignments across different school platforms (e.g., Frontline and BLEND)
• Send notifications about grade changes and missing assignments
• Improve and maintain the Service
• Communicate with you about the Service, including support requests

3. AI Processing and Third-Party AI Providers

The Service uses artificial intelligence to analyze grade data and generate insights. To provide this functionality, certain data is sent to third-party AI providers:

• Anthropic (Claude) and OpenAI -- Student grade data, assignment names, course names, and teacher names may be sent to these providers for analysis. We do not send school portal credentials to AI providers.

These AI providers process data according to their own privacy policies and data processing agreements. Data sent for AI analysis is used solely for generating responses and is not used to train AI models (per our agreements with these providers).

4. FERPA Considerations

The Family Educational Rights and Privacy Act (FERPA) protects the privacy of student education records maintained by educational institutions. Important clarifications:

• GradeView is a tool used by parents/guardians to access their own children's grade information. We are not an educational institution or a "school official" under FERPA.
• You, as the parent/guardian, authorize and control the connection to school portals using your own credentials. We access grade data on your behalf, acting as your agent.
• We handle student education data with the same care and security measures that FERPA compliance would require, even though FERPA obligations apply to educational institutions rather than to us directly.
• We do not share student education records with other parents, students, or any third parties except as described in this policy (AI analysis providers, infrastructure providers).

5. COPPA Considerations

The Children's Online Privacy Protection Act (COPPA) governs the collection of personal information from children under 13.

• GradeView is designed for use by parents and guardians, not by children directly. Only parents/guardians create accounts and access the Service.
• While the Service processes data about minors (students), this data is provided and controlled by the parent/guardian account holder.
• We do not knowingly collect personal information directly from children under 13. If we learn that we have collected information directly from a child, we will delete it promptly.

6. Data Storage and Security

6.1 Infrastructure

Your data is stored and processed using the following infrastructure:

• Database: PostgreSQL hosted by Supabase (cloud-hosted, with row-level security policies)
• Backend API: Hosted on Railway
• Web Application: Hosted on Vercel
• Mobile Application: Distributed via Apple App Store (iOS)

6.2 Security Measures

• School portal credentials are encrypted using AES-256 before storage
• All data in transit is encrypted via TLS/HTTPS
• Database access is protected by row-level security policies
• Authentication is handled via Supabase Auth with support for OAuth and email/password
• Access to student data is controlled by a per-student access control model
• Content Security Policy (CSP) headers, HSTS, and other HTTP security headers are enforced

7. Third-Party Services

We use the following third-party services that may process your data:

• Supabase -- Authentication, database hosting, and real-time services
• Google -- OAuth authentication provider
• Anthropic -- AI analysis (Claude)
• OpenAI -- AI analysis
• Railway -- Backend API hosting
• Vercel -- Web application hosting and deployment
• Apple -- Mobile app distribution (App Store) and push notifications (via Expo)
• Expo -- Mobile app build and notification services

Each of these services has its own privacy policy governing how they process data. We encourage you to review their policies.

8. Cookies and Local Storage

The Service uses:

• Authentication cookies -- Essential cookies set by Supabase to maintain your login session. These are strictly necessary for the Service to function.
• Local storage -- Used by the mobile app to cache session tokens and user preferences.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

9. Data Retention and Deletion

• Active accounts: Your data is retained for as long as your account is active and you maintain an active connection to school portals.
• Account deletion: You may request deletion of your account and all associated data by contacting us. Upon request, we will delete your account data, including stored school credentials, student records, and analysis data, within 30 days.
• Backup retention: Encrypted backups may persist for up to 90 days after deletion as part of standard infrastructure backup procedures.

10. Your Rights

You have the right to:

• Access your personal data and student data stored in the Service
• Correct inaccurate information in your account
• Delete your account and all associated data
• Disconnect school portal credentials at any time
• Export your data in a portable format (upon request)
• Withdraw consent by discontinuing use of the Service

To exercise any of these rights, please contact us at the address below.

11. Data Sharing

We do not sell your personal information or student data. We share data only:

• With AI providers as described in Section 3, solely for generating analysis
• With infrastructure providers as necessary to operate the Service
• If required by law, regulation, or legal process
• To protect the rights, safety, or property of our users or the public

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

• Email: privacy@heymomedu.com
• Website: heymomedu.com