VelociGrader Privacy Policy Back to Home

Privacy Policy

Last Updated:

Welcome to VelociGrader! This Privacy Policy explains how VelociPan LLC ("we," "us," or "our") collects, uses, and discloses information when you use the VelociGrader "Service." The Service consists of our web application, Chrome Extension, and our secure backend services running on Google Cloud Platform, acting as a service provider to your educational institution.

Our core privacy principle is simple: We do not persistently store or sell your students' personal information or their work on our servers. All processing of student data occurs transiently within our backend service during a grading job. The only personal information we retain is related to your VelociGrader license and the secure, encrypted credentials needed to operate the Service on your behalf.

At a Glance: What We Do and Don't Do

We DO:

  • Access your Google Classroom courses, assignments, and student submissions with your permission, using secure credentials.
  • Send student work to Google's Gemini AI for grading from our secure backend service.
  • Securely store your encrypted Gemini API key and Google refresh token in our database so our service can function. We cannot view your unencrypted keys.
  • Store your email address and subscription status in our secure database to manage your license.
  • Create a log of grading results as a Google Sheet in your own Google Drive.
  • Process student data ephemerally (in memory on our server) to facilitate grading.

We DO NOT:

  • Store or save any student names, emails, or submission content on our servers after a grading job is complete.
  • See or store your unencrypted Gemini API key or Google credentials. They are always encrypted at rest.
  • Share your student data with any third parties, other than sending it to Google's AI for evaluation.
  • Claim ownership of any data from your Google Classroom or Google Drive.
  • Use student data or submission content to train our own AI models.

1. Information We Collect

To provide the Service, we need to access or collect certain information. We categorize this information as follows:

a) Information You Provide Directly

  • Google Account: To use the Service, you must authenticate with your Google Account. When you first authorize the application, we securely store an encrypted refresh token that allows our backend service to access Google APIs on your behalf. We use your Google email address as a unique identifier for your VelociGrader license.
  • Gemini API Key: The Service requires you to provide your own API key for Google's Gemini AI. When you enter this key, it is immediately transmitted to our backend, encrypted using strong `aes-256-gcm` encryption, and stored in our secure database. It is only ever decrypted in memory on our server when needed to make an API call to Google's Gemini AI on your behalf.

b) Information We Access from Your Google Services (With Your Permission)

When you authorize VelociGrader, you grant our backend service permission to access the following data from your Google Account. This data is processed ephemerally and is not permanently stored on our servers.

  • Google Classroom Data: Your list of courses, assignments (including instructions and rubrics), student rosters (names and emails to identify submissions), and student submissions.
  • Google Drive Data: The content of student-submitted files (e.g., Google Docs, Slides, PDFs, images) and permission to create Google Sheets files in your Drive for grading logs.

c) Information We Store About You (For Licensing)

To manage your subscription and operate the Service, we store a limited amount of information in our secure, developer-controlled Firestore database hosted on Google Cloud.

  • User & License Information: Your Google Email Address, Google User ID (`sub`), subscription status, plan details, and transaction identifiers from our payment processor.
  • User Credentials (Encrypted): Your encrypted Gemini API Key and encrypted Google Refresh Token.

d) Information Processed by Third Parties

  • Google's Gemini AI: When you initiate grading, our backend service sends the relevant student work content, assignment instructions, and rubric details to the Google Gemini API for processing using your API key. Google's use of data is governed by their API Terms of Service and Privacy Policy.
  • Polar.sh: We use Polar.sh as our payment and subscription management service. Your payment details are provided directly to them. We receive information back (like subscription status) via secure webhooks to update your license.

2. How We Use Your Information

We use the information we collect and access for the following purposes:

  • To Provide and Maintain the Service: To authenticate you, fetch your Classroom data, perform AI-powered grading on our backend, and post grades back to your Classroom.
  • To Manage Your License: To verify your subscription status and provide access to the Service.
  • To Communicate With You: To respond to your support requests or send important notices about the Service.
  • For User-Controlled Logging: To create and populate a Google Sheet in your Google Drive with grading results.
  • For Service Improvement: To analyze aggregate, de-identified usage patterns to improve our Service. This includes data like feature usage frequency or average processing times. This analysis never involves student personal information or the content of their submissions.

3. How We Share and Disclose Information

We do not sell, rent, or trade your personal information or student data. We only share information in the following limited circumstances:

  • With Google's AI Services: As described above, student work is sent from our backend to Google's Gemini API for grading, using your API key.
  • With Our Payment Processor: We share your email to facilitate subscription purchases and management with Polar.sh.
  • For Legal Reasons: We may disclose information if required to do so by law or in response to valid requests by public authorities.

4. Data Storage, Security, and Retention

  • Security: We use Google Cloud Firestore to store your license information and encrypted credentials, which benefits from Google's robust security infrastructure. Your Gemini API key and Google Refresh Token are encrypted at rest using industry-standard `aes-256-gcm` encryption. They are only ever decrypted in memory within our secure backend environment when required.
  • Data Retention: We retain your license and encrypted credential information for as long as your subscription is active. You may request the deletion of your data by contacting us. Data stored in your own Google Drive (such as grading logs) is subject to your own management policies.

5. Cookies and Tracking Technologies

We may use cookies and similar tracking technologies to track the activity on our Service and hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier. We use cookies for essential functions, such as keeping you logged in, and for analytical purposes to help us understand how our Service is used so we can improve it. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

6. Your Data Rights and Choices

You have control over your information and can make the following choices:

  • Revoke Access: You can revoke VelociGrader's access to your Google Account at any time through your Google Account security settings page. This will invalidate the refresh token stored on our server, and the Service will immediately stop functioning.
  • Manage API Key: You can update your saved Gemini API key at any time from the application's interface.
  • Manage Log Files: You can delete any Google Sheets log files created by the Service directly from your Google Drive.
  • Request Data Deletion: You can request the deletion of your license and all associated encrypted credentials from our database by contacting us via our official support form.

7. Children's Privacy (FERPA & COPPA)

VelociGrader is intended for use by teachers and other authorized educational personnel. VelociPan LLC operates as a "school official" (as defined by FERPA) or "service provider" to educational institutions, acting under the direct control and direction of the school/district. Our access to student information via Google Classroom is solely for the purpose of assisting the teacher in their grading workflow.

We do not knowingly collect any personal information directly from children. In compliance with the Children's Online Privacy Protection Act (COPPA), the Family Educational Rights and Privacy Act (FERPA), and other applicable student privacy laws, we rely on the educational institution to obtain any necessary parental consents. We commit to not using student personal information for any commercial purposes.

8. International Data Transfers

Our services are hosted on Google Cloud Platform, and your information is stored in the United States. If you are using the Service from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically for any changes.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us via our official support form.