VelociGrader Privacy Policy Back to Home

Privacy Policy

Last Updated:

Welcome to VelociGrader! This Privacy Policy explains how VelociPan LLC ("we," "us," or "our") collects, uses, and discloses information when you use the VelociGrader "Service." The Service includes our web application, Chrome extension, desktop/Electron integrations, Nest workspace, student submission experiences, and secure backend services running on Google Cloud Platform. VelociPan LLC is a software tool provider. We do not claim FERPA Business Associate status or independent educational service provider compliance obligations unless you have executed a separate Data Processing Agreement or similar written contract with VelociPan LLC.

Our core privacy principle is simple: we do not sell student personal information or student work. Student submission content is processed to deliver grading features and feedback. We retain only the account, licensing, and encrypted credential data needed to operate the Service, plus user-controlled outputs stored in your own Google Drive (for example, grading logs and Nest configuration files).

At a Glance: What We Do and Don't Do

We DO:

  • Access your Google Classroom courses, assignments, and student submissions with your permission, using secure credentials.
  • Send student work to the AI provider you configure (Google Gemini, Groq, or OpenRouter) for grading from our secure backend service.
  • Use Google Cloud DLP to detect/redact personal identifiers before AI calls when available in our environment.
  • Securely store your encrypted AI API key(s) and Google refresh token in our database so our service can function. We cannot view your unencrypted keys.
  • Store your email address and subscription status in our secure database to manage your license.
  • Create logs/results in your own Google Drive (for example, Google Sheets for grading logs and Nest configuration artifacts).
  • Process student data ephemerally (in memory on our server) to facilitate grading.

We DO NOT:

  • Store or save any student names, emails, or submission content on our servers after a grading job is complete.
  • See or store your unencrypted AI API keys or Google credentials. They are always encrypted at rest.
  • Share student data for advertising or marketing purposes.
  • Claim ownership of any data from your Google Classroom or Google Drive.
  • Use student data or submission content to train our own AI models.

1. Information We Collect

To provide the Service, we need to access or collect certain information. We categorize this information as follows:

a) Information You Provide Directly

  • Google Account: To use the Service, you authenticate with your Google Account. When you authorize the application, we store an encrypted refresh token that allows our backend service to access Google APIs on your behalf. We use your Google email address and Google user identifier (sub) to operate licensing and account functionality.
  • AI Provider API Keys: You may provide one or more API keys (Gemini, Groq, OpenRouter). Keys are transmitted to our backend, encrypted using aes-256-gcm, and stored in our secure database. Keys are decrypted only in memory when needed for an API call on your behalf. Certain subscription tiers may include system-managed API key access subject to plan limits.
  • Student Portal Inputs (if enabled by your school/teacher): Student name/email context, assignment responses, uploaded files, and attempt metadata may be processed to accept and grade submissions.

b) Information We Access from Your Google Services (With Your Permission)

When you authorize VelociGrader, you grant our backend service permission to access the following data from your Google Account. This data is processed ephemerally and is not permanently stored on our servers.

  • Google Classroom Data: Your list of courses, assignments (including instructions and rubrics), student rosters (names and emails to identify submissions), and student submissions.
  • Google Drive Data: The content of student-submitted files (e.g., Google Docs, Slides, PDFs, images) and permission to create/read files in your Drive required for features such as grading logs, Nest configuration, and related reports.

c) Information We Store About You (For Licensing)

To manage your subscription and operate the Service, we store a limited amount of information in our secure, developer-controlled Firestore database hosted on Google Cloud.

  • User & License Information: Your Google Email Address, Google User ID (sub), subscription status, plan details, and transaction identifiers from our payment processor.
  • User Credentials (Encrypted): Your encrypted AI API key(s) and encrypted Google Refresh Token.
  • Operational License Metadata: Trial/subscription timestamps, selected feature flags, and temporary lookup/cache records used to reduce repeated license lookups.

d) Information Processed by Third Parties

  • AI Providers (Gemini, Groq, OpenRouter): When you initiate grading, our backend sends relevant student work content, assignment instructions, and rubric details to your selected AI provider for processing. Their handling of data is governed by their terms and privacy policies.
  • Google Cloud DLP: We may use Google Cloud Data Loss Prevention APIs to detect and redact sensitive identifiers before sending content to AI providers.
  • Polar.sh: We use Polar.sh as our payment and subscription management service. Your payment details are provided directly to them. We receive information back (like subscription status) via secure webhooks to update your license.
  • Google Cloud Platform: We use Google Cloud infrastructure (including Firestore and Cloud Functions) to operate authentication, storage, processing, and service security controls.

2. How We Use Your Information

We use the information we collect and access for the following purposes:

  • To Provide and Maintain the Service: To authenticate you, fetch Classroom/Drive data, process submissions, perform AI-powered grading, and return grades/feedback.
  • To Manage Your License: To verify your subscription status and provide access to the Service.
  • To Communicate With You: To respond to your support requests or send important notices about the Service.
  • For User-Controlled Logging: To create and populate files in your Google Drive, including grading sheets and Nest-related artifacts.
  • For Service Reliability and Security: To maintain operational logs, detect abuse, enforce quota and plan limits, and troubleshoot service issues. We do not use student submission content to train our own AI models.

3. How We Share and Disclose Information

We do not sell, rent, or trade your personal information or student data. We only share information in the following limited circumstances:

  • With AI and Safety Services: As described above, student work may be sent to your configured AI provider and may be inspected/redacted through Google Cloud DLP as part of our processing pipeline.
  • With Our Payment Processor: We share your email to facilitate subscription purchases and management with Polar.sh.
  • For Legal Reasons: We may disclose information if required to do so by law or in response to valid requests by public authorities.

4. Data Storage, Security, and Retention

  • Security: We use Google Cloud Firestore to store license information and encrypted credentials. AI API keys and Google Refresh Tokens are encrypted at rest using aes-256-gcm and only decrypted in memory when needed. Certain feature files (such as .dino) may use separate application-level AES-GCM protections.
  • Data Retention: Student submission content is processed for grading workflows and is not retained as a durable student-content datastore in our backend. We retain account/license metadata and encrypted credentials while needed to provide the Service, comply with law, resolve disputes, and enforce terms. Temporary operational cache records may be retained for short periods (for example, TTL-managed lookup caches). Data stored in your own Google Drive (such as grading logs and Nest files) remains under your institution's Google Workspace retention settings.

5. Cookies and Tracking Technologies

Our web experiences primarily rely on Google authentication flows and browser session storage for temporary sign-in state. We do not currently operate a separate first-party advertising cookie program. Third-party services involved in sign-in, hosting, or embedded APIs may set their own cookies or similar technologies subject to their policies. Blocking required cookies or storage may prevent authentication and core features from working.

6. Your Data Rights and Choices

You have control over your information and can make the following choices:

  • Revoke Access: You can revoke VelociGrader's access to your Google Account at any time through your Google Account security settings page. This will invalidate the refresh token stored on our server, and the Service will immediately stop functioning.
  • Manage API Keys: You can update or remove saved AI provider keys from the application's interface.
  • Manage Log Files: You can delete any Google Sheets log files created by the Service directly from your Google Drive.
  • Request Data Deletion: You can request the deletion of your license and all associated encrypted credentials from our database by contacting us via our official support form.
  • Regional Privacy Rights: Depending on your location, you may have rights to request access, correction, deletion, or restriction of processing of personal data, subject to legal exceptions and institutional obligations.

7. Children's Privacy (FERPA & COPPA)

VelociGrader is intended for use by teachers and other authorized educational personnel. Our services are designed to support educational workflow purposes (including assignment processing, grading, and feedback delivery) and are not directed to children for standalone consumer use.

VelociPan LLC Compliance Responsibility Disclaimer: VelociPan LLC is a software tool provider, not a FERPA Business Associate, school official, or educational service provider with independent legal compliance obligations under FERPA, COPPA, or other student privacy laws. We do not warrant that the Service complies with these laws. Compliance depends entirely on (a) your authorization from your school or district to use the Service, (b) proper consents from parents/guardians where required, (c) your school/district's policies and procedures, and (d) your appropriate use of the Service. Schools, districts, and educators are solely responsible for ensuring that their use of VelociGrader complies with all applicable privacy laws and regulations.

We provide privacy-protective technical controls to support compliance efforts, including: encryption of data in transit and at rest, zero-retention AI options (Groq), data minimization practices, and automatic deletion of temporary processing data. However, these technical measures alone do not ensure FERPA or COPPA compliance—your proper authorization, consent documentation, and appropriate use are essential.

Where student-facing submission features are enabled, they operate under teacher/school configuration and control. We do not knowingly collect personal information from children for advertising or unrelated commercial profiling. For questions about FERPA/COPPA compliance in your specific use case, please consult your school/district administration and legal counsel, and contact us via our support form.

8. International Data Transfers

Our services are hosted on Google Cloud Platform, including United States-based infrastructure. If you use the Service from outside the United States, your information may be transferred to, stored, and processed in the United States and other jurisdictions where our subprocessors operate. We take steps designed to protect transferred data consistent with applicable law.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically for any changes.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us via our official support form.