Legal
Data processing summary
Last updated: 4 June 2026
Contents
Data processing summary
Beta — provisional. gradIQual is in early beta. This is a plain-English summary for schools, drawn from our internal data-protection impact assessment, and we are finalising the formal documents with our legal advisers before general release. It supports a school’s due diligence; it is not itself a legal opinion or the binding agreement. The formal documents are our Privacy policy and the data processing agreement we enter into with each school.
Last updated: 4 June 2026
Purpose of this page
This page summarises, in plain terms, how gradIQual processes student data on behalf of schools — what it processes, why, the safeguards in place, and the known areas we are actively addressing. It is written to support a school’s own data-protection due diligence under UK GDPR (as amended by the Data (Use and Access) Act 2025).
Roles
- The school is the data controller for student personal data.
- gradIQual is a data processor, acting on the school’s documented instructions, under a written agreement that includes the processor terms required by UK GDPR Article 28.
What is processed, and why
When a teacher marks work, gradIQual processes:
- Student identifiers (name, email/Google identity) — to attribute and return feedback correctly.
- Student work submitted for marking — to generate feedback and, where applicable, marks.
- Generated feedback and marks — reviewed by the teacher before release.
- Optional learning-profile data (teacher notes, progress notes, recurring themes) — only where a school enables this feature, to personalise feedback over time.
Submitted work is processed to produce feedback; it is not retained as a long-term profile of the student. We do not use student or teacher content to train AI models.
Safeguards
| Area | Measure |
|---|---|
| Data minimisation | Personal data minimised at source; names reduced and emails stripped in assistant outputs; identifiers scrubbed from inputs and logs |
| Encryption | TLS in transit; AES-256 at rest in Firestore; AES-256-GCM for stored access tokens |
| Access control | Authenticated, server-mediated access; teachers can only reach their own classes and students |
| Human review | Teacher approves all feedback before students receive it |
| Content safety | Input and output safety checks on AI processing |
| Audit logging | Operations logged; assistant conversation logs hold only redacted content and clear after 30 days |
| Default-off sensitive features | Features that process additional student data are opt-in |
Sub-processors and transfers
gradIQual uses Google Cloud (hosting and storage in europe-west2), Google (Gemini) and Anthropic (Claude) for AI feedback generation, Stripe (billing), and Cloudflare (website abuse-prevention). We maintain a current sub-processor list, give schools advance notice of any change, and allow them to object.
Where personal data is transferred to sub-processors in the United States, the transfer is made under a valid UK safeguard — the UK Extension to the EU-US Data Privacy Framework (the “UK-US Data Bridge”) where the recipient is certified under it, or otherwise the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, supported by a transfer risk assessment. The current sub-processor list and the specific safeguards (including for AI model processing) are confirmed in the data processing agreement.
Children’s data
All students are minors (ages 11–18). We have regard to the ICO Age Appropriate Design Code (Children’s Code) as it applies to our service, keep additional-data features opt-in, and rely on the school to provide the transparency notice to students and parents for processing carried out on its behalf.
Areas we are actively addressing
In the spirit of honesty, our internal assessment identifies work we are completing before the optional learning-profile feature is enabled with real student data, including:
- a documented subject-access-request process covering any stored profile data,
- automated retention and deletion (on student departure, class archival, and contract termination),
- a per-student opt-out from profiling, and
- a transparency-notice template for schools to adopt.
These are tracked internally and form part of our readiness for any school deployment of the optional feature.
For schools doing due diligence
We provide the information schools need to meet the DfE’s data protection expectations — including the gov.uk “data protection in schools” guidance and the DfE Generative AI product safety expectations — alongside our data processing agreement, an itemised sub-processor list, and our data-protection impact assessment and breach process. Start with our security and data protection page, then get in touch.