Security & data protection

Security and data protection

Who this page is for

This page is written for the person who has to sign gradIQual off — a data protection officer, a network manager, an SLT lead, or a teacher being asked "is this safe?". It sets out plainly what gradIQual is, what it accesses, how that data is protected, and where it is processed, so you can make an informed decision.

If you need anything that isn't here, email security@gradiqual.com .

What gradIQual is

gradIQual is an AI-powered formative feedback system for secondary teachers that turns student work into intelligent feedback and whole-class insights. It works alongside Google Classroom and Google Drive, and it keeps the teacher in control of every piece of feedback before it reaches a student.

What we access

gradIQual signs you in with your Google school account and requests a focused set of Google permissions — only what it needs to read the work you ask it to mark and return your feedback. Each permission is listed below with the reason we request it.

Google permission What it lets gradIQual do
classroom.courses Read and manage the classes you teach, so your courses are available to mark
classroom.rosters Read class rosters, so feedback is matched to the right students
classroom.profile.emails Read student and teacher email identity, so feedback reaches the right person
classroom.coursework.students Read coursework and student submissions, so there is work to mark
classroom.courseworkmaterials Read and create coursework materials connected to an assignment
classroom.topics Read and organise assignment topics
classroom.addons.teacher Operate the gradIQual Classroom add-on surface for teachers
classroom.push-notifications Receive change notifications, so your classes stay in sync without manual refresh
drive Read submitted Drive files and write the feedback documents we return
gmail.send Send transactional and notification email, and email feedback when you choose to

We request these permissions through Google's standard consent screen. You can review or revoke gradIQual's access at any time from your Google account permissions.

How your data flows

Work comes in, gradIQual drafts feedback, you review and approve, and then it's returned — the teacher sits in the middle of the flow, not at the end of it.

Data flow: work in, then AI marking, then teacher review and approval, then return to student

How your data is protected

gradIQual applies defence in depth across its marking and assistant features. There are four layers:

  1. Input safety. Before any student work is used in a prompt, it is checked for prompt-injection and manipulation attempts — instruction-override patterns, role manipulation, attempts to extract system instructions, and hidden characters are detected and stripped.
  2. Output safety. Generated feedback is validated before it is shown — for length anomalies, threatening or violent language, profanity, repetition, and injected instructions — so unsafe output is caught rather than surfaced.
  3. Human-in-the-loop review. Anything the system flags is raised for teacher review, and blocked content is replaced with a safe fallback. The teacher reviews and approves feedback before it reaches a student.
  4. Data minimisation. We minimise personal data at the source. Student names are reduced to a "First L." format and emails are stripped from tool outputs; emails, phone numbers, postcodes, dates of birth, and similar identifiers are scrubbed from inputs; and personal data is redacted from our logs. This is on by default.

In transit, all connections use TLS. At rest, data is stored in Google Cloud's Firestore with default AES-256 encryption, and stored access tokens are additionally encrypted with AES-256-GCM. Access to data is server-mediated and gated by authentication and ownership checks — a teacher can only reach the classes and students they teach.

What we don't do

  • We do not return feedback to students automatically — a teacher reviews and approves first.
  • We do not mark official examinations.
  • We do not sell student or teacher data, and we do not use it for advertising.
  • We do not store raw student work in long-term student profiles; submissions are processed for marking, not retained as a profile of the pupil.
  • We do not store raw personal data in our assistant's audit log — only scrubbed, redacted content.
  • We do not collect geolocation data.

Hosting and processing

Application hosting is in europe-west2; subprocessors and model-processing terms are documented below.

Sub-processors

gradIQual relies on a small set of trusted providers to deliver the service:

  • Google Cloud Platform — application hosting, Firestore data storage, and Google Workspace / Classroom integration.
  • AI model providers — Google (Gemini) and Anthropic (Claude) — to generate feedback from student work. The specific model-processing terms, including international-transfer safeguards, are documented in our Data processing summary and reviewed before processing any real student data.
  • Cloudflare — abuse-prevention for the contact and chat features on this website (see our Cookie policy ).
  • Stripe — payment processing for Pro subscriptions and assessment-paper purchases.

A current, itemised sub-processor list with each provider's role is maintained for schools on request, and forms part of the data processing terms we agree with a school as data controller.

Audit logs and retention

Interactions with the in-app assistant are recorded in a scrubbed audit log that stores only redacted content — never raw personal data — and is automatically cleared after 30 days via Firestore time-to-live policies. Other operational data is retained for the duration of a school's use of the service; retention and deletion terms are set out in our Privacy policy and agreed with the school.

UK GDPR and DfE posture

gradIQual is designed for UK secondary schools and built around UK GDPR principles — lawfulness, data minimisation, purpose limitation, and security by design. In the school relationship, the school is the data controller and gradIQual is a data processor acting on the school's instructions. Because the platform processes data about children, we take the ICO's Age Appropriate Design Code into account in how the product is built and defaulted, and features that process additional student data are gated behind explicit opt-in. We work to the expectations set out for edtech suppliers handling pupil data, and we will complete a school's due-diligence documentation (including the DfE data protection expectations) as part of onboarding.

This is the product's privacy and security posture, not a legal opinion; our Privacy policy and Data processing summary are the formal documents, and they are subject to legal review before launch.

Last updated: 29 May 2026. Questions: security@gradiqual.com .