Built for schools. Secured for students.
GradingPal is designed from the ground up to meet the privacy and security requirements of K-12 institutions. FERPA and COPPA compliant — and ready to sign a custom Data Processing Agreement for your district.
Compliance you can count on
GradingPal meets the legal standards required to use student data in K-12 settings.
Student education records are handled in full compliance with the Family Educational Rights and Privacy Act.
Children's data is protected in line with the Children's Online Privacy Protection Act.
Our data practices are designed to align with international privacy standards, including GDPR principles.
We sign Data Processing Agreements tailored to your district's legal and procurement requirements — at no extra cost.
How we protect your data
Security practices built into the product from day one.
Encrypted end-to-end
All student data is encrypted at rest and in transit. No plaintext data is ever exposed outside our secure systems.
Data minimization
We only collect what's needed to deliver the service. Student submissions are used solely for grading — never for advertising.
Role-based access
Teachers see only their own classes. Admins see only their school. Access by GradingPal staff is strictly limited and audited.
Reliable infrastructure
Hosted on secure, enterprise-grade cloud infrastructure with automatic backups and redundancy. No student data is stored on personal devices.
Activity logging
Data access and processing events are logged. Admins can request activity reports for any time period.
Incident response
We maintain a documented breach response plan. Affected institutions are notified promptly in line with FERPA and applicable privacy laws.
What we do — and don't do — with student data
We do
- Process submissions to generate AI feedback and scores
- Encrypt all data at rest and in transit
- Restrict access by role — teacher, admin, district
- Delete data on request or at end of contract
- Provide activity logs to admins on request
- Sign Data Processing Agreements with districts
- Notify institutions promptly in the event of a breach
We never do
- Sell student data to any third party
- Use student data for advertising or targeting
- Train AI models on student data without explicit consent
- Share data with unauthorized third parties
- Retain data beyond the agreed retention period
- Store student data on personal or unencrypted devices
- Grant staff access without formal authorization
Getting a DPA signed is simple
Most districts complete a DPA in under a week. We work with your legal and IT teams at no extra cost.
Request a DPA
Fill out the form below or email us with your district name and a procurement contact.
We send a draft
Our team sends a pre-filled DPA within 1–2 business days covering data types, processing purposes, and retention.
Review & redline
Your legal or IT team can redline. We work with your district's standard templates where possible.
Countersign & done
Once both parties sign, GradingPal is formally approved for use in your district.
We work with your district's process
Every district has different procurement requirements. We adapt to your process — whether that means using your template, answering a security questionnaire, or joining a call with your IT team.
Common questions from IT & compliance teams
Ready to get GradingPal approved?
Whether you need a DPA, have security questions, or want to start procurement — we make it easy for IT teams and school leaders.
Get GradingPal approved at your school
Fill out our approval request form. We'll prepare a security brief, DPA, and any documentation your district's procurement process requires.
Start Approval Process- DPA included at no cost
- Response within 1 business day
- Works with your district's process
Have questions? Talk to our team.
Security questionnaire, a call with your IT team, or just a quick question — we're here and respond fast.
Get in TouchDirect contacts
hello@gradingpal.com