Gradiuz
Get Started

Privacy Policy

Last updated: May 30, 2026

1. Who We Are (Data Controller)

Gradiuz ("we", "us", "our") operates the study platform at gradiuz.com and is the data controller under the EU General Data Protection Regulation (GDPR) and Italian D.Lgs. 196/2003 (Codice Privacy) as amended by D.Lgs. 101/2018. This policy explains what personal data we collect, the legal basis for processing, how we use it, and your rights.

Contact: [email protected]

2. Data We Collect

Account data

Name, email address, and (optionally) a profile image. If you sign in with Google, we receive your name and email from Google.

Content you upload

Documents (PDFs, images) you upload for processing. Text extracted from these documents is sent to our AI provider to generate study materials.

Usage data

Quizzes, flashcard decks, summaries, and study results you create or complete within the Service.

Payment data

Subscription and purchase history. Card details are handled entirely by Polar (our merchant of record) — we never see or store your card number.

Technical data

IP address, browser type, session tokens, and basic analytics (page views via Rybbit).

3. Legal Basis and Purpose of Processing

PurposeLegal basis (GDPR Art. 6)
Provide and operate the ServiceContract performance (Art. 6(1)(b))
Process payments and manage subscriptionsContract performance (Art. 6(1)(b))
Send transactional emails (verification, password reset)Contract performance (Art. 6(1)(b))
Comply with legal and tax obligationsLegal obligation (Art. 6(1)(c))
Improve the Service via aggregated analyticsLegitimate interest (Art. 6(1)(f))

We do not sell your personal data. We do not use your uploaded documents to train AI models.

4. Third-Party Services

We share data with the following third parties only as necessary to operate the Service:

  • Google (Gemini AI) — document text is sent to process AI generations. Google's privacy policy applies.
  • Polar — handles payment processing and billing. Acts as merchant of record.
  • SendGrid — sends transactional emails on our behalf.
  • Rybbit — privacy-friendly analytics (page views only, no personal data shared).

5. Data Retention

We retain your account data for as long as your account exists. If you delete your account, all personal data, content, and study history is permanently deleted immediately. Uploaded files are deleted from our servers after AI processing completes.

Billing records (invoices, transaction history) are retained for 10 years as required by Italian tax law (D.P.R. 633/1972), but only the minimum data required by law is kept after account deletion.

6. Cookies

We use essential cookies for authentication (session token) and preferences (theme). We do not use advertising or tracking cookies.

7. Your Rights (GDPR)

Under GDPR (Articles 15–22) and Italian privacy law, you have the right to:

  • Access (Art. 15) — request a copy of your personal data
  • Rectification (Art. 16) — correct inaccurate data via Settings
  • Erasure (Art. 17) — delete your account and all data via Settings → Delete Account
  • Restriction (Art. 18) — restrict processing in certain circumstances
  • Portability (Art. 20) — receive your data in a structured format
  • Object (Art. 21) — object to processing based on legitimate interests
  • Withdraw consent — where processing is based on consent, withdraw at any time

To exercise any right, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Italian data protection authority (Garante per la protezione dei dati personali).

8. Security

We use HTTPS, hashed passwords, and database access controls to protect your data. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

9. Children

The Service is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us data, contact us and we will delete it.

10. Changes to This Policy

We may update this policy. We will notify you of material changes via email. The "Last updated" date at the top reflects when changes were made.

11. Contact

Privacy questions or requests: [email protected]