Privacy Policy
Last updated: May 30, 2026
1. Who We Are (Data Controller)
Gradiuz ("we", "us", "our") operates the study platform at gradiuz.com and is the data controller under the EU General Data Protection Regulation (GDPR) and Italian D.Lgs. 196/2003 (Codice Privacy) as amended by D.Lgs. 101/2018. This policy explains what personal data we collect, the legal basis for processing, how we use it, and your rights.
Contact: [email protected]
2. Data We Collect
Account data
Name, email address, and (optionally) a profile image. If you sign in with Google, we receive your name and email from Google.
Content you upload
Documents (PDFs, images) you upload for processing. Text extracted from these documents is sent to our AI provider to generate study materials.
Usage data
Quizzes, flashcard decks, summaries, and study results you create or complete within the Service.
Payment data
Subscription and purchase history. Card details are handled entirely by Polar (our merchant of record) - we never see or store your card number.
Technical data
IP address, browser type, session tokens, and basic analytics (page views and selected product/CTA events via Rybbit, without personal content or account details).
3. Legal Basis and Purpose of Processing
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Provide and operate the Service | Contract performance (Art. 6(1)(b)) |
| Process payments and manage subscriptions | Contract performance (Art. 6(1)(b)) |
| Send transactional emails (verification, password reset) | Contract performance (Art. 6(1)(b)) |
| Comply with legal and tax obligations | Legal obligation (Art. 6(1)(c)) |
| Improve the Service via aggregated analytics | Legitimate interest (Art. 6(1)(f)) |
We do not sell your personal data. We do not use your uploaded documents to train AI models.
4. Third-Party Services
We share data with the following third parties only as necessary to operate the Service:
- Google (Gemini AI) - document text is sent to process AI generations. Google's privacy policy applies.
- Polar - handles payment processing and billing. Acts as merchant of record.
- SendGrid - sends transactional emails on our behalf.
- Rybbit - privacy-friendly analytics for page views and selected product/CTA events; no personal content or account details are shared.
5. Data Retention
We retain your account data for as long as your account exists. If you delete your account, all personal data, content, and study history is permanently deleted immediately. Uploaded files are deleted from our servers after AI processing completes.
Billing records (invoices, transaction history) are retained for 10 years as required by Italian tax law (D.P.R. 633/1972), but only the minimum data required by law is kept after account deletion.
6. Cookies
We use essential cookies for authentication (session token) and preferences (theme). We do not use advertising or tracking cookies.
7. Your Rights (GDPR)
Under GDPR (Articles 15–22) and Italian privacy law, you have the right to:
- Access (Art. 15) - request a copy of your personal data
- Rectification (Art. 16) - correct inaccurate data via Settings
- Erasure (Art. 17) - delete your account and all data via Settings → Delete Account
- Restriction (Art. 18) - restrict processing in certain circumstances
- Portability (Art. 20) - receive your data in a structured format
- Object (Art. 21) - object to processing based on legitimate interests
- Withdraw consent - where processing is based on consent, withdraw at any time
To exercise any right, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Italian data protection authority (Garante per la protezione dei dati personali).
8. Security
We use HTTPS, hashed passwords, and database access controls to protect your data. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.
9. Children
The Service is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us data, contact us and we will delete it.
10. Changes to This Policy
We may update this policy. We will notify you of material changes via email. The "Last updated" date at the top reflects when changes were made.
11. Contact
Privacy questions or requests: [email protected]