FETC Conference Sale! 🎉

Save 25% on all plans for a limited time only

00h00m00s

Security Measures

Last Updated: 01/06/2025

This document outlines the organizational and technical measures implemented by GradeAssist to protect personal data and ensure confidentiality, integrity, and availability of our platform.

This document covers only measures implemented by GradeAssist. Where data is handled by subprocessors, we have separate agreements in place. Please refer to our Subprocessor List for detailed information about these providers and their terms of service.

From time to time, GradeAssist may update these measures to address emerging threats, comply with regulations, or adopt new security standards. Significant updates will be communicated via email to registered users.

Definitions

  • Customer: Any Licensee of the GradeAssist platform.
  • GradeAssist Platform: Software products licensed to the Customer pursuant to a Service Agreement.
  • Personal Data: Information provided or submitted by the Customer or their authorized users in connection with the use of GradeAssist.
  • Personnel: All GradeAssist employees, contractors, and other authorized individuals working on our behalf.

De-identification Process

GradeAssist employs advanced measures to protect sensitive information while enabling the use of AI technologies.

Measures include:

  • AI Service Provider: Azure OpenAI Service, compliant with HIPAA, GDPR, and SOC 2.
  • Data Privacy: Customer data:
    • Is NOT shared with other customers.
    • Is NOT accessible to OpenAI.
    • Is NOT used to train, retrain, or improve foundation models.
  • Data Processing: Sensitive information is processed exclusively within secure Google Cloud infrastructure.
  • Encryption: Data is encrypted at rest and in transit using AES-256 and TLS 1.2+.

Physical Security

GradeAssist data is hosted on Google Cloud data centers with robust physical security measures:

  • Multi-layered security, including perimeter fencing, metal detectors, and biometrics.
  • Custom-designed electronic access cards.
  • All stored data is encrypted at the storage layer using AES-256.
  • Hosting Regions: us-central1 (Iowa), us-central2 (Oklahoma—private region), us-east1 (South Carolina).

System Updates

GradeAssist maintains up-to-date software and infrastructure to prevent vulnerabilities.

Measures include:

  • All operating systems run the latest security patches.
  • Dependencies are reviewed and updated every 6 months.
  • Regular alerts and notifications from vendors are monitored.
  • Personnel devices are maintained with updated software and anti-malware protection.

Data Access

Customer data is accessed only when necessary to provide services.

Measures include:

  • Data is accessed strictly on an as-needed basis.
  • Data is never exfiltrated or moved without customer authorization.
  • Personnel do not share Personal Data with unauthorized parties.
  • Usage data is anonymized for analytics purposes.

Data Transmission

To ensure secure data transmission, GradeAssist employs:

  • TLS 1.2+ and HTTPS for all web traffic.
  • One-time use links for secret sharing, when necessary.

Development Process

GradeAssist follows secure software development practices.

Measures include:

  • Central code repositories (one for the web platform and one for the agent extension).
  • Code contributions require senior engineer approval.
  • Automated CI/CD pipelines prevent downtime.
  • Regular code dependency scanning.
  • Releases are staged and tested before deployment.

Availability and Data Sovereignty

GradeAssist ensures customer data remains accessible and secure.

Measures include:

  • Customers retain ownership of their data.
  • Google Cloud Point-in-Time Recovery enables data restoration within 7 days.
  • Business continuity and disaster recovery plans are in place.

Data Separation

GradeAssist ensures logical separation of customer data.

Measures include:

  • Logical data separation for each customer.
  • Unique secrets and credentials for customer access.
  • Cloud-based storage for user-uploaded files.
  • User data can be securely and permanently deleted.

Incident Management

In the event of a security incident, GradeAssist follows a structured response plan.

Measures include:

  • Detailed Data Breach Response Plan.
  • Immediate deployment of critical updates during incidents.
  • Time-synchronized audit logs for forensic examination.
  • Affected customers are notified without undue delay via registered contacts.
  • Relevant regulatory authorities are notified when applicable.

Contact Information

For security-related inquiries or incident reports, please contact: team@gradeassistai.com

This document reflects GradeAssist's ongoing commitment to data security and privacy. Regular audits and updates ensure compliance with evolving industry standards and regulations.