Corect.it - Intelligent Grading Assistant

PRIVACY POLICY - CORECT.IT Effective Date: 15.11.25 Last Updated: 15.11.25 1. INTRODUCTION 1.1 About This Policy This Privacy Policy explains how Corect.it. ("Corect.it," "we," "us," or "our") collects, uses, processes, and protects personal data when you use our AI-powered educational grading platform (the "Service"). 1.2 Company Information Data Controller: Corect.it Email: Admin@corect.it Data Protection Officer: Email: Admin@corect.it 1.3 Scope This Privacy Policy applies to: ● Teachers and educational professionals who create accounts ● Educational institutions using our Service ● Students who submit academic work through assignment links ● Visitors to our website 2. LEGAL BASIS AND COMPLIANCE 2.1 Applicable Laws We process personal data in compliance with: ● EU General Data Protection Regulation (GDPR) 2016/679 ● Italian Legislative Decree 196/2003 (Personal Data Protection Code) as amended ● Other applicable Italian and EU data protection legislation 2.2 Data Hosting All personal data is processed and stored within the European Union using Amazon Web Services (AWS) EU-Central-1 (Frankfurt, Germany). No personal data is transferred outside the EU/EEA. 3. INFORMATION WE COLLECT 3.1 Teacher/Institution Account Data When you create a teacher or institution account, we collect: Account Information: ● Full name ● Email address ● Gmail account connection (optional - only if user chooses to enable email functionality) Payment Information: ● Payment processing handled entirely by Stripe Payments Europe Limited ● We do not store credit card or payment details on our servers ● Subscription plan information and status ● Invoice generation handled by Stripe 3.2 Student Submission Data When students submit academic work, we collect: Required Information: ● Student name (freely entered by student) ● Student email address (freely entered by student) ● Academic work content (text, handwritten work, uploaded files) Important: Students do not create accounts. This information is only collected at the point of submission and is required to submit work to teacher dashboards. 3.3 Automatically Collected Data We may collect limited technical information necessary for service functionality: Service Data: ● System performance data (anonymized) ● Error logs and diagnostics (without personal identifiers) Website Analytics: ● Website usage statistics collected through Google Analytics ● Anonymized visitor behavior and traffic patterns ● Browser type and version (anonymized) ● Geographic location data (country/region level only) ● Pages visited and time spent on site Legal Basis: Legitimate interest in maintaining service quality and understanding user needs. You can opt out of Google Analytics tracking through browser settings or Google's opt-out tools. 4. HOW WE USE YOUR INFORMATION 4.1 Primary Purposes We process personal data for the following purposes: For Teachers/Institutions (Legal Basis: Contract Performance & Legitimate Interest): ● Account creation and management ● Providing AI-assisted grading services ● Assignment creation and distribution ● Generating educational analytics and reports ● Customer support and communication ● Subscription management (payment processing handled by Stripe) ● Optional Gmail integration for sending feedback emails to students ● Service improvement and development For Students (Legal Basis: Legitimate Interest in Educational Services): ● Identifying submitted work for proper attribution ● Providing feedback via teacher's connected Gmail account (when teacher uses this feature) ● Ensuring academic integrity and preventing fraud 4.2 Legal Compliance We may process data as required by Italian and EU law for: ● Tax reporting and invoicing obligations ● Regulatory compliance in the education sector ● Response to legitimate legal requests 5. DATA SHARING AND DISCLOSURE 5.1 Limited Sharing We share personal data only in the following circumstances: Payment Processing: ● Financial information shared with Stripe Payments Europe Limited under their Data Processing Agreement ● Only for payment processing and fraud prevention Website Analytics: ● Website usage data shared with Google Analytics (Google Ireland Limited) ● You can control analytics cookies through your browser settings Optional Gmail Integration: ● Teachers may choose to connect their Gmail accounts to send feedback emails to students ● Gmail access is used solely for sending assignment feedback links ● No Gmail data is stored on our servers beyond temporary message composition ● Teachers can disconnect Gmail integration at any time Legal Requirements: ● When required by Italian or EU law ● In response to valid legal process or court orders ● To protect the rights, property, or safety of our users or the public 5.2 What We Don't Do We never: ● Sell personal data to third parties ● Use student data for advertising or marketing ● Share academic content with unauthorized parties ● Transfer data outside the EU/EEA ● Use student data for AI training or improvement (except for grading the specific assignment) 6. DATA RETENTION 6.1 Teacher/Institution Data ● Account Information: Retained during account lifetime plus 7 years for legal/tax compliance ● Assignment Templates: Retained according to account settings or until deletion requested ● Subscription Information: Basic plan status retained; detailed payment records maintained by Stripe 6.2 Student Submission Data ● Academic Work: Deleted within 30 days of assignment deletion or upon teacher request ● Student Names/Emails: Deleted immediately upon teacher request or when assignment is closed ● No Permanent Storage: No student profiles or accounts are maintained 6.3 Early Deletion Teachers can request immediate deletion of any student data at any time. Students or parents can also request deletion by contacting their teacher or us directly. 7. YOUR RIGHTS UNDER GDPR 7.1 Data Subject Rights You have the following rights regarding your personal data: Information Rights: ● Right to Access (Article 15): Request copies of your personal data ● Right to Information: Know how your data is being processed Control Rights: ● Right to Rectification (Article 16): Correct inaccurate or incomplete data ● Right to Erasure (Article 17): Request deletion of your personal data ● Right to Restrict Processing (Article 18): Limit how we process your data ● Right to Object (Article 21): Object to processing based on legitimate interests Portability Rights: ● Right to Data Portability (Article 20): Receive your data in a structured format ● Right to Withdraw Consent: Where processing is based on consent 7.2 Special Rights for Students and Minors ● Enhanced Erasure Rights: Immediate deletion available upon request ● Parental Rights: Parents can exercise rights on behalf of children under 16 ● No Profiling: We do not create profiles or track students across assignments 7.3 Exercising Your Rights How to Contact Us: ● Email our Data Protection Officer: Admin@corect.it ● Include your full name and specify which right you wish to exercise ● For students: Contact your teacher first, or contact us directly Response Time: ● We will respond within 30 days (may be extended by 60 days for complex requests) ● Urgent requests (especially involving minors) will be prioritized 8. DATA SECURITY 8.1 Technical Measures We implement appropriate security measures including: ● Encryption of data in transit and at rest ● Regular security assessments and updates ● Access controls and authentication systems ● Secure data centers within the EU 8.2 Organizational Measures ● Staff training on data protection obligations ● Incident response procedures ● Regular review of data processing activities ● Privacy by design principles in system development 8.3 Data Breach Notification In the event of a data breach: ● We will notify the Italian Data Protection Authority within 72 hours ● Affected individuals will be notified without undue delay if there is high risk ● We will document all breaches and remedial actions taken 9. SPECIAL CONSIDERATIONS FOR EDUCATIONAL DATA 9.1 Student Privacy Protection We recognize the sensitivity of educational data and implement enhanced protections: Minimal Data Collection: ● Only essential information required for assignment submission ● No tracking or profiling across different assignments ● No behavioral analytics on individual students Teacher Responsibilities: ● Teachers must ensure they have legal authority to direct students to use our Service ● Teachers must obtain necessary consents, especially for students under 16 ● Teachers control all aspects of student data processing and deletion ● If using Gmail integration, teachers are responsible for compliance with their institution's email policies Optional Email Communication: ● Teachers may choose to send feedback via their connected Gmail accounts ● Student emails used only for delivering feedback links ● No marketing or promotional emails sent to students ● Students can request to stop receiving feedback emails at any time 9.2 FERPA and International Standards While primarily subject to EU law, we also align with international educational privacy standards where possible. 10. COOKIES AND TRACKING 10.1 Cookie Usage We use cookies for: ● Essential Cookies: Required for basic service functionality (login sessions, form submissions) ● Google Analytics Cookies: To understand website usage 10.2 Analytics We use Google Analytics on our website to understand how users interact with our site. You can control analytics cookies through your browser settings. 10.3 Cookie Control Essential cookies cannot be disabled as they are necessary for service functionality. You can control other cookies through your browser settings. 11. THIRD-PARTY SERVICES 11.1 Payment Processing Stripe Payments Europe Limited: ● Processes subscription payments for teacher/institution accounts ● Subject to Stripe's own privacy policy and security standards ● Data Processing Agreement in place for GDPR compliance 11.2 Infrastructure Provider Amazon Web Services (EU): ● Provides hosting infrastructure within the EU ● Data Processing Agreement in place ● EU data residency guaranteed 11.3 Analytics Provider Google Analytics (Google Ireland Limited): ● Processes website usage data to help us understand how users interact with our site ● You can control analytics cookies through your browser settings 11.4 Email Services (Optional) Gmail API (Google Ireland Limited): ● Used only when teachers choose to connect their Gmail accounts ● Enables sending feedback emails directly from teacher's Gmail account ● Access limited to sending emails only - no reading or storing of Gmail data ● Teachers can revoke access at any time through their Google account settings ● Subject to Google's own privacy policy and security measures ● Data Processing Agreement in place for GDPR compliance 12. UPDATES TO THIS POLICY 12.1 Policy Changes We may update this Privacy Policy to reflect: ● Changes in our data processing activities ● Updates to applicable laws and regulations ● Improvements to our privacy practices 12.2 Notification of Changes Material Changes: ● Email notification to registered users at least 30 days before changes take effect ● Prominent notice on our website ● Continued use of the Service constitutes acceptance of updated policy Minor Changes: ● Updated version posted on website with new effective date ● Changes log available upon request 13. CONTACT INFORMATION 13.1 General Privacy Inquiries Corect.it Email: Admin@corect.it 13.2 Supervisory Authority If you believe we have not addressed your privacy concerns adequately, you can lodge a complaint with: Italian Data Protection Authority (Garante) Website: www.gpdp.it Email: garante@gpdp.it Address: Piazza Venezia 11, 00187 Roma, Italy 14. SPECIFIC NOTICES 14.1 For Students Under 16 If you are under 16 years old: ● Your teacher should have obtained permission from your parents/guardians before directing you to use this Service ● You can ask us to delete your information at any time ● Your parents/guardians can exercise privacy rights on your behalf ● Contact us at Admin@corect.it if you have questions 14.2 For Teachers As the party directing students to use our Service: ● You are responsible for ensuring you have legal authority to process student data ● You must obtain necessary consents, especially for students under 16 ● You control student data retention and can request deletion at any time ● You should inform students about our AI grading system and data processing ● If using Gmail integration, ensure compliance with your institution's email and privacy policies ● You are responsible for obtaining appropriate permissions before sending feedback emails to students 14.3 For Parents/Guardians If your child is using this Service: ● Your child's teacher should have informed you about the Service ● Only your child's name, email, and academic work are collected ● You can request deletion of your child's data at any time ● Contact us at Admin@corect.it for any concerns ________________________________________ By using the Corect.it Service, you acknowledge that you have read and understood this Privacy Policy. Document Version: 1.0 Effective Date: 15.11.2025