Privacy Policy

1. Data Controller

GradeBuilder SL
C. Coronel Ivorra Ruiz 7, 1, 30720 San Javier, Murcia, Spain
Email: org@gradebuilder.tech
Phone: +34 622 448 805

2. Data We Collect

• Account data: email, name, password (hashed), locale
• Learning data: progress, quiz answers, XP, achievements
• AI mentor data: conversation history, memory graph (can be deleted by you)
• Usage data: login history, IP addresses, device information
• Payment data: processed by Stripe (we don't store card numbers)

3. Legal Basis (GDPR Art. 6)

• Contract: providing the learning platform you signed up for
• Consent: marketing emails, analytics cookies
• Legitimate interest: security monitoring, fraud prevention
• Legal obligation: payment records (7 years, Spanish tax law)

4. Your Rights (GDPR)

• Access (Art. 15): View your data in Settings → Privacy
• Portability (Art. 20): Download all your data as JSON
• Erasure (Art. 17): Delete your account (30-day grace period)
• Rectification (Art. 16): Edit your profile anytime
• Withdraw consent: Manage in Settings → Privacy

5. Data Processors

• Stripe: Payment processing (USA, EU Standard Clauses)
• OpenAI / DeepSeek: AI course generation and mentor (data processing agreements in place)
• Cloudflare: CDN and DDoS protection (EU)

6. Data Retention

• Account data: until deletion + 30 days grace period
• Payment records: 7 years (Spanish tax law, Ley 58/2003)
• Login history: 1 year
• Security events: 2 years

7. Contact & Complaints

Email: org@gradebuilder.tech
You may also file a complaint with the Spanish Data Protection Agency (AEPD): www.aepd.es