Legal & Privacy
← Back
Plain-language summary: GradeOS QA is a small internal tool used by an invited group to run quality-assurance evaluations. Your data stays on our Hostinger server and is never sold or shared with third parties.

1. Who we are

GradeOS QA is operated by GradeOS. Contact: hello@gradeos.app.

2. What data we collect

  • Login code & password hash — used to authenticate you. Passwords are hashed with bcrypt; we never store the plain-text version.
  • Display name & role — shown to other participants so answers can be attributed.
  • Your answers — text answers written during a QA session, stored server-side on submission.
  • Element captures / screenshots — HTML snapshots of page elements you choose to attach to answers.
  • Timestamps & session duration — when you started and submitted a test, used for internal analytics only.
  • Inbox read state — which messages you have read, stored server-side.
  • IP address — logged in the audit trail for security purposes (failed logins, account changes).

3. Legal basis for processing

Processing is based on legitimate interest (operating an internal QA evaluation tool for a small, known group) and consent (you were invited and agreed to participate before receiving credentials).

All participants are personally known to the operator and have been individually invited. This platform is not a public service.

4. How long we keep your data

  • Submissions and answers — retained for the duration of the evaluation project, then deleted manually.
  • Account credentials — kept until your account is deactivated and removed.
  • Audit logs — kept for up to 90 days then deleted.

5. Who can see your data

  • GradeOS administrators — full access to all submissions, answers, labels, and member accounts.
  • Other testers — cannot see each other's answers unless explicitly shown in an aggregate review.
  • No third parties — data is not shared, sold, or processed by external services.

6. Where data is stored

All data is stored as JSON files on a web server hosted by Hostinger, a Lithuanian-registered cloud hosting provider with data centres in Europe. No external databases, analytics services, or advertising networks are used. Hostinger's own privacy policy covers infrastructure-level data: hostinger.com/privacy-policy.

7. Your rights (GDPR Art. 15–22)

If you are in the EU, you have the right to:

  • Access — request a copy of all data held about you.
  • Rectification — ask for incorrect data to be corrected.
  • Erasure — ask for your data to be deleted.
  • Restriction — ask for processing to be paused while a dispute is resolved.
  • Portability — receive your data in a machine-readable format (answers exportable as CSV/JSON).
  • Object — object to processing based on legitimate interest.

Contact hello@gradeos.app. Requests handled within 30 days.

8. Cookies & storage

One session cookie to keep you logged in. No tracking, no ads, no third parties.

9. Security

Passwords are hashed with bcrypt. Sessions use HttpOnly, SameSite=Lax cookies. All API endpoints enforce role-based access control. Rate limiting is applied to login attempts.

10. Minors

Participants under 16 confirm at login that a parent or guardian has consented on their behalf. To withdraw or request data deletion, contact hello@gradeos.app.

11. Changes to this notice

If this notice changes materially, participants will be notified via the in-app inbox.

Consent acknowledgement

By using this platform you confirm that:

  • You were personally invited by GradeOS to participate in this QA evaluation.
  • You understand what data is collected and why (Sections 2–3 above).
  • You consent to your answers and usage data being stored and reviewed by GradeOS for internal quality-assurance purposes.
  • You can withdraw at any time by contacting hello@gradeos.app, after which your account will be deactivated and your data deleted on request.

GradeOS QA — Internal tool — Not a public service