GradeSpec is built to help students manage their academic performance with precision and peace of mind.
Learn how we calculate your averages using your university's GPA scale.
How encryption works, your PIN, what we encrypt, and our technical implementation.
GradeSpec calculates your GPA using the grading scale specific to your university. Each university has its own percentage-to-GPA conversion table and credit system — you select your university in Settings, and all calculations automatically use the correct scale.
The formula for Cumulative GPA is the same across all universities:
Courses with higher credit values have a proportionally larger impact on your overall GPA. Supported universities include Western University, UBC, McMaster, Queen's, the University of Toronto, and the University of Waterloo.
The following scale applies to McMaster University students. Other universities use different scales — select one above or set your university in Settings.
| Percentage Range | GPA Value | Letter Grade |
|---|---|---|
| 90% - 100% | 12.0 | A+ |
| 85% - 89% | 11.0 | A |
| 80% - 84% | 10.0 | A- |
| 77% - 79% | 9.0 | B+ |
| 73% - 76% | 8.0 | B |
| 70% - 72% | 7.0 | B- |
| 67% - 69% | 6.0 | C+ |
| 63% - 66% | 5.0 | C |
| 60% - 62% | 4.0 | C- |
| 57% - 59% | 3.0 | D+ |
| 53% - 56% | 2.0 | D |
| 50% - 52% | 1.0 | D- |
| Below 50% | 0.0 | F |
McMaster uses a 12-point GPA scale. The table below shows the equivalent values on a 4.0 GPA scale for each 12-point GPA.
| 12-point | 4.0 scale |
|---|---|
| 12 | 4.00 |
| 11 | 3.90 |
| 10 | 3.70 |
| 9 | 3.30 |
| 8 | 3.00 |
| 7 | 2.70 |
| 6 | 2.30 |
| 5 | 2.00 |
| 4 | 1.70 |
| 3 | 1.30 |
| 2 | 1.00 |
| 1 | 0.70 |
| 0 | 0.00 |
Your grades and course names are sensitive. GradeSpec uses end-to-end encryption so that this data is encrypted on your device before it is sent to our servers. Only a key derived from your PIN can decrypt it — and that key is never stored or transmitted; it exists only in your browser for the duration of your session.
For readers familiar with cryptographic standards: we use PBKDF2 with 100,000 iterations and SHA-256 to derive a 256-bit key from your PIN and salt, and AES-256-GCM for authenticated encryption. A unique IV (initialization vector) is generated per encryption. All operations run client-side via the Web Crypto API; the server never has access to your key or plaintext.
When you enable encryption, you choose a 6-digit PIN. The app generates a random salt and uses it together with your PIN to derive your encryption key. That key is then used to encrypt a verification phrase, which we store so we can confirm your PIN on later logins. We store only the salt and the encrypted verification value — never your PIN or the key. The key is kept in browser memory only while you are using the app.
When you return and enter your PIN, we derive the same key from your PIN and the stored salt, then attempt to decrypt the verification phrase. If decryption succeeds, the PIN is correct and we retain the key in memory for the session. If it fails, we do not unlock; no key is stored.
We encrypt the fields that directly identify your courses and performance. Structural and non-sensitive metadata remain in plaintext so the app can sort, filter, and compute GPA without decrypting every field.
| Encrypted | Plaintext (metadata) |
|---|---|
|
|
On save, sensitive fields are encrypted in your browser and only the ciphertext is sent to our servers. On load, we fetch the encrypted data and decrypt it locally with your key. Our servers never receive or store your plaintext course names or grades.
© 2026 GradeSpec by Andy Liu.