Legal

Terms of Service and Privacy Policy

Terms of Service

Last Updated: January 23, 2026

1. Acceptance of Terms

By accessing and using GradeSpec ("the Service"), you accept and agree to be bound by the terms and provision of this agreement. If you do not agree to these Terms of Service, please do not use the Service.

2. Description of Service

GradeSpec is a grade management and projection system designed for university students. The Service allows you to track your academic performance, calculate GPAs, and project future grades based on hypothetical scenarios.

3. User Accounts

To use the Service, you must create an account using Google OAuth authentication. You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account.

4. User Responsibilities

You agree to:

  • Provide accurate and complete information when using the Service
  • Use the Service only for lawful purposes
  • Not attempt to gain unauthorized access to the Service or its related systems
  • Not use the Service to violate any applicable laws or regulations
  • Not interfere with or disrupt the Service or servers connected to the Service

5. End-to-End Encryption (E2EE)

GradeSpec implements mandatory End-to-End Encryption (E2EE) using AES-GCM-256 to protect your academic data.

  • Client-Side Encryption: All sensitive data is encrypted and decrypted on your local device. Plaintext grades never leave your browser.
  • Zero-Knowledge: We do not store, transmit, or have any knowledge of your encryption PIN. We cannot access your encrypted data or reset your PIN.
  • User Responsibility: You are solely responsible for remembering your 6-digit PIN. Warning: If you lose your PIN, your encrypted data will be permanently unrecoverable.

6. Transcript Upload and AI Processing

GradeSpec offers an optional transcript upload feature that uses artificial intelligence to automatically extract course data. By using this feature, you acknowledge and agree that:

  • Your transcript PDF is processed in-memory only and is never stored on our servers or any file storage system.
  • Transcript files are sent to Google Gemini AI (Vision) for parsing academic records and structuring them into course data.
  • Once parsed, all extracted data is encrypted on your local device before being imported into your account. We have no access to the structured data once it is stored.
  • You are responsible for reviewing and verifying all extracted data before importing it into your account.
  • GradeSpec is not responsible for any inaccuracies in the AI-extracted data.
  • The transcript upload feature is subject to rate limiting to prevent abuse.
  • You must ensure you have the right to upload and process any transcript files you submit.

7. Limitation of Liability

GradeSpec is provided "as is" without warranties of any kind, either express or implied. Andy Liu (GradeSpec) shall not be liable for any indirect, incidental, special, consequential, or punitive damages resulting from your use of or inability to use the Service.

8. Account Deletion

You may delete your account at any time through the Settings page. Upon account deletion, all your data including terms, courses, components, and grades will be permanently deleted and cannot be recovered.

9. Changes to Terms

We reserve the right to modify these Terms of Service at any time. We will notify users of any material changes by updating the "Last Updated" date at the top of this page. Your continued use of the Service after such modifications constitutes acceptance of the updated terms.

10. Governing Law

These Terms of Service shall be governed by and construed in accordance with the laws of the Province of Ontario, Canada, without regard to its conflict of law provisions.

11. Contact Information

If you have any questions about these Terms of Service, please contact us through LinkedIn at linkedin.com/in/aliu24.

Privacy Policy

Last Updated: January 23, 2026

1. Information We Collect

When you use GradeSpec, we collect the following information:

  • Authentication Data: When you sign in with Google OAuth, we receive your email address and basic profile information (name, profile picture) from Google.
  • Academic Data: You voluntarily provide academic information including terms, courses, course components, grades, credits, and final grades.
  • Transcript Upload Data: When you use the optional transcript upload feature, the following applies:
    • PDF files are processed in-memory only and are never written to disk or stored.
    • Transcript files are sent to Google Gemini AI API (Vision) for analysis and parsing.
    • Parsed course data is encrypted on your local device before being stored in our database.
    • Parsed data is presented to you for review and verification before import.
    • Once imported, only the structured encrypted course data is stored in your account.
    • The original PDF and unencrypted parsed data are immediately discarded after processing.
  • Usage Data: We use Vercel Speed Insights to collect anonymous performance metrics to improve the Service.

2. How We Use Your Information

We use the information we collect to:

  • Provide and maintain the Service
  • Authenticate your account and provide personalized features
  • Calculate and display your grades, GPAs, and projections
  • Improve the performance and reliability of the Service
  • Respond to your inquiries and provide customer support

3. End-to-End Encryption & Security

We employ a Zero-Knowledge security architecture to ensure your grade data remains private even from us:

  • AES-GCM-256: Your course names, components, and grades are encrypted using industry-standard AES-GCM-256.
  • PBKDF2 Key Derivation: Your PIN is used to derive a high-entropy encryption key locally on your device using PBKDF2 with 100,000 iterations.
  • Local Decryption: Your data is stored on our servers in an encrypted format. Decryption occurs only in your browser when you enter your PIN.
  • No PIN Storage: Neither your PIN nor your derived master key is ever sent to our servers or stored on any disk.

4. Data Storage and Third Parties

Your encrypted data is stored using Supabase. We implement appropriate technical measures to protect the database. However, the primary layer of protection is your own client-side encryption.

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

  • With service providers (Supabase, Vercel) who assist in operating the Service, subject to confidentiality obligations
  • When required by law or to protect our rights and safety

6. User Anonymity and Grade Privacy

Your academic data, including grades, courses, and terms, is stored securely and is only accessible through your authenticated account. We cannot and do not view, access, or identify which specific information belongs to which users beyond what is necessary to provide the Service. Your academic information is private to you and is not shared, analyzed, or used for any purpose other than displaying it back to you through your account.

7. Your Rights

You have the right to:

  • Access your personal data at any time through the Service
  • Correct inaccurate or incomplete data
  • Delete your account and all associated data through the Settings page
  • Request a copy of your data
  • Withdraw consent for data processing (by deleting your account)

8. Cookies and Tracking

We use cookies and similar technologies to maintain your session and improve the Service. We use Vercel Speed Insights for performance monitoring, which collects anonymous usage data. You can control cookies through your browser settings.

9. Children's Privacy

GradeSpec is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. By using the Service, you consent to the transfer of your information to these countries, including Canada and the United States (where our service providers operate).

11. Changes to Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last Updated" date at the top of this page. Your continued use of the Service after such modifications constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us through LinkedIn at linkedin.com/in/aliu24.

© 2026 GradeSpec by Andy Liu.