Privacy Policy

GradeCircle ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (the "Website"), use our strategic decision simulators, consulting and workshop services, applications portfolio, client portal, blog, contact and investor interest forms, and related offerings (collectively, the "Services").

Our Services include: (1) our public Website and content (e.g., service and application pages, blog); (2) contact, consulting, and investor interest submissions; (3) invitation-based client portal access for organizations; and (4) analytics and site functionality that may use cookies and similar technologies in accordance with your preferences. This policy applies to all of these activities.

Please read this Privacy Policy carefully. By accessing or using our Services, you agree to be bound by the terms described in this policy. If you do not agree with our policies and practices, do not use our Services.

2.1 Information You Provide to Us

We collect information that you voluntarily provide when you interact with our Services, including:

• Contact and Inquiry Data: Name, email address, phone number, company, message, interest area (e.g., applications, strategic simulation, consulting, investor), timeline, and similar details when you submit our contact form, consulting form, or investor interest form
• Portal Account Information: When you accept an invitation to our client portal, we store your email, full name, organization association, and role. Account authentication (e.g., sign-in) is handled by our identity provider; we do not store your password
• Professional Information: Company name, job title, industry, and professional background when you provide them in forms or communications
• Communication Data: Information you provide when contacting us through contact forms, email, or other channels
• Service-Related Information: Information you provide when requesting or using our services, including project requirements, feedback, and survey or simulator responses
• User-Generated Content: Comments, reviews, testimonials, or other content you submit to our Website or portal
• Any other information you choose to provide in connection with your use of our Services

We do not collect payment or billing information through the Website for our consulting or simulator services; any payment details are processed by third-party payment processors under their own terms and privacy policies.

2.2 Automatically Collected Information

When you visit our Website or use our Services, we automatically collect certain information about your device, browsing behavior, and usage patterns, including:

• Device Information: IP address, device type, device identifiers, operating system, browser type and version, screen resolution, and language settings
• Location Data: General geographic location derived from your IP address (we do not collect precise GPS location without your explicit consent)
• Usage Data: Pages you visit, time spent on pages, clickstream data, search queries, links clicked, and navigation patterns
• Referral Information: The website or source that referred you to our Website, including search terms used and referring URLs
• Technical Data: Browser plugins, time zone settings, access times, error logs, and performance data
• Cookies and Tracking Technologies: Information collected through cookies and similar technologies, subject to your cookie consent preferences (see our Cookie Policy)
• Analytics Data: When you have consented to analytics cookies, we may collect data about how you interact with our Website and Services (e.g., page views, events) to improve our offerings

2.3 Information from Third Parties

We may also receive information about you from third-party sources, including:

• Social media platforms when you interact with us through social media or use social login features
• Business partners and service providers who assist us in providing our Services
• Public databases and business information services for business contact information
• Event organizers and conference hosts when you attend events where we participate
• Referral partners who direct you to our Services

We use the information we collect for the following purposes:

3.1 Service Delivery and Operations

• To provide, maintain, and improve our Website, simulators, consulting services, applications content, and client portal
• To process contact, consulting, and investor interest submissions and to follow up on your inquiries
• To create and manage your portal account (when you accept an invitation), associate you with your organization, and enforce role-based access
• To authenticate your identity and verify your access to the portal and other protected areas
• To send invitation emails and manage team membership for the client portal
• To provide customer support and respond to your inquiries and requests
• To send service-related communications, such as account updates, security alerts, and administrative messages

3.2 Communication and Marketing

• To send you marketing communications, newsletters, blog updates, and promotional materials (with your consent, which you can withdraw at any time)
• To inform you about new services, features, events, and special offers that may interest you
• To conduct surveys, polls, and gather feedback about our Services
• To communicate with you about partnerships, collaborations, and business opportunities

3.3 Analytics and Improvement

• To analyze usage patterns, trends, and user behavior to improve our Services
• To conduct research and analytics to understand how our Services are used
• To develop new features, products, and services
• To measure the effectiveness of our marketing campaigns and content
• To optimize Website performance, functionality, and user experience

3.4 Security and Legal Compliance

• To detect, prevent, and address fraud, security threats, and unauthorized access
• To protect our rights, property, and safety, as well as that of our users and others
• To comply with legal obligations, court orders, and regulatory requirements
• To enforce our Terms of Service, Privacy Policy, and other agreements
• To investigate potential violations of our policies or applicable laws
• To respond to legal process, government requests, and law enforcement inquiries

3.5 Business Operations

• To manage our business operations and internal processes
• To process payments and manage billing
• To conduct business analytics and reporting
• To facilitate mergers, acquisitions, or other business transactions
• To establish, exercise, or defend legal claims

We do not sell, trade, or rent your personal information to third parties for their marketing purposes. We may share your information in the following limited circumstances:

4.1 Service Providers and Business Partners

We may share your information with trusted third-party service providers who perform services on our behalf, including:

• Hosting, Database, and Authentication: Cloud hosting, database, and identity and authentication services (e.g., Supabase) that power our Website and client portal
• Analytics: Analytics platforms (e.g., Google Analytics), used only when you have consented to analytics cookies
• Communication Services: Email delivery and customer communication platforms
• Payment Processing: If we accept payments through the Website, payment processors and financial institutions (we do not store full payment details)
• Customer Support and Operations: Customer service and business operations tools as needed

These service providers are contractually obligated to protect your information, use it only for the purposes we specify, and comply with applicable data protection laws. They are not permitted to use your information for their own purposes.

4.2 Legal Requirements and Law Enforcement

We may disclose your information if we believe it is necessary or appropriate to:

• Comply with applicable laws, regulations, legal processes, or government requests
• Respond to subpoenas, court orders, or other legal proceedings
• Enforce our Terms of Service, Privacy Policy, or other agreements
• Protect our rights, property, or safety, or that of our users, employees, or others
• Investigate potential violations of our policies or applicable laws
• Prevent or address fraud, security threats, or illegal activities

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred to the acquiring entity or successor organization. We will notify you via email and/or a prominent notice on our Website of any such change in ownership or control of your personal information, as well as any choices you may have regarding your information.

4.4 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing. For example, if you choose to participate in a co-marketing campaign or referral program, we may share your information with our partners as part of that arrangement.

4.5 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you. This may include statistical information about user behavior, usage patterns, and trends. This information helps us and others understand how our Services are used and may be used for research, analytics, and business purposes.

We take the security of your personal information seriously and implement appropriate technical, administrative, and physical security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. Our security measures include:

• Encryption: We use industry-standard encryption technologies (such as SSL/TLS) to protect data in transit and at rest
• Access Controls: We implement strict access controls and authentication mechanisms to ensure only authorized personnel can access your information
• Secure Infrastructure: We use secure, reputable hosting providers and cloud services with robust security measures
• Regular Security Assessments: We conduct regular security audits, vulnerability assessments, and penetration testing
• Employee Training: We provide regular security training to our employees and contractors on data protection best practices
• Incident Response: We have procedures in place to detect, respond to, and mitigate security incidents
• Data Backup and Recovery: We maintain regular backups and disaster recovery procedures to protect against data loss
• Third-Party Security: We carefully vet and monitor third-party service providers to ensure they maintain appropriate security standards

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security. You acknowledge that you provide your personal information at your own risk.

If we become aware of a security breach that may have compromised your personal information, we will notify you and relevant authorities as required by applicable law. We will provide information about the nature of the breach, the types of information that may have been affected, and steps you can take to protect yourself.

Depending on your location and applicable data protection laws (such as GDPR, CCPA, or other regional privacy laws), you may have certain rights regarding your personal information. These rights may include:

6.1 Access and Portability

• Right to Access: You have the right to request access to the personal information we hold about you, including information about how we use and share it
• Right to Data Portability: You have the right to receive a copy of your personal information in a structured, commonly used, and machine-readable format, and to transmit that information to another service provider

6.2 Correction and Deletion

• Right to Rectification: You have the right to request correction of inaccurate or incomplete personal information
• Right to Erasure (Right to be Forgotten): You have the right to request deletion of your personal information in certain circumstances, such as when it is no longer necessary for the purposes for which it was collected

6.3 Processing Restrictions

• Right to Object: You have the right to object to processing of your personal information for certain purposes, such as direct marketing or processing based on legitimate interests
• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal information in certain circumstances
• Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal

6.4 Marketing and Communications

• Opt-Out of Marketing: You can opt-out of receiving marketing communications from us at any time by clicking the "unsubscribe" link in our emails or contacting us directly
• Email Preferences: You can manage your email preferences and choose which types of communications you want to receive
• Do Not Sell: If you are a California resident, you have the right to opt-out of the "sale" of your personal information (as defined under CCPA), though we do not sell personal information

6.5 How to Exercise Your Rights

To exercise any of these rights, please contact us using the information provided in the "Contact Us" section below. We will respond to your request within a reasonable timeframe and in accordance with applicable law. We may need to verify your identity before processing your request to ensure the security of your personal information.

Please note that some of these rights may be limited in certain circumstances, such as when we have a legal obligation to retain your information or when your request would adversely affect the rights and freedoms of others. We will inform you if we are unable to fulfill your request and explain the reasons why.

If you are not satisfied with our response to your request, you may have the right to lodge a complaint with your local data protection authority or supervisory authority.

We use cookies and similar technologies to operate the Website and portal (e.g., session and authentication), to remember your cookie consent preferences, and—only when you have given consent—to analyze how the Website is used (e.g., via Google Analytics). We do not use non-essential cookies or analytics without your consent. Your choices are stored locally (e.g., in your browser or device) and you can change them at any time via our cookie consent banner or settings.

For details on the types of cookies we use, how long they last, and how to manage them, see our Cookie Policy.

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will take steps to delete such information.

GradeCircle is a global company, and your information may be transferred to and processed in countries other than your country of residence, including the United States and other jurisdictions where our service providers operate. These countries may have data protection laws that differ from those in your country, and may not provide the same level of protection for personal information.

When we transfer your personal information across borders, we take appropriate safeguards to ensure your information receives adequate protection in accordance with this Privacy Policy and applicable data protection laws. These safeguards may include:

• Transferring data to countries that have been recognized as providing adequate protection for personal information
• Using standard contractual clauses approved by relevant data protection authorities
• Relying on certification schemes and codes of conduct that provide adequate safeguards
• Implementing additional technical and organizational measures to protect your information

By using our Services, you consent to the transfer of your information to countries outside your country of residence. If you have questions about our international data transfer practices, please contact us using the information provided in the "Contact Us" section below.

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The specific retention period depends on various factors, including:

• The nature and type of information collected
• The purpose for which the information was collected
• Legal, regulatory, and contractual requirements
• Our legitimate business interests
• Whether you have requested deletion of your information

Generally, we retain personal information for the following periods:

• Portal Account Information: For as long as your account is active and you are associated with an organization, plus a reasonable period after account closure for business and legal purposes
• Invitation Tokens: Until the invitation is accepted or expires (e.g., 7 days), after which token data may be retained for a short period for audit purposes
• Contact, Consulting, and Investor Submissions: For the duration of our business relationship and for a reasonable period thereafter to respond to inquiries and maintain records
• Marketing Communications: Until you opt-out or unsubscribe, after which we may retain minimal information to honor your preferences
• Legal and Compliance: As required by applicable laws, regulations, or legal proceedings
• Analytics Data: When collected with consent, in aggregated and anonymized form, which may be retained for analysis; raw analytics data is retained according to our analytics provider's policies

When we no longer need your personal information, we will securely delete or anonymize it using industry-standard methods. However, please note that some information may remain in backup systems for a limited period before being permanently deleted, and we may retain certain information as required by law or for legitimate business purposes.

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: