Privacy Policy

Last updated: May 5, 2026

1. Introduction

At GRIT ("we," "our," or "us"), we are committed to protecting the privacy of our users, especially students. This Privacy Policy explains how we collect, use, and safeguard personal information in compliance with COPPA (Children's Online Privacy Protection Act),FERPA (Family Educational Rights and Privacy Act), andGDPR (General Data Protection Regulation).

2. COPPA Compliance (Users Under 13)

GRIT is designed for educational use. For users under the age of 13, we requireverifiable parental consent before collecting any personal information. We do not collect more information from children than is reasonably necessary to participate in our educational activities. Parents have the right to review, delete, or refuse further collection of their child's data at any time.

3. Information We Collect

  • Account Information: Name, email address, school affiliation, and birth year.
  • Educational Data: Course enrollments, assignments, grades (via LMS sync), and study habits.
  • AI Interactions: Text submitted for "Brain Dumps," queries to the AI Tutor, and generated study materials.
  • Telemetry: Device information and app usage statistics (subject to consent).

4. How We Use Your Data

We use the collected data to:

  • Provide personalized AI-driven study recommendations.
  • Analyze learning patterns to improve educational outcomes.
  • Ensure a safe and secure environment for all students.

5. FERPA and Educational Records

We act as a "school official" under FERPA when providing services to educational institutions. We protect "personally identifiable information" (PII) from students' education records and only share it with authorized school personnel or as directed by the school.

6. Data Retention and Deletion

We retain student data only for as long as necessary to fulfill educational purposes or as required by school contract. Schools may configure automated data retention policies to purge data after a set period of inactivity. Users may request account and data deletion at any time directly within the app settings, or by submitting a deletion request to help@grit.bot.

7. Third-Party Subprocessors

We use trusted third-party services to provide our platform, including:

  • Google Firebase: Backend infrastructure and authentication.
  • Google Gemini API: AI processing and content generation.
  • Stripe: Payment processing (for institutional subscriptions).
  • RevenueCat: In-app subscription management.
  • Daily.co: Real-time video/audio infrastructure.
  • Google Analytics: Usage telemetry and analytics.
  • Google reCAPTCHA Enterprise: Security and anti-abuse protection.
  • Apple Sign-In: Secure authentication provider.
  • Sentry: Application monitoring and error tracking. Diagnostic data is used to improve stability; all personally identifiable information (PII) such as emails are redacted before transmission.

8. Contact Us

If you have questions about this policy or wish to exercise your data rights, please contact us at:help@grit.bot