Privacy Policy
Last updated: May 2026 | Version 1.1
Summary: Graduo is an AI-powered educational app. We collect only the data needed to provide the service, protect it under GDPR, and never sell personal data.
1. Data controller
General contact: contact@graduo.app
Privacy contact: privacy@graduo.app
Operator: Graduo (entity in formation, France)
Hosting provider: Firebase / Google Cloud Platform, Google Ireland Limited, Dublin 4, Ireland.
2. Data we collect
- Account data: email address and display name.
- Profile data: optional picture, study level, age range, and language preferences.
- Learning content: roadmaps, quizzes, flashcards, notes, uploaded documents, homework sessions, and AI conversations.
- Technical data: device type, OS version, app version, crash logs, security events, and anonymized analytics.
We do not collect precise geolocation, contact lists, biometric data, health data, or payment card numbers.
3. Legal basis and purposes
| Data | Purpose | Legal basis |
|---|---|---|
| Account and progress | Provide the educational service | Contract |
| AI prompts and outputs | Generate personalized learning content | Contract |
| Analytics and crash logs | Improve reliability and security | Legitimate interest |
| Marketing emails | Send optional product news | Consent |
| Billing identifiers | Manage subscriptions and tax obligations | Contract / legal obligation |
4. AI processing
Important: Graduo uses AI providers, including Google Gemini, to generate educational content. AI can make mistakes, so important information should be checked.
- We do not use your data to train third-party AI models.
- We minimize and protect prompts sent to AI providers.
- You can report incorrect or inappropriate AI output from the app or by email.
5. Sharing, transfers, and retention
We do not sell personal data. We share data only with service providers needed to operate Graduo, such as Firebase, Google Gemini, RevenueCat, Apple, Google Play, Sentry, and email delivery providers.
Data may be transferred outside the European Economic Area under appropriate safeguards, including the EU-US Data Privacy Framework and Standard Contractual Clauses when applicable.
| Data | Retention |
|---|---|
| Account data | Account lifetime plus up to 3 years |
| Learning progress | Account lifetime plus 30 days after deletion request |
| Billing records | Up to 7 years when legally required |
| Analytics | Anonymized or deleted after 14 months |
| Crash reports | Up to 90 days |
6. Your rights
Under GDPR, you can request access, rectification, deletion, restriction, portability, objection, withdrawal of consent, and human review of automated decisions. We respond within 30 days.
You can also lodge a complaint with the CNIL at www.cnil.fr.
7. Security, children, and cookies
- Data is protected in transit with HTTPS/TLS and at rest with managed cloud encryption.
- Backend calls use authentication, App Check, rate limits, and abuse monitoring.
- Graduo is intended for users aged 13+; in France and some EU countries, users under 15 may need parental consent.
- The mobile app does not use cookies. The website may use essential and analytics cookies subject to consent.
8. Contact and account deletion
For privacy requests or account deletion, contact privacy@graduo.app or use the dedicated deletion page.
General contact: contact@graduo.app
Support: support@graduo.app
Privacy contact: privacy@graduo.app
Operator: Graduo (entity in formation, France)
© 2026 Graduo. All rights reserved.