← Back to Rubrica

Privacy Policy

Last updated: May 1, 2026

At a glance
  • Files auto-delete in 3 hours. Your uploaded brief, rubric, and draft are removed automatically after the feedback pass - no manual review, no exceptions.
  • Your draft is never used to train AI.We do not feed your work into any model - ours or anyone else's.
  • Your work stays yours. We never sell, share, or republish what you upload.

The full policy below has the legal detail.

Rubrica ("we", "us", "our") operates rubrica.app. This policy explains what data we collect, how we use it, and your rights.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and password (stored as a bcrypt hash - we never store your plain-text password).

At signup we also log device and origin signals: your IP address, approximate location (country, region, city) derived from that IP, browser user-agent, language preference, referrer, landing page, UTM parameters, screen size, and timezone. We use these for fraud and abuse prevention, product analytics, and marketing attribution. They are stored against your account and deleted when your account is deleted.

Uploaded Content

When you use our service, you upload assignment briefs, rubrics, and your work. These files sit in encrypted, temporary working storage only while the feedback pass runs. They are not retained for general training, model fine-tuning, or any secondary purpose. See section 5 for the exact retention window.

Payment Information

Payments are processed by a PCI-compliant payment provider. We do not store your credit card number, CVV, or full card details. All payment data is handled securely by our payment processor under their own privacy policy.

Usage Data

We collect basic usage data including pages visited, features used, and transaction history to improve our service.

2. How We Use Your Data

  • To provide rubric-based feedback on your uploaded work
  • To process payments and manage your wallet balance
  • To send transactional emails (verification codes, receipts)
  • To improve our service and fix bugs
  • To prevent fraud and abuse

3. Third-Party AI Processing

To generate feedback, your uploaded documents are sent to leading third-party AI providers for processing. These providers run the model that produces your rubric-aware feedback. We choose providers whose enterprise API terms explicitly prohibit training on customer data; institutional buyers can request the specific list under NDA via our contact page.

No training, no retention beyond the call. We use these providers under their enterprise API terms, which means:

  • Your draft and rubric are sent for the feedback pass only.
  • The provider does not use your content to train, fine-tune, or improve their models.
  • We do not authorise the provider to retain your content beyond what is required to return a response.

We recommend you do not upload documents containing sensitive personal information that isn't needed for grading (e.g. student IDs, addresses, medical information).

4. Third-Party Services

We use trusted third-party services to operate our platform:

  • AI providers - processing your submissions to generate rubric-based feedback
  • Payment processor - securely handling payments (PCI-compliant)
  • Email service - sending transactional emails (verification, receipts, notifications)
  • Cloud storage - securely storing your uploaded files
  • Database provider - storing your account and feedback data
  • Hosting provider - serving the application

All third-party providers are selected for their security standards and compliance certifications. Your data is transmitted over encrypted connections (TLS) at all times.

5. Data Retention

  • Uploaded files (briefs, rubrics, drafts): Auto-deleted within 3 hours of the feedback pass completing. A scheduled sweep removes them whether or not you do anything - no manual review, no exceptions.
  • Feedback results: Stored against your account so you can revisit, revise, and re-run. Delete any time from your dashboard; account deletion removes them all.
  • Account data: Retained as long as your account is active. Deleted within 30 days of account deletion (longer only where law requires).
  • Transaction history: Retained for the period required by tax and accounting law in your jurisdiction.

No model training, ever. Your uploaded files and feedback are not used - in whole or in part - to train, fine-tune, or evaluate any AI model, including ours. We do not maintain a training corpus of student work.

6. Your Rights

You have the right to:

  • Access your personal data
  • Delete your account and associated data
  • Export your feedback and transaction history
  • Correct inaccurate personal information
  • Withdraw consent for data processing at any time

To exercise these rights, contact us at [email protected].

7. Cookies

We use essential cookies for:

  • Authentication: A secure HTTP-only cookie to keep you signed in
  • Session management: To maintain your session state

We do not use advertising or tracking cookies.

8. Children's Privacy

Rubrica is not intended for children under 13. We do not knowingly collect data from children under 13. If you believe a child under 13 has provided us with personal information, please contact us.

9. Data Security

We implement industry-standard security measures including encrypted connections (HTTPS), hashed passwords (bcrypt), secure HTTP-only cookies, rate limiting, and input validation. However, no method of transmission over the internet is 100% secure.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes by posting a notice on our website or sending you an email.

11. Contact

Questions about this policy? Contact us at [email protected].