How we handle your data.
Last updated: May 8, 2026
Scorae is a grading assistant for teachers. We need your email to give you an account, and we send the student work you choose to grade through an AI service to generate feedback. We do not save grading history. We do not sell data. We do not track you across the web. Once a grade is returned to you, the student work is gone from our systems. The full policy below explains the details.
1. Who we are
Scorae is operated by Professor C’s Academy LLC. When this policy says “we,” “us,” or “our,” it means Professor C’s Academy LLC. When it says “you” or “your,” it means a teacher, instructor, tutor, or other educator using Scorae.
This policy describes how the Scorae Chrome extension and related services (collectively, the “Service”) collect, use, and share information. Other products operated by Professor C’s Academy LLC are governed by their own separate policies.
2. What we collect
Account information
When you sign up for Scorae, we collect:
- Your email address — used to create your account, verify your identity, and send service-related messages (password resets, receipts, account notices).
- A password — never stored in plain text. We store only a one-way bcrypt hash, which cannot be reversed back into your original password.
- Authentication tokens (JWTs) — created when you log in and stored on your own device so you don’t have to log in repeatedly.
Student work you submit for grading
When you ask Scorae to grade a piece of student work, that content is sent through our backend to an AI service for analysis. This may include:
- Text you select on an LMS page
- Documents you paste in (Word, PDF, plain text)
- Screenshots you capture of student work
We do not retain this content. Once the AI returns a grade and feedback, the student work is discarded from our systems. We do not store grading history — not in our database, not in your browser’s storage, and not in any backup. This is intentional. It is the single firmest commitment in this policy.
Preferences
To keep your experience consistent across sessions, we store a small set of preferences locally on your device and in our database: your default rubric, feedback tone, dark mode setting, and rubric lock state. These never include student work or anything personally identifiable about your students.
Subscription and payment information
If you subscribe to a paid plan, we collect:
- Your subscription status (free, trial, or paid)
- Your selected plan (monthly, school year, or annual)
- Renewal and cancellation dates
Credit card numbers and other payment details are never seen or stored by us. They are handled entirely by Stripe, our payment processor (see “Subprocessors” below).
What we do NOT collect
- We do not track which web pages you visit.
- We do not record your mouse movements, keystrokes, or clicks.
- We do not collect location data, device fingerprints, or browser history.
- We do not collect data about your students (their names, IDs, demographics, or grades) beyond what may incidentally appear in the work you submit for grading — and even that is discarded immediately after analysis.
- We do not use advertising trackers or third-party analytics scripts on the extension itself.
3. How we use what we collect
We use the data above only to:
- Create and maintain your account
- Authenticate you when you log in
- Process the student work you submit for grading and return feedback
- Apply your saved preferences (rubric defaults, tone, etc.) to new grading sessions
- Process subscription payments and manage your plan
- Send necessary service messages (password resets, receipts, important account notices)
- Diagnose technical issues and prevent abuse of the Service
We do not use your data to train AI models. We do not use it for advertising. We do not analyze it to build profiles about you.
4. Subprocessors
Scorae depends on a small number of trusted third-party services to operate. These are our subprocessors. Each one handles a specific part of the Service and is bound by their own privacy policies.
| Service | Purpose | What they receive |
|---|---|---|
| Anthropic | AI model that generates feedback and scores | The student work you submit, your selected rubric, and your tone preference. Anthropic does not retain this content for training. |
| Stripe | Payment processing for subscriptions | Your email, payment card details, and billing address. We never see your card details. |
| Resend | Sending email (password resets, receipts) | Your email address and the contents of the email being sent. |
| Supabase | Database hosting | Your account information, hashed password, preferences, and subscription status. |
| Fly.io | Hosting our backend servers | The data above passes through Fly.io infrastructure; not stored persistently. |
| Netlify | Hosting our marketing website (scorae.com) | Standard web server logs (IP address, browser user agent) for security and performance. |
We review our subprocessors before integrating them and again periodically. We add or change subprocessors only when there is a clear product reason to do so. If we add a new one that materially affects how your data is handled, we will update this policy and the “Last updated” date.
5. Where data is processed and stored
Our backend is hosted on Fly.io infrastructure in the United States. Our database is hosted on Supabase in the United States. Anthropic processes AI requests in the United States. Email is sent via Resend in the United States.
If you are accessing Scorae from outside the United States — including from the European Economic Area, the United Kingdom, or other regions — your information will be transferred to and processed in the United States. By using Scorae, you consent to this transfer.
6. How long we keep your data
- Student work: Discarded immediately after grading. Not retained.
- Account information: Retained for as long as your account is active. Deleted on request (see “Your rights” below).
- Subscription records: Retained for the duration of your subscription plus the period required by accounting and tax law (typically 7 years for financial records).
- Server logs: Retained for up to 30 days for security and debugging purposes, then deleted.
7. Your rights
You can ask us to do any of the following at any time, by emailing professorcacademy@gmail.com:
- Access a copy of the personal information we hold about you
- Correct information that is inaccurate or out of date
- Delete your account and the personal information associated with it
- Export your account information in a portable format
- Withdraw consent for processing where applicable
We will respond to verified requests within 30 days. We may need to keep certain information after deletion if we are legally required to (such as financial records for tax purposes).
If you are in the European Economic Area, United Kingdom, or Switzerland
You have the rights described above under the General Data Protection Regulation (GDPR) and equivalent UK and Swiss laws. Our legal basis for processing your data is (a) the contract you enter into with us when you sign up for Scorae, (b) our legitimate interest in operating and securing the Service, and (c) your consent for any optional features. You also have the right to lodge a complaint with your local data protection authority.
If you are in California
Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), you have the rights described above plus the right to opt out of any “sale” or “sharing” of your personal information. We do not sell or share your personal information for cross-context behavioral advertising or any other purpose, so there is nothing to opt out of. California residents can also designate an authorized agent to make requests on their behalf.
8. Children’s privacy
Scorae is built for educators, not for children. We do not knowingly create accounts for users under 18. The Service is intended to be used by teachers, who in turn grade work produced by their students.
While student work may be submitted to the Service by a teacher, we treat that work as ephemeral data: it is not stored, not associated with any student record, and not retained. Teachers who use Scorae are responsible for their own institutional policies regarding submitting student work to third-party services and should consult their school’s data agreements before doing so.
9. Security
We protect data in transit with HTTPS encryption everywhere. Passwords are hashed using bcrypt before storage; we cannot recover or read them. Authentication tokens expire and are bound to the device that created them. Database access is restricted to a small number of authorized administrators. We monitor for and respond to security incidents.
No security measure is perfect. If we ever discover a data breach that affects you, we will notify you within the timeline required by applicable law.
10. Cookies and similar technologies
The Scorae extension itself does not use cookies. It stores its preferences in Chrome’s local extension storage, which is not a cookie and is not accessible to other websites.
The Scorae website (scorae.com) uses minimal cookies necessary for the site to function, such as session cookies on the marketing pages. We do not use advertising cookies or tracking pixels for retargeting purposes on this site at this time. The marketing site uses Meta Pixel for conversion tracking on signup events; this is a single event tracker, not a cross-site behavior profiler.
11. Changes to this policy
We will update this policy when we make material changes to how we handle data, when we add or remove subprocessors, or when we add new features that affect privacy. The “Last updated” date at the top of this page will always reflect the most recent revision. For significant changes, we will also notify active subscribers by email.
12. Contact us
Questions about this policy, requests to exercise your rights, or general feedback are all welcome.
Professor C’s Academy LLC
Email: professorcacademy@gmail.com