Privacy Policy

Privacy Policy

Effective Date: November 25, 2024
Last Updated: July 1, 2025

At XPerience Based Grading (“we,” “us,” “our”), we are committed to protecting your privacy and complying with applicable data protection laws, including FERPA, COPPA, and GDPR. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website xperiencebasedgrading.com (“Website”) or use our subscription services.

By using our services, you consent to the terms of this Privacy Policy.

1. Information We Collect

1.1 Personal Information

We collect personal information when you register for an account, subscribe to our services, or interact with us. This may include:

  • Name
  • Email address
  • Account credentials (including a hashed password)
  • Payment information (processed securely by our payment processor; we do not store credit card numbers)

1.2 Usage Data

We may collect non-identifiable information about how you use our services, such as:

  • Browser type, device type, and operating system
  • Pages visited and features used
  • Assignment and grading activity within the LMS

1.3 Cookies and Tracking

We use cookies and similar technologies to enhance functionality and security. No third-party advertising cookies are used.

1.4 Data Ownership

Users retain ownership of their personal information and student data. XPerience Based Grading acts only as a custodian and processor of this data on behalf of educators and institutions.

2. How We Use Your Information

We use your information to:

  • Provide and maintain our services
  • Process payments and manage subscriptions
  • Improve and personalize your experience
  • Respond to inquiries and support requests
  • Ensure the security and integrity of our systems

3. Data Retention

  • We retain personally identifiable information (such as your name, email address, and account details) for up to 12 months after your account is closed, unless you request earlier deletion.
  • After 12 months, we will either delete your personally identifiable information or convert it into an anonymized format that cannot reasonably be used to identify you.
  • Anonymized and aggregated data (which contains no personally identifiable information) may be retained indefinitely for analytics, research, and service improvement.
  • You may request deletion of your personal information at any time by contacting us at privacy@xperiencebasedgrading.com.

4. Data Security

We implement a combination of technical, administrative, and physical safeguards to protect personal information:

  • All passwords are stored using industry-standard encryption (hashing).
  • We enforce strong password creation requirements.
  • Two-step verification (multi-factor authentication) is supported.
  • All data is transmitted using secure encryption (HTTPS).
  • Access to personal data is restricted to authorized personnel only.
  • We conduct regular reviews and updates of our security practices to maintain compliance with industry standards.

5. Children’s Privacy & FERPA Compliance

Our services may be used by educators with students under 13 in compliance with the Children’s Online Privacy Protection Act (COPPA).

  • Students under the age of 13 are not permitted to create accounts directly on our platform.
  • All student accounts must be created and managed by educators or schools.
  • In compliance with COPPA, schools and educators act as the parent’s agent in providing consent for the collection and use of student information.
  • We do not knowingly collect personal information directly from children.
  • Parents and guardians may request to review or delete their child’s information by contacting privacy@xperiencebasedgrading.com.

6. Third-Party Services

We engage only essential third-party service providers necessary to operate our platform. These providers are contractually bound to use data solely for providing their contracted services and must apply equivalent privacy protections.

Examples include:

  • Payment processors (billing and subscription details, not full credit card numbers)
  • Hosting providers (account credentials, usage data necessary for system operation)
  • Email communication services (email addresses for account verification, password recovery, and service updates)

We do not sell or rent personal information to third parties.

7. Your Rights

You have the right to:

  • Access, correct, or delete your personal data
  • Opt out of non-essential data collection (cookies and analytics)
  • Request information on third parties that process your data
  • Withdraw consent at any time (where applicable)

GDPR Compliance (EU/EEA Users)

If you are located in the EU or EEA, we process your data in accordance with the General Data Protection Regulation (GDPR). This includes:

  • Processing on a lawful basis (contract, consent, or legitimate interest)
  • Rights to access, rectify, delete, or restrict processing of your personal data
  • Right to data portability
  • Right to withdraw consent at any time
  • Right to lodge a complaint with your local supervisory authority

For GDPR-related inquiries, contact privacy@xperiencebasedgrading.com.

8. Accessibility Statement

We are committed to ensuring accessibility for all users. Our website is designed to comply with WCAG 2.1 AA standards. If you encounter accessibility barriers, please contact us at privacy@xperiencebasedgrading.com, and we will provide timely assistance.

9. Changes to This Policy

We will notify you in advance of material changes and maintain a history of revisions. The latest version will always be posted with the effective date.

10. FERPA Compliance

We comply with the Family Educational Rights and Privacy Act (FERPA).

  • All student data managed through the platform is considered confidential educational record information.
  • We act as a “school official” with legitimate educational interest when processing data on behalf of schools.
  • We do not disclose student records to third parties except as directed by the school or required by law.
  • Parents, guardians, and eligible students may request access to their educational data by contacting their school or privacy@xperiencebasedgrading.com.

11. GDPR Compliance

For users in the European Union, United Kingdom, and other GDPR jurisdictions:

  • We comply with the General Data Protection Regulation (GDPR).
  • Legal bases for processing personal data include performance of a contract, legitimate interest, and compliance with legal obligations.
  • Data subject rights include the right to access, rectify, erase, restrict processing, object to processing, and request data portability.
  • Users may request these rights by contacting privacy@xperiencebasedgrading.com. Requests will be honored within the one-month GDPR timeframe.
  • We do not engage in automated decision-making or profiling without consent.

12. Contact Us

If you have any questions, contact us at:
📧 Email: privacy@xperiencebasedgrading.com