Data Collection
Understanding what information we gather and why
Ednius is designed with privacy by default. Unlike consumer AI tools, we operate as an institutional partner, meaning we collect only the minimum data necessary to provide our grading and feedback services. We never sell data to third parties, and we never use student submissions to train AI models.
Key Principle: Anonymization First
Student information is fully anonymized. We use anonymous keys provided by your LMS instead of names or student IDs. This means we can provide personalized feedback without ever knowing who a student actually is.
Institutional Data
Course structures, rubrics, assignment configurations, and grading preferences provided by educators.
Submission Content
Student answers and submissions processed for grading. Content is associated only with anonymous identifiers.
Account Information
Educator email addresses and authentication credentials for platform access and communication.
Usage Analytics
Aggregated, anonymized platform usage data to improve service quality. Never linked to individual students.
How We Use Data
Transparency in our data processing practices
We process data exclusively to deliver our educational assessment services. Every piece of information we handle has a specific, limited purpose directly tied to helping educators grade more efficiently and students learn more effectively.
What We Never Do
Student submissions are never used to train our AI models. We do not sell, share, or monetize student data in any way. Unlike consumer AI tools, your data is never used to improve products for other customers.
- AI Grading & Feedback: Submissions are processed in real-time by our AI to generate grades and personalized feedback based on your rubric criteria.
- Analytics for Educators: We provide aggregate insights about class performance to help identify areas where students need additional support.
- Service Improvement: Anonymized, aggregated usage patterns help us improve platform reliability and user experience—never individual student data.
- Security & Compliance: System logs are maintained for security monitoring, incident response, and regulatory compliance requirements.
- Support & Communication: Educator contact information is used solely for service-related communications and support requests.
Data Protection
Enterprise-grade security at every layer
Security isn't an afterthought at Ednius—it's foundational. We employ multiple layers of protection to ensure your data remains secure, private, and accessible only to authorized personnel within your institution.
AES-256 Encryption
All data is encrypted both in transit (TLS 1.3) and at rest using industry-standard AES-256 encryption.
Data Isolation
Each institution's data is logically isolated. There is no cross-institutional data access or leakage.
Access Controls
Role-based permissions ensure only authorized educators and administrators can access relevant data.
Continuous Monitoring
24/7 security monitoring with automated threat detection and incident response procedures.
Regulatory Compliance
We adhere to all FERPA requirements for protecting student educational records and personally identifiable information.
- No unauthorized disclosure
- School official exception compliance
- Legitimate educational interest
For institutions in the EU/EEA, we provide full GDPR compliance including data processing agreements and privacy impact assessments.
- Lawful basis documentation
- Data subject rights fulfillment
- EU data residency options
Our security practices align with SOC 2 Type II standards for security, availability, and confidentiality.
- Security controls documented
- Regular penetration testing
- Incident response procedures
We also support regional requirements including PIPA (British Columbia), PIPEDA (Canada), and COPPA (for K-12 implementations). Our Data Protection Officer is available to discuss specific compliance requirements for your institution.
Your Rights
You have control over your data
We believe in transparency and user control. Whether you're an educator managing your account or an institution overseeing your deployment, you have clear rights regarding the data processed through Ednius.
Right to Access
Request a copy of all data we hold about you or your institution
Right to Rectification
Correct any inaccurate information in your account or records
Right to Deletion
Request removal of your data, subject to legal retention requirements
Right to Portability
Export your data in a machine-readable format
Right to Object
Object to specific processing activities at any time
Right to Be Informed
Receive notice of any material changes to our privacy practices
How to Exercise Your Rights
To exercise any of these rights, contact our Data Protection Officer at privacy@ednius.com. We will respond to verified requests within 30 days. For institutional requests, please contact through your designated administrator.
Third-Party Services
Limited, necessary integrations
Ednius integrates with learning management systems (Canvas, Moodle, Blackboard, etc.) to provide seamless grading workflows. These integrations use secure OAuth protocols and access only the data necessary for operation.
We use a limited number of third-party services for infrastructure (cloud hosting, content delivery) and these providers are contractually bound to the same privacy and security standards we maintain. We do not share data with advertising networks, data brokers, or any non-essential third parties.
Policy Updates
How we communicate changes
We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page
- Notify institutional administrators via email at least 30 days before changes take effect
- Provide a summary of changes in our notification
- For significant changes affecting data handling, obtain renewed consent where required
We encourage you to review this Privacy Policy periodically. Your continued use of Ednius after any changes indicates your acceptance of the updated policy.