Privacy Policy

This Privacy Policy explains how FairGrade ("the Platform"), operated at fairgrade.app, collects, uses, and protects information when you use the Platform. By using FairGrade, you agree to the practices described in this Policy.

1. Who This Policy Applies To

This Policy applies to all users of the Platform, including lead coordinators, consultants, and any other authorised personnel. Access to FairGrade is restricted to individuals invited by the platform operator on behalf of an institution.

FairGrade does not provide accounts directly to students. Student data is entered into the Platform by authorised staff.

2. Information We Collect

Account information
When an account is created for you, we store your full name and email address.

Authentication data
If you sign in via Google OAuth, we receive your name and email address from Google. We do not receive or store your Google password. If you sign in via Magic Link, we process your email address to send the link.

Student data
Coordinators may enter student names, student ID numbers, assessment scores across five criteria, and optional written notes. This data is entered by authorised staff and is not submitted directly by students.

Usage data
We may collect basic technical information such as login timestamps and submission timestamps for audit and accountability purposes.

3. How We Use Information

We use the information collected solely to:

• Authenticate and manage user accounts
• Enable coordinators to manage classes, rotation groups, and student assignments
• Enable consultants to submit and lock assessments for assigned students
• Calculate and display assessment scores
• Maintain an audit trail of assessment submissions

We do not use any data for advertising, profiling, or any purpose unrelated to the Platform's core functionality.

4. Third-Party Services

FairGrade relies on the following third-party services to operate:

Neon (Database hosting)
Student data, assessment records, and account information are stored on Neon's serverless PostgreSQL infrastructure. Neon processes data on our behalf and does not use it for any independent purpose. See Neon's privacy policy at neon.tech/privacy.

Resend (Email delivery)
We use Resend to send invitation emails and Magic Link authentication emails. Resend processes email addresses for the purpose of message delivery only. See Resend's privacy policy at resend.com/privacy.

We do not sell, rent, or share your personal data with any other third parties.

5. Data Retention

Account and assessment data is retained for as long as the relevant institution's access to the Platform remains active. Upon termination of an institution's account, data may be deleted at the operator's discretion or upon written request.

6. Data Security

We take reasonable technical measures to protect the data stored on and transmitted through the Platform, including encrypted connections (HTTPS) and access controls that restrict data visibility to authorised users only.

No system is completely secure. In the event of a data breach that affects your personal information, we will notify affected users as soon as reasonably practicable.

7. Your Rights

You may request access to, correction of, or deletion of your personal data by contacting us at the address below. Requests will be handled within a reasonable timeframe. Note that some data may need to be retained for legitimate operational or institutional reasons.

8. Children's Privacy

FairGrade is not directed at individuals under the age of 18. All users are expected to be adult members of academic or medical staff. Student records in the system represent medical students enrolled in clinical rotations and are managed exclusively by authorised institutional staff.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Where changes are material, we will update the effective date at the top of this document. Continued use of the Platform after changes are posted constitutes acceptance of the revised Policy.

10. Governing Law

This Privacy Policy is governed by the laws of the Republic of Trinidad and Tobago.

11. Contact

For privacy-related requests or questions, contact: [email protected]