Privacy Policy
Last updated: April 24, 2026
GradRecorder ("we," "us," or "our") provides a web application used by schools, colleges, and universities to record graduate name pronunciations for commencement ceremonies. This Privacy Policy explains what information we collect, how we use it, and the choices you have. By using the Service, you agree to the practices described here.
1. Who this policy covers
This policy applies to three audiences:
- Schools — the institutions that license the Service and invite their own administrators and staff.
- Authorized users — administrators, staff, and announcers signed in on behalf of a school.
- Graduates and their families — students who call the telephone system to record their name, and anyone whose name appears in a school's roster.
2. Information we collect
From authorized users (signed-in accounts)
- Name, email address, password hash, and role.
- Session cookies and, if selected, a 30-day "remember me" device token.
- If you sign in with Google: your Google account email and unique ID.
- Technical logs: IP address, browser type, pages visited, and timestamps.
From school rosters (uploaded by authorized users)
- Student ID, legal name and optional preferred name.
- Program, degree, major, college/school, honors (higher-education institutions).
- Grade, homeroom, homeroom teacher (K-12 institutions).
- Student email address, used to send name-recording reminders.
From graduates who call the telephone system
- The phone number they called from (as reported by the carrier).
- The digits they enter (school code, student ID).
- An audio recording of the graduate saying their name.
From the contact / demo-request form
- Name, email, subject, and the content of the message.
- IP address, browser user-agent, reCAPTCHA risk score (if enabled).
3. How we use this information
- To operate the Service — authenticate users, play the right recording to announcers, send reminder emails, etc.
- To protect the Service — detect and block abuse, spam, and unauthorized access.
- To communicate with you about your account, support requests, and material changes to the Service.
- To comply with applicable law.
We do not sell personal information. We do not use student recordings, names, or rosters for advertising or marketing to students or their families.
4. Legal basis for processing (schools)
When a school uploads a student roster or collects voice recordings through our Service, the school is the "controller" of that information under applicable data-protection law. GradRecorder acts as a "processor" or "service provider" on the school's behalf, processing information only to provide the Service to that school under the terms of the school's agreement with us.
FERPA (U.S. education records)
For U.S. schools subject to the Family Educational Rights and Privacy Act, GradRecorder treats student information in its possession as "education records" and handles it as a "school official" with a "legitimate educational interest" under FERPA. We use it only for the purposes the school directs, we do not disclose it to third parties except as permitted by FERPA and this policy, and the school retains the right to access, correct, and delete student information in its workspace.
Children's information (COPPA)
GradRecorder is designed for use in graduation ceremonies, which are typically attended by students aged 17 and older. We do not knowingly collect personal information directly from children under 13. Schools using GradRecorder with students under 13 are responsible for obtaining any parental consent required under COPPA, and we will work with schools to remove such information promptly upon request.
5. Subprocessors
We use the following service providers to operate GradRecorder. Each is contractually bound to protect information in line with this policy.
| Service provider | Purpose | Data processed |
|---|---|---|
| Twilio, Inc. | Inbound voice calls and recording storage | Caller phone number, dialed digits, voice recording |
| Mailgun Technologies, Inc. (or equivalent SMTP provider) | Transactional email (reminders, password resets, invites) | Email address, message content |
| Google LLC | Optional OAuth sign-in; optional reCAPTCHA anti-spam on the contact form | Email address, Google account ID, IP address for reCAPTCHA |
| Web hosting provider (cPanel shared hosting) | Application hosting and database storage | All data stored by the Service |
6. Data retention
Voice recordings and rosters are retained for as long as your school maintains an active account, or until your school requests deletion. Authorized-user account records (email, name, role, sign-in history) are retained while the account is active plus up to 90 days after deactivation for security review. Server logs and contact-form submissions are retained for up to 12 months.
A school may request deletion of all data associated with its account at any time by contacting support@gradrecorder.com. We will complete the deletion within 30 days unless a longer period is required by law.
7. Security
We use industry-standard safeguards including HTTPS in transit, bcrypt password hashing, session cookies marked Secure and HttpOnly, CSRF protection on state-changing requests, and multi-tenant isolation at the database query layer. No online service can guarantee absolute security, and users should keep their sign-in credentials confidential.
8. Your choices and rights
- Access and correction — authorized users can view and update their own account information in the app.
- Roster management — school administrators can add, pause, or delete any graduate record through the Import Graduates page.
- Recording playback and deletion — recordings can be reviewed by authorized users and deleted by an administrator.
- Email preferences — students can opt out of name-recording reminders by emailing support@gradrecorder.com.
- Account deletion — schools and individual users may request full deletion of their information as described in Section 6.
9. International transfers
GradRecorder is operated from the United States. By using the Service from outside the U.S., you understand that your information will be processed in the U.S., which may have different data-protection laws than your country.
10. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be announced on this page and, for authorized users, by email. Continued use of the Service after the "Last updated" date constitutes acceptance of the revised policy.
11. Contact us
Questions, requests, or concerns about this policy can be sent to:
GradRecorder Privacy
Email: support@gradrecorder.com
Contact form: gradrecorder.com/support.php
Plain-English summary (non-binding). We store what your school uploads and the recordings graduates create. We use that data to run the service, not to market to anyone. We share it only with the service providers listed above (Twilio, Mailgun, Google, our web host). Your school can get its data deleted any time by asking.