Our approach
Ezergrade™ is an AI-enhanced, audio-paced spelling assessment platform for homeschoolers, co-ops, microschools, tutors, and schools of all types. We collect the minimum student information needed to deliver a test and report the result to the teacher, and we treat that data with particular care. Students never create accounts, never provide email addresses, and are never tracked across websites or for advertising.
Our commitments
- Honest Input™ — we disable autocorrect, autocomplete, autocapitalize, and spellcheck on student inputs, so results reflect what the student actually spelled.
- We never sell, rent, or trade student or teacher data.
- No advertising and no behavioral profiling — we serve no ads and run no cross-site tracking.
- No training AI on your data — we select AI providers that state they do not train on API-submitted data, and configure available no-training settings.
- Designed to fully support schools' FERPA obligations, and built around COPPA principles — teachers and schools remain in control of their student records.
- Data minimization — no student emails, dates of birth, addresses, phone numbers, or government identifiers are collected from students.
- You stay in control — teachers can view, export, correct, and delete students, classes, tests, and results at any time.
- We never claim a certification until it is official. We're actively pursuing SDPC membership and certifications like iKeepSafe's ATLIS and COPPA Safe Harbor.
Federal & state student privacy laws
Here's exactly how each law applies to Ezergrade — specific and verifiable, not a blanket badge. Full detail (and the "why") is in the For Schools tab of our FAQ.
- FERPA — no federal certification exists for vendors to hold; FERPA compliance is relationship-based. Under our Data Processing Agreement, Ezergrade acts as a "school official" with a legitimate educational interest, remains under the school's direct control over education records, uses data only for the disclosed purpose, and follows FERPA's redisclosure limits.
- COPPA — built around COPPA's core principles: no student accounts, no student emails, minimal data, school-consent for educational use. We're actively pursuing formal COPPA Safe Harbor certification.
- PPRA — out of scope for our product. PPRA protects sensitive survey categories (political beliefs, religion, sexual behavior, mental health, income) that Ezergrade never collects.
- State laws (e.g. Illinois's SOPPA) — our DPA carries the terms state operator-contract laws require: school-official status, reasonable security, breach notification, deletion timeframes, and breach-cost allocation. Where your state needs anything further, we'll add it to your agreement directly.
Where AI is — and isn't — used
The core assessment workflow — test delivery, audio playback, exact-match grading, and grade record storage — does not use AI. Grading is an objective string match: the student either spelled the word correctly or they did not.
AI is used only in specific, optional features (such as the AI Word Generator, file import, optional student spelling feedback, paper-scan OCR, and the Chat with Ezer assistant). For optional student spelling feedback, the only data sent to the AI provider is the target word and the student's misspelled answer — never a student's name, number, class, or grade. Full detail is in our Privacy Policy.
Security
- Encryption in transit — all traffic is protected with TLS/HTTPS.
- Encryption at rest — database content is encrypted at rest by our database provider.
- Access controls — Row Level Security ensures teachers can access only their own data; students can access only their own active test session.
- No student credentials — students join by class code, minimizing stored credentials and attack surface.
No method of storage or transmission is 100% secure, but we use commercially reasonable measures to protect your data, and we notify affected teachers and schools of any qualifying data breach without unreasonable delay — and no later than 30 calendar days after confirming a breach, consistent with state requirements such as Illinois's SOPPA. A fuller security overview mapped to the NIST Cybersecurity Framework is available to schools on request at support@ezergrade.com.
Accessibility
We want Ezergrade to work for every student and teacher. The product is built with accessibility in mind: test words are delivered as audio, student screens use high-contrast "chalk" colors chosen for legibility, and type is set in readable display and body fonts. Because Ezergrade is audio-paced, students who find reading difficult can hear each word rather than rely on text alone.
Accessibility is an ongoing commitment, not a finished box — we continue to improve. If you or a student encounter an accessibility barrier, please tell us at support@ezergrade.com and we'll work to address it.
Who processes data for us (subprocessors)
We use a small set of trusted providers solely to operate the Service:
- Supabase — database hosting, authentication, real-time (United States)
- Cloudflare — hosting, content delivery, and security (global edge network)
- Stripe — payment and subscription processing (we do not store full card numbers)
- Enterprise OCR provider — OCR text extraction for Paper Mode answer sheets
- Google Classroom APIs — roster import and grade passback, when a teacher authorizes it
- AI provider — text processing for the optional AI features described above
- Transactional email provider — delivery of account and authentication emails
A complete, named subprocessor list is included with our Data Processing Agreement — email support@ezergrade.com to request it.
For schools, co-ops & districts
We're glad to put a data-privacy agreement in place. Ezergrade functions as a "school official" with a legitimate educational interest in the student data, using it solely to provide the assessment services the teacher or school requests.
- Request our Data Processing Agreement (DPA) — email support@ezergrade.com and we'll send it over.
- Have your own agreement? If your school or district uses a standard student data privacy agreement — including the SDPC's National Data Privacy Agreement (NDPA) — send it along and we're ready to review and sign it today.
- More questions? See the For Schools tab of our FAQ for FERPA, COPPA, state law, security, and subprocessor details.
Contact
Questions about privacy, security, or a data request? Email support@ezergrade.com. Parents and guardians can also reach out to review, correct, or request deletion of a child's data, and we'll work with the relevant teacher or school to fulfill valid requests.
Ezergrade™ is committed to protecting user privacy and providing a safe, honest assessment environment for teachers and students.