Legal & Compliance

This Policy applies to the Upraiser platform and related services provided to U.S. educational organizations. Customer organizations act as the data controllers for Student Data and other Customer Data; Upraiser acts as a processor/service provider on their instructions. Upraiser does not offer services in jurisdictions that require a designated Data Protection Officer and has not appointed one.

• Customer Data means all data and content submitted or uploaded by the customer or its authorized users, including evaluation artifacts, audio recordings, transcripts, notes, rubric scores, and related information.
• Student Data refers to any education records or personally identifiable information about students that is provided or generated through the customer’s use of the services and is controlled by the customer under FERPA. All Student Data and Customer Data remain owned and controlled by the customer.
• User Data means account, authentication, and profile data for customer-authorized personnel (e.g., name, email, roles, org affiliation).

• Account and organization data: user credentials, names, emails, roles, organization details, billing readiness, and preferences.
• Evaluation data: uploaded classroom audio, file metadata, transcripts (which may incidentally include student voices), evaluator notes, rubric scores, and generated evaluation artifacts.
• Operational and security data: audit logs of audio/transcript access, rate-limit events, error/diagnostic logs (redacted where possible), request metadata, and functional cookies (e.g., authentication, access attestation).
• Communications: support requests, feedback, invitations, and transactional emails.
• Analytics: Vercel Analytics for operational and performance metrics (IP addresses and request metadata). No marketing trackers or cross-site advertising cookies are used.

1. Account management and authentication, including MFA and secure session handling.
2. Organizational administration and role-based access control.
3. Evaluation workflows and AI-assisted processing (transcription, rubric alignment, analysis) strictly on behalf of the customer.
4. Support, troubleshooting, service quality, and reliability improvements.
5. Security, abuse prevention, rate limiting, and auditability.
6. Operational and performance analytics (non-marketing).
7. Billing and subscription management (including future paid tiers via Stripe).
8. Optional future product updates/announcements (opt-in when offered).

Upraiser instructs its AI service providers, including AssemblyAI and OpenAI, not to retain customer data, not to use customer data for model training, and not to use customer data to improve their services, except to the extent necessary to perform the requested processing. Upraiser uses only paid enterprise API endpoints designed for ephemeral processing and does not permit providers to store or reuse customer audio, transcripts, or evaluation content.

The services are not intended for HIPAA/PHI, CJIS, ITAR, or other high-risk regulated data. Customers may not upload or transmit such data. Upraiser processes only education-related content for authorized districts and schools and relies on customers to ensure necessary notices and consents are obtained.

Upraiser uses the following U.S.-based subprocessors: AWS (object storage), Vercel (hosting/CDN), Neon (database), Resend and ImprovMX (email), AssemblyAI (transcription), OpenAI (NLP processing), n8n (workflow automation), Stripe (payments), Google Workspace (enterprise email/docs), and HubSpot (CRM for customer communications). Upraiser may disclose information as required by law or to protect the security, rights, or safety of users, customers, or the service.

Upraiser stores and processes customer data in the United States. Services are provisioned in U.S. data centers and are designed as U.S.-only. Network transit (e.g., DNS/SMTP routing) may traverse global infrastructure but does not change the storage/processing location. Upraiser does not rely on SCCs or other cross-border mechanisms and requires subprocessors to process within U.S. regions or under U.S. operational controls.

• Encryption in transit (TLS 1.2+) and at rest (e.g., AES-256).
• Role-based access control with least-privilege and time-limited authorization.
• Optional MFA; scoped presigned URLs; HMAC-signed callbacks.
• Audit logging of audio/transcript/evaluation access and administrative actions.
• Rate limiting, anomaly detection, and abuse-prevention controls.
• Vendor attestation gates for certain access scenarios; segregation of opt-in training datasets.
• Network isolation, hardened hosting environments, and routine patching/monitoring.

• Audio recordings: 90 days by default (customer-configurable).
• Transcripts: 12 months (customer-configurable).
• Evaluation results/artifacts: 3 years by default (customer-configurable).
• Audit logs: 12 months.
• Error/operational logs: 30–90 days (default 60 days).
• Billing/financial records: 7 years.
• Backups: rolling 30-day rotation; not individually modifiable.
• Account and other Customer Data: retained during the active subscription; deleted or anonymized within 30 days of a verified administrator request or termination, subject to required security/legal retention.

Upraiser supports rights applicable to U.S. educational institutions (e.g., FERPA and relevant state laws). Requests must come from an authorized customer administrator. Upraiser will provide access, correction, deletion/anonymization (within 30 days), and export of Customer Data in a standard format, subject to security, legal, and retention obligations. Upraiser does not accept direct requests from individual students or teachers without customer authorization.

Upraiser is for district-authorized personnel only; no student or minor accounts are created. Any student information in audio or transcripts is incidental to classroom observations and processed under the district’s FERPA authority. Upraiser does not knowingly collect personal information directly from children and does not use student information for marketing or profiling.

Upraiser uses functional cookies for authentication, session integrity, and access attestation. No advertising or cross-site tracking cookies are used. Operational analytics via Vercel Analytics are always on for service performance monitoring and do not involve marketing use by Upraiser.

Upraiser may update this Policy from time to time. For material changes affecting how customer data is processed or retained, Upraiser will provide at least 30 days’ prior notice to the customer’s designated administrative contact and an in-app notification. Continued use after the effective date constitutes acceptance of the revised Policy.

General and account questions: admin@upraiser.aiSecurity and privacy incidents: security@upraiser.aiPrivacy/DPA questions: privacy@upraiser.ai