Skip to main content
GradeNeededGradeNeeded™Student command center

Security and privacy center

How GradeNeeded protects your data.

Student productivity data deserves clear boundaries. Here is how GradeNeeded handles privacy, authentication, payments, and social sharing.

Privacy guardrails

What GradeNeeded should never casually expose.

Grades, assignment names, notes, due dates, professor names, emails, and schedule times are never shared publicly without your explicit action.

Social features use safe summaries — badges, streaks, and general workload counts — not raw academic details.

Your planner data is yours. It lives in your account and is never visible to other users.

API keys, service credentials, and Canvas personal access tokens are stored server-side only and are never sent to your browser.

You can control what your public profile shows through your Community Settings at any time.

Public-safe

  • Achievement badges
  • Study streak count
  • General wins shared
  • Subscription tier badge

Friends-only (optional)

  • Safe workload summary
  • Class names (if you allow)
  • Profile basics
  • Feed celebrations

Private always

  • Grades and scores
  • Assignment notes
  • Exact due dates
  • Professor names
  • Schedule times
  • Email address

Engineering checklist

Platform security practices.

Secrets stay server-side

AI, payment, analytics, database credentials, and Canvas personal access tokens live in server environment variables or server-side storage only. No sensitive keys are ever sent to the browser.

Authenticated routes

Dashboard, planner, study, settings, profile, feed, and friends routes all require a signed-in Clerk session before any data is shown.

Privacy-first social layer

Friend profiles and feed posts surface only safe academic wins — badges, streaks, and general progress. Grades, notes, and exact schedules are never exposed.

Stripe payment security

All payments are processed directly by Stripe. GradeNeeded never stores card details. Webhook signatures are verified on every event.

Responsible AI use

Geno AI inputs are validated, capped, and sanitized before reaching provider APIs. Rate limits and daily message caps protect against misuse.

Input validation

All user inputs are validated server-side with size limits, type checks, and suspicious-content guards across AI routes, uploads, and forms.

Security & Privacy Center | GradeNeeded