Skip to main content

Privacy Policy

Last Updated: November 28, 2025

What You Need to Know

  • • We collect your exam data to provide AI-powered grading and feedback
  • • Your essays are processed by AI providers (OpenAI, Anthropic) for grading
  • • Payments are handled securely by Stripe—we never see your card details
  • • You can download or delete your data anytime from your account settings
  • • We don't sell your personal information to third parties

Table of Contents

1. Information We Collect2. How We Use Information3. How We Share Information4. Data Retention5. Your Rights6. Children's Privacy7. International Transfers8. Security Measures9. Cookies10. Policy Changes11. Contact Us

Welcome to ScoreUp Pro. We respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered exam preparation platform.

1. Information We Collect

Information You Provide

  • Account Information: Name, email, password (encrypted), Google OAuth credentials
  • Exam Data: Essays, reading answers, listening responses, scores, and progress
  • Payment Information: Billing details (processed by Stripe)
  • Organization Data: School names, teacher-student relationships (for organization accounts)
  • Referral Data: Referral code usage, referrer-referee relationships, and referral timestamps

Information We Collect Automatically

  • Usage Data: Pages visited, features used, time spent, exam completion rates
  • Device Information: IP address, browser type, device type, operating system
  • Cookies: See our Cookie Policy for details

Information from Third Parties

When you sign in with Google, we receive your name, email, and profile picture. From Stripe, we receive payment confirmation and transaction status (not your card numbers).

2. How We Use Your Information

  • Provide the Service: Create your account, authenticate you, process exam submissions, and deliver AI-generated feedback
  • Process Payments: Handle subscriptions, renewals, and refunds through Stripe
  • Improve Our Service: Analyze anonymized usage patterns and develop new features
  • Personalize Your Experience: Recommend practice materials based on your skill level
  • Communicate: Send service announcements, respond to support requests, and (with consent) promotional materials
  • Legal & Security: Comply with laws, enforce our Terms, and protect against fraud
  • Referral Program: Track referral relationships, process rewards, and detect fraudulent activity using IP addresses and email patterns

Legal Basis for Processing (GDPR Art. 6)

PurposeLegal Basis
Account creation and service deliveryContract performance (Art. 6(1)(b))
AI-powered exam grading and feedbackContract performance (Art. 6(1)(b))
Payment processingContract performance (Art. 6(1)(b))
Analytics and service improvementLegitimate interest (Art. 6(1)(f))
Marketing communicationsConsent (Art. 6(1)(a))
Legal compliance and fraud preventionLegal obligation (Art. 6(1)(c)) / Legitimate interest (Art. 6(1)(f))
Referral program administrationContract performance (Art. 6(1)(b))

3. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

AI Service Providers

Your essays and answers are sent to OpenAI and Anthropic for AI grading. We have enterprise agreements prohibiting these providers from using your data to train their public models.

Automated Decision-Making

Our AI grading system uses automated processing to evaluate your exam submissions and generate scores and feedback. These scores are estimates for practice purposes only and do not constitute legally or similarly significant decisions. You are not subject to decisions based solely on automated processing that produce legal effects. If you have concerns about automated grading, you may contact us at contact@scoreup.pro to request a human review.

Payment Processor

Stripe handles all payments. They receive your billing information directly and comply with PCI DSS standards. We never see your full card number.

Other Sharing

  • Organization Accounts: Teachers/admins can view student progress and submissions
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In case of merger or acquisition (with notice)
  • Anonymized Data: Aggregated statistics that cannot identify you

4. Data Retention

  • Account Data: Retained while your account is active; deleted within 90 days of account deletion
  • Exam Data: Retained for progress tracking; deleted within 90 days of account deletion
  • Payment Records: Retained for 7 years (tax and legal compliance)
  • Backup Data: May persist up to 90 days after deletion in secure backups

Request data deletion anytime by contacting contact@scoreup.pro.

5. Your Rights and Choices

All Users Can:

  • Access: Request a copy of your personal data
  • Correct: Update your account information in settings
  • Delete: Delete your account and request data removal
  • Opt-Out: Unsubscribe from marketing emails anytime

EU/EEA Users (GDPR)

You have additional rights including: data portability, restriction of processing, objection to processing, and the right to lodge a complaint with your local data protection authority.

Right to Withdraw Consent

Where we rely on your consent to process personal data (e.g., marketing communications, analytics cookies), you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal. You can withdraw consent by adjusting your cookie preferences, unsubscribing from emails, or contacting us at contact@scoreup.pro.

California Users (CCPA)

You have the right to know what data we collect, request deletion, and not be discriminated against for exercising your rights. We do not sell personal information.

6. Children's Privacy

Age Requirements:

  • Users must be 16+ to use ScoreUp Pro
  • Ages 16-18 require parental consent
  • Under 16: A parent/guardian must manage the account

If you believe a child under 13 has provided us information without consent, contact us immediately at contact@scoreup.pro.

7. International Data Transfers

ScoreUp Pro is operated from Germany (European Union). Your data is primarily stored and processed within the EU, ensuring full GDPR compliance.

Transfers to Third Countries: Some of our service providers (OpenAI, Anthropic, Stripe) may process data in the United States. For these transfers, we implement:

  • Standard Contractual Clauses (SCCs) approved by the EU Commission
  • Data Processing Agreements (DPAs) with all processors
  • Technical and organizational security measures

8. Security Measures

  • Encryption: All data encrypted in transit (TLS/SSL) and at rest
  • Password Protection: Passwords hashed using bcrypt
  • Access Controls: Role-based access limits employee data access
  • Monitoring: Continuous security monitoring and regular audits

While we implement strong security, no system is 100% secure. Report any security concerns to contact@scoreup.pro.

9. Cookies

We use cookies for authentication, preferences, and analytics. See our Cookie Policy for details on what cookies we use and how to manage them.

10. Changes to This Policy

We may update this Privacy Policy periodically. We'll notify you of material changes by updating the "Last Updated" date, sending an email, and displaying a notice in the app. Continued use after changes constitutes acceptance.

11. Contact Us

Data Controller:

Kadir Korkusuz
ScoreUp Pro
Friedrich-Dessauer-Straße 8
60438 Frankfurt am Main
Germany

Contact for Privacy Inquiries:

Email: contact@scoreup.pro
Phone: +49 157 83508553
Subject: "Privacy Inquiry"
Response Time: 2-3 business days (GDPR requests: within 30 days)

Data Protection Officer: As a small business, we are not required to appoint a Data Protection Officer under Article 37 GDPR. For all data protection inquiries, please contact us directly using the information above.

By using ScoreUp Pro, you acknowledge that you have read and understood this Privacy Policy.