GPTZero

GPTZero & Student Privacy

Read GPTZero's approach to student privacy, security and compliance, including FERPA, SOC2, COPPA, etc.

GPTZero Team
· 3 min read
Send by email

Any software tool, especially those used by educational institutions with students, should follow a set of strict guidelines to protect student data privacy.

At GPTZero, we are committed to protecting the privacy of the students and education institutions who interact with our products, including our AI detector and AI document scan, writing feedback tools, and authorship verification.

You can view our full policy at GPTZero: Approach to Security and Compliance.

Here is a high-level summary of our approach to privacy and security:

SOC2 Compliance

GPTZero has successfully undergone its SOC2 – Type II assessment, which confirms we use robust security measures appropriate to the relative sensitivity of the data we collect, and these measures are regularly reviewed and updated. We complete annual company-wide and third-party SOC2 security audits and certification.

Family Education Rights and Privacy Act (“FERPA”)

We comply with the requirements of the Family Education Rights and Privacy Act (“FERPA”) because we currently do NOT store student "educational records," and only receive the minimally required information from teachers (e.g. document uploads) needed to perform services.

Data Privacy and Data Collection

We primarily collect coursework – usually essays and other written materials assigned by an instructor – to check for originality. 

Like most software companies, we also collect some technical information such as IP addresses, device IDs, time spent in our products, and features used. We use that anonymized and aggregated information to help us better understand how our products are used, inform new feature development, secure the products, and identify issues with operations.

We do NOT collect or use student data for advertising or marketing purposes. We do NOT develop profiles of students that may be used by marketers. We collect and use personal information on an opt-in basis only to provide our products.

We only collect data directly from our users, so we do NOT  buy, collect or receive student data from any other sources. We do not “label” or “categorize” students; we simply help educators check the integrity of their students’ work.

We collect the minimum amount of data required to allow an individual to log into and use our products - including to submit and upload documents, keep track of the documents they’ve submitted, edit and revise documents, and allow them to provide basic details to identify their account - such as first name, last name, email address, institution name.

Depending on the product being used, educators may also upload scoring rubrics to help educators improve the efficiency of their grading processes.

End User License Agreement (EULA)  

Individuals must agree to an End User License Agreement (EULA) before accessing our products. We make the EULA, our privacy policy, and our terms of service available for review prior to an individual providing us with any information.

Children’s Online Privacy Protection Act (“COPPA”)

Under the Children’s Online Privacy Protection Act (“COPPA”), consistent with the position of the Federal Trade Commission (FTC), we rely on our education institution customers to obtain the necessary parental consents prior to collecting only the minimally required personal information from students under age 13. As with all the students we serve, any such information is used only for providing the services to the educational institutions. We comply with all COPPA requirements, and partner with our education institution customers to ensure that parents are always able to exercise their rights under all applicable laws and regulations.

Data deletion

Users may request deletion of their students’ personal information at any time.

Should a merger, acquisition, re-organization, restructuring, or change in ownership result in transfer of data to a new operating entity, GPTZero would notify our educational institution customers, and the data would remain protected by the terms of the GPTZero privacy policy and the existing customer contractual agreements.

You can view our full policy at GPTZero: Approach to Security and Compliance.