TypeOS

Privacy Policy

By using TypeOS, you agree to our terms of service and acceptable use policies.

Privacy Policy

Effective Date: September 14, 2025

This Privacy Policy ("Policy") explains how GradeAssist, Inc., a Delaware corporation ("GradeAssist," "TypeOS," "we," "us," or "our"), collects, uses, discloses, and protects information when you access or use TypeOS at typeos.com (including any subdomains), our Chrome extension, and related websites, apps, and services (collectively, the "Service").

If you use the Service on behalf of an organization (e.g., a company, school, or district), you represent that you have authority to bind that organization. Where we process information on behalf of an organization, that organization is typically the data controller (or equivalent) and we are its processor/service provider.

Note about education use: If you use the Service in an educational context, we support compliance with applicable laws such as the Family Educational Rights and Privacy Act (FERPA) in the U.S. and PIPEDA in Canada. See Section 13 for details specific to student data.

1. Information We Collect

1.1 Information you provide to us

  • Account and profile data. Name, email, password (hashed), organization, role/title, and optional profile details you choose to provide.
  • Authentication data. If you sign in with Google or another identity provider ("IdP"), we receive your name, email, and IdP identifiers necessary to authenticate you. We do not request unnecessary scopes.
  • Content you submit. Files, text, prompts, comments, tasks, configurations, and other information you upload, enter, or generate in the Service ("Customer Content").
  • Support communications. Messages you send to us (e.g., via email or in-product chat), including attachments and feedback.

1.2 Information we collect automatically

  • Usage data. Feature use, clicks, pages viewed, referring/exit pages, timestamps, language, and similar interactions.
  • Device and log data. IP address, browser type, OS, device identifiers, crash reports, and diagnostic logs.
  • Cookies and similar technologies. We use cookies, local storage, and similar tools to remember settings, authenticate sessions, analyze usage, and personalize the Service. See Section 9 (Cookies & Tracking) for more information and choices.

1.3 Information from third parties

  • Workspace administrators. Admins may provide user lists, role assignments, or integration settings.
  • Integrations. If you connect third‑party services (e.g., cloud storage, SSO, or communication tools), we receive the data those services make available per your configuration and their terms.

We do not request or require sensitive categories of personal information unless strictly necessary for the Service or required by law.

2. How We Use Information

We use information consistent with this Policy and our agreement with your organization (if applicable) to:

  • Provide and secure the Service. Authenticate users, operate features, process Customer Content, prevent fraud/abuse, and maintain integrity and availability.
  • Improve and develop. Monitor performance, debug, enhance functionality, and develop new features.
  • Communicate. Send transactional messages (e.g., invitations, billing notices, security alerts) and respond to inquiries. With your consent or as permitted by law, we may send product updates or surveys. You can opt out of non‑essential emails.
  • Comply with law. Satisfy legal obligations, enforce terms, and protect rights, safety, and property.

2.1 AI/ML features and model providers

TypeOS may offer AI‑powered features. Customer Content is processed solely to provide the Service to you and your organization. We do not use Customer Content to train our own models for general use. When we use third‑party model or infrastructure providers (e.g., cloud and AI/ML providers), we configure them—where options are available—so that your Customer Content is not used to train their models and is handled under appropriate data‑protection terms. See Section 6.3 (Sub‑processors) for more.

We do not make solely automated decisions that produce legal or similarly significant effects without appropriate human involvement.

3. Legal Bases for Processing (EEA/UK/Switzerland)

Where GDPR/UK GDPR applies, our processing relies on one or more of the following legal bases: contract performance, legitimate interests (e.g., to secure and improve the Service), consent (where required, e.g., certain cookies/marketing), and legal obligation.

4. How We Share Information

We do not sell personal information. We share information as follows:

  • Service providers / sub‑processors. Vendors that host, support, and help us deliver the Service (e.g., cloud hosting, authentication, analytics, AI/ML, email delivery). They may access personal information only to perform services for us and under contractual confidentiality and data‑protection obligations.
  • Workspace visibility. Depending on your organization’s settings and your role, some profile information and Customer Content may be visible to teammates or admins.
  • Compliance and safety. If required by law or in response to valid legal process; to protect any person’s safety; to detect, prevent, or address fraud, security, or technical issues; or to protect our rights or property.
  • Business transfers. In connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to standard confidentiality and continuity protections.

We do not share Customer Content with third parties for their independent advertising or marketing.

5. Data Retention

We retain personal information for as long as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. Organization admins can request deletion of workspaces or specific data. Individual users may request deletion as described in Section 8. When deletion is requested or a contract ends, we delete or anonymize data within a reasonable period, subject to backups and legal holds.

6. Security, Hosting, and International Transfers

6.1 Security

We maintain commercially reasonable administrative, technical, and physical safeguards designed to protect information, including:

  • Encryption in transit (TLS 1.2+) and at rest (AES‑256 or equivalent);
  • Access controls (role‑based access, least privilege, and audit logging);
  • Secure authentication (SSO/OAuth support and strong-password/2FA options for applicable roles);
  • Vulnerability management and security reviews of vendors.

No method of transmission or storage is 100% secure. If we learn of a security incident that affects you, we will notify you consistent with applicable law.

6.2 Hosting and transfers

We primarily host data in the United States and may process it in other locations where we or our service providers operate. When we transfer personal information across borders, we implement appropriate safeguards (e.g., Standard Contractual Clauses and comparable transfer mechanisms).

6.3 Sub‑processors

We maintain a list of current sub‑processors used to deliver the Service, including infrastructure and AI/ML providers, and will provide notice of material changes as required. [Link to Sub‑processors Page]

7. Cookies & Tracking Technologies

We use cookies and similar technologies to keep you signed in, remember preferences, and analyze usage. Where required by law, we request your consent before setting non‑essential cookies.

Your choices: You can manage cookies through your browser settings and our in‑product cookie banner or preferences manager (where available). Blocking certain cookies may affect functionality. We do not respond to Do‑Not‑Track signals.

8. Your Privacy Rights

Your rights depend on your location and role (individual vs. organization-admin). Subject to exceptions, you may have rights to access, correct, delete, port, or restrict certain processing of your personal information, and to object where we process based on legitimate interests. If processing is based on consent, you may withdraw consent at any time.

  • How to exercise: Contact us at privacy@vibegrade.com or team@vibegrade.com. We may ask you to verify your identity and coordinate with your organization if it is the controller.
  • Marketing communications: You can opt out via the unsubscribe link in emails.

8.1 California and certain U.S. state laws

If you are a resident of California (CCPA/CPRA) or a state with similar laws (e.g., Virginia, Colorado, Connecticut, Utah), you may have additional rights, including to know/access, correct, delete, and opt out of selling or sharing personal information or targeted advertising. We do not sell personal information as defined by those laws. To exercise rights or submit an opt‑out request, contact us at the addresses above. We do not use or disclose sensitive personal information to infer characteristics about you.

8.2 EEA/UK/Switzerland

You may lodge a complaint with a supervisory authority. Our primary establishment in the U.S. is listed in Section 14. If applicable, our EU/UK representative information will be posted here: [EU/UK Representative, if applicable].

9. Children’s Privacy

The Service is not directed to children under 13 (or the age of digital consent where you live) for self‑service accounts, and we do not knowingly collect personal information from them without appropriate consent. For education use, student data is provided under a school’s direction and consent process as described in Section 13.

10. Third‑Party Services and Links

The Service may integrate with or link to third‑party services. Their privacy practices are governed by their own policies, not this one. Your use of integrations is subject to your and your organization’s configuration and those third parties’ terms.

11. Data Protection Addendum

For organization customers, our Data Protection Addendum (DPA) forms part of the contract and governs processing of personal data as a processor/service provider. [Link to DPA]

12. Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will provide advance notice by email or in‑product notice. The updated Policy becomes effective on the date posted unless otherwise stated. Your continued use of the Service after the effective date constitutes acceptance.

13. Education & Student Data (FERPA/PIPEDA)

This section applies when the Service is used by Educational Institutions (e.g., schools, districts) and their educators.

  • Role and purpose. The Educational Institution is the data controller or equivalent; we act as its processor/service provider and a "school official" with a legitimate educational interest under FERPA. We process Student Data (e.g., student names, submissions, grades/feedback, and related metadata) solely to provide the Service to the Educational Institution and its educators.
  • No advertising or sale. We do not use Student Data for targeted advertising or sell Student Data.
  • AI processing. Student work submitted to AI‑enabled features is processed only to generate results for the educator or institution. We configure model providers, where possible, to prevent training on Student Data.
  • Access and deletion. The Educational Institution controls access to Student Data and handles parent/eligible student requests. Upon the institution’s documented request, we will delete or return Student Data within 30 days, subject to legal obligations and backups.
  • Security and audits. We implement security measures described in Section 6 and enter into data‑protection agreements with service providers that handle Student Data.

14. Contact Us & Controller Information

GradeAssist, Inc. 2261 Market Street, STE 86458 San Francisco, CA, United States

Email: privacy@vibegrade.com General inquiries: team@vibegrade.com

If you are in the EEA/UK/Switzerland, you may also contact our representative (if appointed): [To be provided, if applicable].

15. Governing Law

If you are accessing or using the Service from within Canada, this Policy is governed by the laws of the Province of Ontario and PIPEDA. If you are accessing or using the Service from within the United States, this Policy is governed by the laws of the State of Delaware and applicable U.S. federal laws, including FERPA for education use.

16. Additional Disclosures (Transparency)

To enhance transparency, we provide the following:

  • Data categories. We collect identifiers (e.g., name, email), commercial information (e.g., plan tier), internet/network activity (e.g., usage logs), geolocation (coarse IP-based), and inferences limited to product personalization—not for cross‑context behavioral advertising.
  • Sources. Directly from you/your organization, automatically from your device, and from integrated services you connect.
  • Retention. See Section 5. Specific retention periods may be documented in our DPA or admin controls.
  • Metrics & requests. Where required by law, we will publish request metrics upon verified request.

Appendix: Your Choices & Controls (Quick Reference)

  • Cookie preferences: Manage in the banner or browser settings.
  • Email settings: Use the unsubscribe link or contact support.
  • Access, correction, deletion: Contact privacy@vibegrade.com; we may direct you to your organization admin.
  • Integrations: Review and manage connected services within your admin or account settings.

This Policy is intended to provide transparent information about our practices. It does not create contractual or legal rights beyond those in our agreements with customers and applicable law.

TypeOS Follows You Wherever You Go.

Just install TypeOS.

Have Questions? TypeOS Has Answers

More questions? Check out our help center here

All AI, Where You Work.

TypeOS brings together ChatGPT, Gemini, Claude, Perplexity giving you all AI models across your browser.

ChatGPT
Chrome
Claude
PDF
Perplexity
Document
Gemini
Web
ChatGPT
Chrome
Claude
PDF
Perplexity
Document
Gemini
Web
ChatGPT
Chrome
Claude
PDF
Perplexity
Document
Gemini
Web
ChatGPT
Chrome
Claude
PDF
Perplexity
Document
Gemini
Web
TypeOS
└ TypeOS
Subprocessors include OpenAI, Anthropic, Google, and Vercel.
    Privacy Policy | VibeGrade