Privacy Policy
1. Who We Are
Katana ("we," "us," or "our") is an AI-assisted grading tool available as a Google Chrome extension, operated by Torabashiri, LLC at gradewithkatana.com. Katana was created by university professors. Questions about this policy: hello@gradewithkatana.com.
2. What Data We Collect
Account information
When you create an account, we collect your email address. We use passwordless authentication (magic links); no password is ever stored.
Usage data
We track the number of grades used per billing period per account so we can enforce plan quotas. We do not log the content of those grades.
Submission data (processed, not stored)
When you click "Grade This Submission," the Katana Chrome extension reads the student's submission text, assignment instructions, and rubric from the Canvas SpeedGrader page currently open in your browser. This data is transmitted securely to our grading API, forwarded to Anthropic's Claude AI service to generate a grade and feedback, and then immediately discarded. We do not write submission content, student names, grades, or feedback to any database or log file.
What we do NOT collect
- Student names, IDs, or contact information in any stored form
- Submission text after processing is complete
- Grades or feedback after they are returned to your browser
- Canvas credentials, cookies, or session tokens
- Browser history, other tab content, or any data unrelated to grading
3. No AI Training on Student Data
Student submissions, grades, and feedback are never used to train, fine-tune, or improve any AI model — including the Claude models provided by Anthropic. Our agreement with Anthropic prohibits use of API inputs for model training. We will never use student work for any commercial purpose beyond providing you with the grading result.
4. How We Use Your Data
- Email address: To send you sign-in magic links and occasional service notices (e.g., billing changes, security alerts). We do not send marketing emails without your opt-in consent.
- Grade counts: To enforce plan quotas and display your usage on the dashboard.
- Submission data: Solely to call the Claude AI API and return a grading result to you. This data is not retained.
5. Data Sharing and Subprocessors
We share data only as described below. We do not sell your data to any third party.
| Subprocessor | Purpose | Data shared |
|---|---|---|
| Anthropic (Claude AI API) | AI grading — generate grade and feedback | Submission text, assignment instructions, rubric (in transit only; not retained) |
| Supabase | Authentication, account database | Email address, grade count, plan type |
| Vercel | Web hosting and edge functions | Standard server logs (IP, request metadata); no student content |
| Stripe (when billing is active) | Payment processing | Billing name, email, payment method (handled directly by Stripe) |
All subprocessors are contractually bound to process data only as directed and to maintain appropriate security safeguards.
6. FERPA Awareness
Katana is designed with FERPA (Family Educational Rights and Privacy Act, 20 U.S.C. § 1232g) in mind. Specifically:
- We use student submission data solely to provide the grading service — no other commercial use.
- We do not disclose education records to any party not listed in the subprocessors table above.
- We do not retain student submission data after grading is complete.
- Student work is never used to train or improve any AI model.
Instructors using Katana are responsible for ensuring their use of the tool complies with their institution's policies regarding third-party tools in grading. A Data Processing Agreement is available upon request for institutions that require one. Contact hello@gradewithkatana.com.
7. GDPR Compliance (EEA and UK Users)
If you are located in the European Economic Area or the United Kingdom, the following applies to you under the General Data Protection Regulation (GDPR):
- Legal basis: We process your email address under the lawful basis of contractual necessity (to provide the service you signed up for). We process submission data under the lawful basis of our legitimate interest in providing the grading service, subject to your overriding rights.
- Data transfers: Your account data may be processed in the United States. Such transfers occur under Standard Contractual Clauses (SCCs).
- Your rights: You have the right to access, correct, delete, or port your personal data; to object to processing; and to withdraw consent. Contact us at hello@gradewithkatana.com.
- Retention: Account data is retained for the duration of your account. Submission data is not retained. Upon account deletion, account data is deleted within 30 days.
- DPA: A Data Processing Agreement is available for EU institutions upon request.
8. Security
- All data in transit is encrypted using TLS 1.2 or higher.
- Account data at rest is encrypted with AES-256.
- Access to account data is restricted to authorized personnel on a need-to-know basis.
- Submission data is never written to disk or database at any stage of processing.
If you discover a security vulnerability, please report it to hello@gradewithkatana.com.
9. Cookies
Our website uses only essential cookies required for authentication (session token). We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
10. Children's Privacy
Katana is a tool for educators, not students. We do not knowingly collect personal information from individuals under 18. If you believe a child has provided us personal information, contact us and we will delete it promptly. Instructors who use Katana to grade K–12 student work are responsible for ensuring their use complies with applicable laws including COPPA (if applicable).
11. Changes to This Policy
We will post any changes to this policy on this page and update the effective date. Material changes will be communicated by email. Continued use of Katana after changes take effect constitutes acceptance of the updated policy.
12. Contact
Privacy questions, data subject requests, and DPA inquiries:
hello@gradewithkatana.com
Torabashiri, LLC · gradewithkatana.com