Security

• Role-based access for lecturer and institution workflows.
• Authentication-backed access to protected workspaces.
• Transport encryption for web traffic where deployed behind HTTPS.
• Separation of public marketing pages from authenticated app routes.
• Operational logging for troubleshooting, abuse prevention, and security investigation.

Uploaded question papers, answer keys, scanned scripts, and grading files are treated as sensitive academic records.

Access should be limited to authorized lecturers, institution administrators, support staff with a legitimate need, and approved infrastructure providers.

AI outputs are part of the review workflow, not a replacement for educator control. Security review includes ensuring that users understand when a suggestion is machine-generated and when a lecturer has approved final output.

Security issues can be reported to security@gradeoptimus.com. Please include the affected URL, steps to reproduce, potential impact, and a safe contact method.

Do not access, modify, delete, exfiltrate, or publicly disclose another user's data while testing. We will prioritize reports that help protect students, lecturers, and institutions.

• Use unique accounts for each lecturer or administrator.
• Remove access when staff leave a course or institution.
• Avoid uploading unnecessary student identifiers.
• Review AI suggestions before releasing grades.
• Use institution-approved retention and export practices.