GRADEUM TECHNOLOGIES, LLC

PRIVACY POLICY

LEGAL-002 | Version 1.1 | Effective April 4, 2026

Last Updated: April 4, 2026

Gradeum Technologies, LLC (“Gradeum,” “we,” “us,” or “our”) is committed to protecting the privacy and security of our users’ data. This Privacy Policy describes how we collect, use, store, and protect information when you use our AI-powered knowledge management and workflow platform (the “Services”).

1. Our Data Architecture

Gradeum is designed so that your firm’s engineering documents, drawings, reports, calculations, and files remain on your own server at all times. The Nexus, a software application installed on your server, indexes your documents locally. When you submit a query, only small text excerpts (typically 50–150 words) are transmitted to our cloud platform for processing. Complete documents are never uploaded to, stored on, or retained by Gradeum’s servers.

2. Information We Collect

2.1. Account Information

When you create an account, we collect:

  • Name and email address
  • Professional role (Principal, PE, EIT, or other)
  • PE license number and state of licensure (for PE-role accounts)
  • Organization name and affiliation
  • Account credentials (passwords are stored as salted hashes; we never store plaintext passwords)

2.2. Document Excerpts

When you submit queries, the Nexus on your server retrieves relevant text excerpts from your indexed documents and transmits them to our cloud platform. These excerpts are typically 50–150 words each. We maintain a rolling 30-day cache of recently retrieved excerpts for service continuity during Agent outages. Cached excerpts older than 30 days are automatically purged. You may request immediate cache deletion at any time.

2.3. Usage Data

We collect information about how you interact with the Services, including:

  • Query content and timestamps
  • AI response content and associated metadata
  • Compute Dollar consumption records
  • PE review and approval actions (stored in an immutable, append-only responsible charge log)
  • Feature usage patterns
  • Device type, browser type, and IP address

2.4. Payment Information

Payment card information is collected and processed by Stripe, Inc. Gradeum does not store, access, or retain your payment card numbers, expiration dates, or CVV codes. We receive only transaction confirmation details (amount, date, status) from Stripe.

3. How We Use Your Information

We use the information we collect to:

  • Provide and maintain the Services, including processing queries and returning AI-assisted responses
  • Verify professional credentials (PE license validation)
  • Process Compute Dollar purchases and maintain billing records
  • Maintain the responsible charge log as required for professional engineering compliance
  • Communicate with you about your account, service updates, and security notices
  • Monitor and improve the performance, reliability, and security of the Services
  • Comply with legal obligations

4. What We Never Do With Your Data

We will never:

  • Use your documents, excerpts, or any client data to train, fine-tune, or improve any AI model
  • Sell, rent, or share your data with third parties for marketing or advertising purposes
  • Make your data accessible to other Gradeum clients or any unauthorized third party
  • Access your complete documents on your server (we have no remote access to your file system)
  • Modify or delete entries in the responsible charge log (it is immutable by design)

5. Third-Party Service Providers

We use the following third-party service providers to deliver the Services. Each processes only the minimum data necessary for its function:

Both Anthropic and OpenAI process query excerpts under zero-data-retention API agreements. They do not store, train on, or retain any data submitted through Gradeum’s API. We will notify you within thirty (30) days of any material change to an AI provider’s data handling terms.

6. Data Isolation

Each client organization’s data is fully isolated from every other organization’s data. Our database enforces row-level security policies scoped by organization identifier. The Nexus runs independently on each client’s server. No client can access another client’s data through the platform.

7. Security Measures

We implement commercially reasonable security measures to protect your data, including:

  • Encryption in transit (TLS 1.2+) for all data transmitted between your server, our platform, and AI providers
  • Encryption at rest for all cloud-stored data
  • OAuth 2.0 JWT authentication for Agent-to-Platform communication
  • Role-based access controls (Principal, PE, EIT) enforced at both the application and database levels
  • IP allowlisting for Agent connections
  • Salted password hashing (bcrypt)
  • Immutable, append-only audit logging for all PE review actions

8. Data Retention

We retain data as follows:

  • Account information: retained for the duration of the account, deleted within 30 days of account termination
  • Document excerpts (cache): rolling 30-day cache, automatically purged. Immediate deletion available on request.
  • Responsible charge log: retained for the duration of the account. Exported to client before deletion upon termination.
  • Compute Dollar transaction records: retained for 7 years for tax and accounting compliance
  • Usage data: retained for 12 months in identifiable form, then aggregated and anonymized

9. Your Rights

You have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate personal data
  • Deletion: Request deletion of your account and associated data (subject to legal retention requirements)
  • Cache deletion: Request immediate deletion of cached document excerpts at any time
  • Data export: Export your responsible charge log and project metadata at any time through the platform
  • Objection: Object to specific uses of your data

To exercise any of these rights, contact us at jacob@gradeumtech.com. We will respond within thirty (30) days.

10. State Privacy Law Compliance

If you are a resident of a state with comprehensive privacy legislation (such as the Texas Data Privacy and Security Act, the California Consumer Privacy Act, or similar laws), you may have additional rights regarding your personal information. We comply with applicable state privacy laws. Contact us to exercise any state-specific rights.

11. Children’s Privacy

The Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 18, we will delete it promptly.

12. International Data

The Services are hosted in the United States. If you access the Services from outside the United States, you consent to the transfer of your data to the United States for processing. Gradeum processes data in accordance with this Privacy Policy regardless of the location from which it originates.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the platform or by email at least sixty (60) days before taking effect. Your continued use of the Services after the effective date of a revised policy constitutes your acceptance of the changes.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Gradeum Technologies, LLC
Email: jacob@gradeumtech.com
Houston, Texas

Gradeum Technologies, LLC | Privacy Policy | LEGAL-002 v1.1 | April 4, 2026