MarkInMinutes | AI-Powered Grading

At MarkInMinutes, we are committed to protecting your privacy. This policy explains how we collect, use, and safeguard your personal data in compliance with GDPR and other applicable data protection laws.

1. Data Controller

The data controller responsible for your personal data is:

Libaty GmbHAm Krummen Graben 23
63150 Heusenstamm
Germany

Email: info@libaty.com

2. Data We Collect

1Account Information

Email address (required for account creation)
Full name (optional)
Password (stored securely hashed)
Profile picture (optional, via Google sign-in)

2Usage Data

Files you upload for grading (PDFs, documents, code files)
Assignment details and rubrics you create
Grading results and feedback generated
How you interact with the platform (pages visited, features used)

3Technical Data

IP address
Browser type and version
Device type and operating system
Access logs and error logs

4Payment Information

We do not store payment card details. All payment processing is handled by Paddle, our Merchant of Record. Paddle may collect billing information necessary to process your payments.

3. How We Use Your Data

We process your data for the following purposes:

To provide and maintain the MarkInMinutes service
To process your submissions through our AI grading system
To send you important service updates and notifications
To process payments and manage your subscription
To improve our service and develop new features
To detect and prevent fraud, abuse, and security issues
To comply with legal obligations

4. Legal Basis for Processing

Under GDPR, we process your data based on:

Contract Performance

Processing necessary to provide the service you subscribed to

Consent

Where you have given explicit consent (e.g., marketing communications)

Legitimate Interests

For service improvement, security, and fraud prevention

Legal Obligation

To comply with applicable laws and regulations

5. Third-Party Services

We work with trusted third-party providers to deliver our service:

Service	Purpose	Data Location
Supabase	Database, authentication, and file storage	EU (Frankfurt)
Vercel	Website hosting and content delivery	Global (Edge)
Railway	Backend infrastructure and hosting	EU/US
Paddle	Payment processing and billing	UK/EU
Google (Gemini AI)	AI-powered grading analysis	USA
PostHog	Product analytics and user experience improvement	EU

6. AI Processing of Your Data

When you submit files for grading, they are processed by AI systems (currently Google Gemini) to generate grading analysis and feedback.

Important Privacy Safeguards

Your submissions are NOT used to train AI models
Files are processed temporarily and deleted from AI systems after grading
AI providers do not retain your content beyond the processing period

7. Data Retention

We retain your data for different periods depending on the type:

Account dataRetained while your account is active, plus 3 years after deletion

Submission metadata and gradesRetained for 3 years for audit and improvement purposes

Uploaded filesDeleted immediately after grading is complete

Technical logsRetained for 90 days for security and debugging

8. Your Rights (GDPR)

As a data subject, you have the following rights:

Right of Access: Request a copy of your personal data
Right to Rectification: Correct inaccurate personal data
Right to Erasure: Request deletion of your personal data
Right to Restriction: Limit how we process your data
Right to Data Portability: Receive your data in a structured, machine-readable format
Right to Object: Object to processing based on legitimate interests
Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise these rights, contact us at privacy@markinminutes.com or use the account settings to delete your data.

9. Data Security

We implement appropriate technical and organizational measures to protect your data:

Encryption in transit (TLS 1.3) and at rest (AES-256)
Role-based access controls for employees
Regular security audits and monitoring
Prompt security updates and patch management

10. International Data Transfers

Your data may be transferred to and processed in countries outside the EU/EEA, including the USA. When this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

11. Children's Privacy

MarkInMinutes is designed for educators and students. While students may use the service, accounts must be created by individuals who are at least 16 years old. We do not knowingly collect personal information from children under 16 without parental consent.

12. Cookies

We use cookies and similar technologies. For detailed information, please see our Cookie Policy.

13. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes via email or through the platform. The 'Last Updated' date at the top indicates when the policy was last revised.

14. Supervisory Authority

If you believe we have not handled your data correctly, you have the right to lodge a complaint with a supervisory authority. For Germany:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Postfach 3163
65021 Wiesbaden
Germany
https://datenschutz.hessen.de

15. Contact Us

For any privacy-related questions or to exercise your rights, please contact us:

Email: privacy@markinminutes.com