GDPR & Data Sovereignty
Your data belongs to you. We process it to deliver ClassGrade — nothing more.
Our commitments
You own your data
Client data — student records, curriculum content, assessment results, and any data uploaded to ClassGrade — belongs to the client. BlueberryML processes it as a data processor on your behalf. We have no independent right to use it.
Zero training on client data
We do not use client data — including student work, assessment responses, or curriculum content — to train any AI model. Your data is used exclusively to deliver the ClassGrade service to your students.
Pan-European ready
ClassGrade is designed to operate under GDPR and the UK GDPR. Our data architecture supports EU and UK data residency requirements. We work with partners across Europe and apply the same data protection standards regardless of jurisdiction.
DPA available on request
A Data Processing Agreement (DPA) is available for all clients and prospective partners. The DPA sets out the responsibilities of BlueberryML as data processor and the client as data controller, consistent with Article 28 of the GDPR.
Mainstream sub-processors only
We use only established, enterprise-grade sub-processors with their own GDPR compliance programmes and DPAs: Anthropic, Google Cloud, Deepgram, and Amazon Web Services. We maintain an up-to-date list and notify clients of changes.
Retention and deletion
Client data is retained only for as long as necessary to deliver the service. Upon contract termination, data is deleted or returned in a structured format within the timeframe specified in your DPA.
Sub-processors
We use only mainstream, enterprise-grade providers. Each has its own GDPR compliance programme. We notify clients of any changes to this list.
| Provider | Purpose |
|---|---|
| Anthropic | AI model inference — grading, content generation, and agentic orchestration. |
| Google Cloud | Infrastructure, storage, and compute. |
| Deepgram | Speech recognition for spoken auto-grading. |
| Amazon Web Services | Infrastructure and storage. |
Request a DPA
A Data Processing Agreement is available to all clients and prospective partners. Contact us to receive a copy, or to discuss any data protection questions before signing a licence agreement.
Request DPA