Privacy Policy
Effective date: June 12, 2026
This Privacy Policy explains how Pearson Media LLC (“Pearson Media,” “GradeThread,” “we,” “us,” or “our”) collects, uses, and shares information when you use the GradeThread website at gradethread.com, the FlipDesk reseller workspace, our APIs, and related services (collectively, the “Service”).
By using the Service, you agree to the practices described in this policy. If you do not agree, please do not use the Service. This policy works together with our Terms of Service, Cookie Policy, and Acceptable Use Policy.
1. Who we are
Pearson Media LLC is the controller of personal information processed through the Service. You can reach our privacy team at [email protected].
2. Information we collect
2.1 Information you provide
- Account information. Name, email address, password (hashed), and profile details when you create an account.
- Garment photos and item data. Images you upload for grading, plus garment metadata such as category, brand, size, color, measurements, defect notes, and cost basis.
- Photo (EXIF) metadata. When you upload a garment photo, we may read technical metadata embedded in the original file — camera make and model, the date and time the photo was taken, and, if your device recorded it, GPS location. We use this only to support grade authenticity and provenance features. This metadata is stored privately against your submission, is access-controlled, and is never shown publicly, on certificates, or to buyers. Its absence is normal and never lowers a grade. We may optionally retain the unmodified original file for forensic verification where enabled for your plan; you can request deletion of this metadata and any retained original at any time (see “Your rights” below), and it is removed when the underlying submission is deleted.
- Verified Capture (opt-in provenance). If you choose the optional Verified Capture path for a submission, we check the provenance metadata described above — the device make/model and the capture timestamp of each photo — to confirm the photos were taken recently, on a single consistent device, were not edited, and are not reused from another account. When those checks pass, we award a Verified Capture badge on the public certificate and modestly raise the grade’s confidence. Only the pass/fail result and the badge are ever shown publicly — the underlying device and timestamp details stay private and access-controlled. Verified Capture is entirely optional, you control it per submission, and choosing not to use it (or not qualifying) never lowers your grade.
- Reseller workflow data (FlipDesk). Sources, intake batches, drafts, listings, sales, payouts, expenses, and notes you enter into FlipDesk.
- Payment information. When you subscribe to a paid plan, our payment processor (Stripe) collects card or bank details on our behalf. We receive limited information such as the last four digits of your card, brand, expiration, billing ZIP, and subscription status; we do not store full card numbers.
- Communications. Messages you send to our support, billing, or privacy addresses, and feedback you submit through the Service.
- Dispute submissions. Photos, text, and other information you submit when challenging a grade.
2.2 Information collected automatically
- Usage data. Pages viewed, features used, clicks, referring URLs, session duration, and similar interaction events.
- Device and log data. IP address, browser type and version, operating system, device identifiers, language preference, and timestamps.
- Cookies and similar technologies. See our Cookie Policy.
- Diagnostic data. Crash reports and stack traces collected through our error-monitoring provider (Sentry), which we configure to minimize personal data — it does not collect your IP address or attach default personal data.
- Approximate location. We derive a coarse country (and, in the US, state) from your IP address at our CDN edge solely to show you the correct cookie-consent experience for your region. We do not store this signal for that purpose.
2.3 Information from third parties
- Single sign-on. If you sign in with Google, we receive your name, email address, and profile image from Google.
- Marketplaces. If you connect an eBay, Poshmark, Mercari, or other marketplace account, we receive listing, order, and payout information you authorize that platform to share.
- Payment processor. Stripe shares subscription, invoice, and refund status with us.
3. How we use information
We use information to:
- Provide, operate, secure, and improve the Service;
- Generate AI-assisted condition grades, written summaries, and listing drafts;
- Issue and host shareable grade certificates that you choose to publish;
- Process payments, manage subscriptions, send invoices, and prevent fraud;
- Communicate with you about account, billing, security, and product updates;
- Send marketing emails (only where permitted; you can opt out at any time);
- Monitor performance, debug errors, and analyze aggregate usage to improve features;
- Train and refine internal grading prompts, evaluation sets, and quality metrics using de-identified or aggregated data;
- Comply with legal obligations, enforce our Terms of Service, and protect the rights, safety, and property of Pearson Media, our users, and the public.
4. AI grading and your photos
When you submit a garment for grading, we send the photos and accompanying metadata to our AI vision provider, Anthropic (Claude Vision API), which analyzes the images to produce a grade and report.
- Anthropic processes the data as our subprocessor under contractual confidentiality and security terms.
- Anthropic does not use your photos or content to train its foundation models when accessed through our enterprise API configuration.
- We retain your original photos and the resulting grade report in our Supabase storage so you can view, share, and dispute them later.
- We may use de-identified images and aggregated grading outputs to evaluate model accuracy, build internal benchmarks, and improve prompts. We will not publish your specific images without your consent except as part of a certificate you have chosen to make public.
- You retain ownership of the photos you upload. See Terms of Service for the license you grant us to process and display them.
4.1 Human quality-assurance review
To keep grades accurate and consistent, a small number of trained GradeThread reviewers may view the photos you submitted for grading — for example to audit low-confidence AI grades, investigate disputes, or run inter-rater reliability studies in which several reviewers independently grade the same garments. This access is deliberately limited:
- Minimized. For reliability studies, reviewers see the garment photos and basic garment attributes (type, category, brand) only. Your name, email address, and other account details are never displayed alongside them, and seller-written titles and descriptions are excluded.
- Access-logged. Every reviewer view of a sampled submission's photos is recorded in an audit log identifying the reviewer, the item, and the time of access.
- In place, not copied. Reviewers view photos through short-lived, expiring links inside the platform; QA studies store only the resulting numeric ratings and notes, not copies of your photos.
- Confidential. Reviewers are bound by confidentiality obligations and may use what they see only for quality assurance.
Consent and retention for QA use. QA review is part of providing and improving the Service and is covered by the license you grant in the Terms of Service together with this disclosure; for EEA/UK users our legal basis is our legitimate interest in grading quality. We do not seek separate per-photo consent, but you may object to QA review of your photos at any time by emailing [email protected] — objecting does not affect your grades or certificates. QA access ends when your photos are deleted under the retention schedule in Section 7 (or earlier on request); deleted photos drop out of QA samples because reviewers always read the live stored photo, never a copy.
5. Public grade certificates
Grade certificates are designed to be shareable. When you publish a certificate or share its link, the certificate page (including the overall score, factor breakdown, garment category, and the photos attached to that grade) becomes accessible to anyone with the URL. Search engines may also index certificates. You can request the removal of a certificate at any time by contacting [email protected].
6. How we share information
We do not sell personal information. We share it only as follows. A complete, dated list of our subprocessors is on the Subprocessors page, and customers with data-processing obligations can review our Data Processing Addendum.
- Service providers (subprocessors). Vendors that host, secure, monitor, and support the Service, including:
- Supabase / self-hosted infrastructure — database, authentication, and object storage;
- Anthropic, PBC — Claude Vision API for AI-assisted grading and listing generation;
- Stripe, Inc. — payment processing, subscription billing, and tax handling;
- Cloudflare, Inc. — hosting, DNS, CDN, and edge security;
- PostHog, Inc. — product analytics;
- Functional Software, Inc. (Sentry) — error monitoring and performance tracing;
- Email delivery providers — transactional and marketing email.
- Marketplaces and integrations. When you connect a third-party marketplace or tool, we exchange information with that service as needed to perform the integration.
- Legal and safety. To comply with applicable law, legal process, or enforceable government request; to enforce our terms; to detect fraud or abuse; or to protect the rights, property, or safety of Pearson Media, our users, or others.
- Business transfers. In connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, subject to standard confidentiality protections.
- With your consent. For any other purpose disclosed to you and with your permission.
7. Data retention
We retain personal information for as long as your account is active and as needed to provide the Service, then delete or de-identify it according to the schedule below. We retain data longer only where required for legal, accounting, tax, fraud-prevention, or dispute-resolution purposes. Aggregate or de-identified data that cannot reasonably be linked to you may be retained indefinitely.
| Data category | Retention period |
|---|---|
| Grading photos (uploaded garment images) | Automatically deleted 2 years after submission; the resulting grade report is anonymized (photos removed) and retained for certificate validity and accuracy analytics. |
| Grade reports & certificates | Life of the account (the certificate must remain verifiable). |
| Account profile & authentication data | Deleted or de-identified within 90 days of account closure. |
| Billing & transaction records | Up to 7 years (tax/accounting obligations). |
| Support & dispute correspondence | Up to 3 years after resolution. |
| Server & security logs | Up to 90 days, then purged or aggregated. |
Grading-photo deletion is enforced automatically by a scheduled purge job; you can also request earlier deletion at any time (see Your rights).
8. Your rights and choices
Depending on where you live, you may have rights to access, correct, delete, restrict, or port your personal information, and to object to certain processing. You can exercise these rights by:
- Editing your profile and submissions directly in Settings;
- Deleting individual submissions, certificates, items, or your entire account from within the Service;
- Emailing [email protected] with your request. We may need to verify your identity before acting.
EEA/UK residents. Our legal bases for processing are the performance of a contract with you, your consent, our legitimate interests (such as securing and improving the Service), and compliance with legal obligations. You may lodge a complaint with your local supervisory authority.
California residents. Under the CCPA/CPRA, you have the right to know what personal information we collect, the right to delete, the right to correct, the right to opt out of certain “sharing,” and the right to non-discrimination. We do not sell personal information.
9. Security
We use industry-standard administrative, technical, and physical safeguards to protect your information — including encryption in transit (TLS), encryption at rest for sensitive fields, row-level security in our database, and least-privilege access controls. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
10. International transfers
Pearson Media LLC is based in the United States. If you access the Service from outside the U.S., your information will be transferred to, stored in, and processed in the U.S. and other countries where our subprocessors operate. Where required, we rely on appropriate transfer mechanisms such as the Standard Contractual Clauses.
11. Children
The Service is intended for adults. You must be at least 18 years old to use it (see our Terms of Service). The Service is not directed to children, and we do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us information, contact [email protected] and we will delete it.
12. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Effective date” above and, where required, notify you via email or in-product notification. Your continued use of the Service after the change becomes effective constitutes acceptance of the updated policy.
13. Contact us
Pearson Media LLC
Attn: Privacy
[email protected]
