App purpose
Graddly is an India-only mobile application for parents of K–12 students (CBSE/ICSE curriculum). Parents take a photo of a worksheet or notebook page; Graddly analyses it and returns plain-language feedback and weekly progress reports.
We use Google Sign-In solely to authenticate the parent. Graddly does not call any other Google API, does not access Gmail, Drive, Calendar, Contacts, or YouTube, and does not store any Google data beyond what is needed to identify the signed-in user.
Scopes requested
| Scope | Why we request it |
|---|---|
| openid | Standard OpenID Connect identifier, required to issue a signed authentication token and establish a session. |
| We use the parent's email address as the canonical account identifier (for receipts, password-free login, deletion requests). We do not send marketing email without explicit opt-in. | |
| profile | We display the parent's first name and avatar (when available) inside the app, so the account header reads "Welcome back, Priya" rather than an opaque user ID. No friends, contacts, or other social graph data is read. |
We request only these three non-sensitive scopes. We do not request any restricted or sensitive scopes.
Sign-in flow
- The user opens the Graddly app and taps "Continue with Google".
- The Google Sign-In SDK presents Google's standard consent screen with the three scopes above.
- On consent, Google returns an ID token. Our backend verifies the token, looks up or creates the user account by Google sub-id + email, and issues a Graddly session token.
- The Google access token is discarded at the end of the request. We do not store or refresh it.
What we store from Google
- Google subject ID (used internally to match returning users)
- Email address
- Given name & family name
- Avatar URL (cached for 7 days; we do not re-host the image)
That's everything. We do not store access tokens or refresh tokens, and we make no further calls to Google APIs after sign-in.
Demo / screencast
A screencast walkthrough of the consent flow and scope usage is available here: [Screencast URL placeholder, we'll fill before submission].
If your reviewer needs a test account, please request one at hello@graddly.com with subject line "Google OAuth review, test account request".
Contact for verification
- Primary contact: hello@graddly.com
- Data protection: hello@graddly.com
- Registered office: see Contact page
This page is intentionally not linked from our main navigation; it exists so Google's verification team can review our scope usage in one place. It is reachable at graddly.com/oauth/consent-info.