The EU AI Act doesn't threaten our business.
It eliminates our competition.

The EU AI Act classifies education AI as high-risk. That means mandatory quality management, human oversight, technical documentation, and full audit trails.

Enforcement begins in August 2026. Most AI companies are just starting to figure out what this means. We designed Grasperly's architecture around these requirements from the very beginning.

Enforcement begins August 2026. We'll be ready.

Grasperly processes all data within the EU. We don't transfer student data outside European borders. Every integration, every model call, every storage layer, designed for GDPR compliance from the start.

• EU-only data processing
• Data Processing Agreements (DPAs) for every institution
• Data Protection Impact Assessment (DPIA) completed
• Consent-first data collection
• No cross-border data transfers
• Data minimization by design
• Right to deletion fully supported

Professors upload their course materials to train their AI teaching assistant. That content remains theirs, fully and exclusively. We never share it across institutions, never use it to train base models, and never claim any rights to it.

• Individual licensing per professor
• Full ownership retained by the creator
• Never shared between institutions
• Never used to train base models
• Withdraw consent anytime
• Single onboarding flow for content and permissions

Universities have procurement teams, IT security reviews, and vendor assessment frameworks. We built Grasperly to pass them, not to ask for exceptions.

• End-to-end encryption (TLS 1.3, AES-256 at rest)
• SOC 2 Type II on our roadmap
• Regular penetration testing
• Role-based access control (RBAC)
• SSO via SAML 2.0 and OIDC
• 99.9% uptime SLA

Need compliance documentation for your procurement team?
We probably already have it.

DPAs, security questionnaires, AI Act conformity documentation: ask us and we'll send it over.