Privacy Policy
We are committed to protecting your privacy and being transparent about our data practices.
✓ GDPR Compliant
✓ CCPA Compliant
✓ ISO 27001 Certified
Last updated: January 2025
We are committed to protecting your privacy and being transparent about our data practices.
✓ GDPR Compliant
✓ CCPA Compliant
✓ ISO 27001 Certified
Last updated: January 2025
At Tutcart, we believe that privacy is a fundamental right. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform. We are committed to transparency and give you control over your data.
This policy applies to all users of our platform, including students, tutors, parents, and educational institutions. By using Tutcart, you agree to the collection and use of information in accordance with this policy.
We collect information you provide directly to us, information we obtain automatically when you use our services, and information from third-party sources.
Information you provide directly:
Name, email address, phone number
Educational background and qualifications
Payment information (processed securely)
Identification documents for verification
Communications and feedback
Location information (with consent)
Automatically collected information:
We use your information to provide, maintain, and improve our services while ensuring safety and compliance.
Platform Operations
Service Delivery
Compliance & Safety
Improvement & Analytics
We do not sell your personal information. We may share your information only in specific circumstances outlined below.
Service Providers
We share information with trusted third-party service providers who help us operate our platform (payment processors, cloud hosting, analytics). These providers are contractually obligated to protect your data.
Educational Matching
Basic profile information is shared between tutors and students to facilitate learning sessions. We never share contact information without explicit consent.
Legal Requirements
We may disclose information if required by law, to protect safety, or to enforce our terms. This includes responding to legal requests and preventing fraud.
Business Transfers
In the event of a merger, acquisition, or sale of assets, user information may be transferred. We will notify users before any such transfer occurs.
Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place.
Data Hosting
Our primary data centers are located in secure, SOC 2 compliant facilities in the United States and European Union. Data is encrypted both in transit and at rest.
Legal Safeguards
We comply with international data transfer requirements including Standard Contractual Clauses, adequacy decisions, and binding corporate rules where applicable.
We retain your information for the minimum period necessary to fulfill the purposes outlined in this policy.
| Data Type | Retention Period | Reason |
|---|---|---|
| Account Information | Account active + 7 years | Legal compliance, tax records |
| Session Recordings | 30 days | Quality assurance, dispute resolution |
| Payment Records | 7 years | Financial regulations |
| Analytics Data | 2 years | Service improvement |
| Marketing Data | 3 years or until opt-out | Consent-based communications |
We implement comprehensive security measures to protect your information against unauthorized access, alteration, disclosure, or destruction.
Encryption
AES-256 encryption for data at rest and TLS 1.3 for data in transit
Access Controls
Role-based access, multi-factor authentication, and regular access reviews
Monitoring
24/7 security monitoring, intrusion detection, and regular vulnerability assessments
Data Breach Notification
In the unlikely event of a data breach, we will notify affected users within 72 hours and provide guidance on protective measures. We maintain comprehensive incident response procedures and cyber insurance coverage.
You have certain rights regarding your personal information. The specific rights available to you depend on your location.
Access
Request a copy of your personal data
Rectification
Correct inaccurate or incomplete data
Erasure
Request deletion of your personal data
Restriction
Limit how we process your data
Portability
Receive your data in a portable format
Object
Object to processing based on legitimate interests
Know Rights
Control Rights
We are committed to protecting children's privacy and comply with all applicable children's privacy laws including COPPA.
Age Restrictions
Tutcart is designed for users 13 and older. Students under 18 require parental consent and supervision. We do not knowingly collect personal information from children under 13.
Parental Controls
Parents can review their child's data, request deletion, or withdraw consent at any time. We provide tools for parents to monitor and control their child's learning activities.
We integrate with various third-party services to provide our platform. Each service has its own privacy policy.
MSG91
Privacy Policy →Email and SMS communications
Stripe
Privacy Policy →Payment processing
DigitalOcean
Privacy Policy →Cloud hosting and storage
Google Analytics
Privacy Policy →Usage analytics and insights
We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through our platform.
Notification Process
For significant changes, we'll provide a 30-day notice period and clear explanation of what changed and why. Your continued use of our services after changes take effect constitutes acceptance of the updated policy.
If you have questions about this Privacy Policy or our data practices, please contact us.
Privacy Team
For privacy-related inquiries and data requests
Data Protection Officer
For GDPR and data protection compliance matters
Quick answers to common privacy questions.