Skip to main content

Privacy Policy

Last updated: May 28, 2026

Overview

TutorMe (“we,” “us”) explains here how we collect, use, and share personal information when you use tutorme.academy and related services.

Information we collect

  • Account data — name, email, role (parent, student, tutor, admin), password hash (if you set a password), timezone, sign-in method, account status.
  • Family data — family membership, invite codes, links between parents and students.
  • Tutor profile data — bio, subjects, hourly rate, photo, vetting status, public slug, Stripe Connect account identifiers, ratings.
  • Booking & session data — appointment times, status, payment installment status, video room identifiers (RealtimeKit), session reports and attachments.
  • Payment metadata — Stripe customer, subscription, and payment intent IDs (we do not store full card numbers).
  • Communications — messages you send via the contact form; transactional emails we send (magic links, reminders, receipts).
  • Technical data — session cookies, security tokens (Turnstile), and server logs through Cloudflare.

How we use information

We use personal information to:

  • Provide accounts, authentication, and role-based portals
  • Match families with vetted tutors and process bookings
  • Bill subscriptions and session installments through Stripe
  • Host live video sessions and deliver session reports
  • Send transactional notifications (email and in-app)
  • Prevent fraud and abuse (rate limits, Turnstile)
  • Operate and improve the Platform

Legal bases (EEA/UK users)

Where GDPR applies, we rely on contract performance (providing the service), legitimate interests (security, improvement), and consent where required (e.g. optional marketing, if offered in the future).

Children & COPPA

Students under 13 should not register independently. Parents create and manage family accounts, invite students, and control billing. Student sign-in may use parent-issued magic links or optional passwords. We collect student names and session participation only as needed for the service. Parents may contact us to review or delete a child’s data tied to their family.

Sharing & processors

We share data with service providers only as needed to operate TutorMe:

  • Stripe — subscriptions, session charges, Connect tutor payouts, refunds
  • Cloudflare — hosting, D1 database, R2 file storage, KV rate limits, Turnstile, RealtimeKit video
  • Email delivery — transactional email via our configured API gateway (see environment configuration)

We do not sell personal information. We may disclose information if required by law or to protect rights and safety.

Storage & retention

Data is stored in Cloudflare D1 (relational data) and R2 (avatars, report attachments). We retain account and family data while your account is active. Session, billing, and tax-related records may be kept for at least seven years where required. You may request deletion of non-essential data; some records must be retained for legal or fraud-prevention reasons.

Security

We use httpOnly session cookies, hashed tokens, encrypted connections (HTTPS), role-based access, Stripe for payments, and Cloudflare Turnstile on sensitive forms. No method is 100% secure; report concerns to support@tutorme.academy.

Your rights

Depending on your location, you may request access, correction, deletion, or portability of personal data, or object to certain processing. Contact support@tutorme.academy. We will respond within a reasonable time.

International users

If you access TutorMe from outside the United States, your information may be processed in the U.S. and other countries where our providers operate.

Changes

We may update this policy. The “Last updated” date reflects the current version. Significant changes may be communicated through the Platform or email.

Contact

Privacy inquiries: Contact form or support@tutorme.academy.