Privacy Policy

We collect information that you explicitly provide to us, as well as information generated automatically when you interact with our Platform. The types of information include:

• Personal Data: Full name, email address, phone number, password, and profile picture provided during registration via Firebase Authentication (Email/Password or Google Sign-In).
• Professional Data (Teachers): Biography, subjects taught, qualifications, years of teaching experience, hourly rates, availability schedules, and uploaded teaching resources.
• Educational Data (Students): Learning goals, preferred subjects, school or institution name, grade level, and session booking history.
• Communication Data: Real-time chat messages, message metadata (timestamps, read receipts), and conversation history processed through CometChat.
• Payment Data: Transaction IDs, subscription plan details, billing amounts, and payment confirmations processed through Razorpay. We do not store credit/debit card numbers or bank account details on our servers.
• Usage & Analytics Data: Device information, browser type, IP address, pages visited, session duration, feature interactions, and in-app events collected via Firebase Analytics.

We use the information we collect for the following purposes, which are essential to providing and improving our educational platform:

• Account Management: To create and manage your user account, authenticate your identity, and maintain your profile.
• Service Delivery: To facilitate session bookings between students and teachers, manage batch enrollments, and deliver scheduled tutoring sessions.
• AI-Powered Recommendations: To provide personalized tutor recommendations, resource suggestions, and learning path guidance via our Gemini AI Assistant.
• Payment Processing: To process subscription payments, manage billing cycles, issue refunds, and maintain transaction records.
• Communication: To enable real-time messaging between students and teachers, and to send important service notifications and updates.
• Platform Improvement: To analyze usage patterns, identify bugs, improve user experience, and develop new features.
• Safety & Security: To detect and prevent fraud, abuse, and unauthorized access to accounts and data.

We rely on trusted third-party service providers to operate key parts of our Platform. These providers process data on our behalf and are bound by their own privacy policies:

• Google Firebase (Authentication, Firestore, Hosting, Analytics) — for user authentication, data storage, app hosting, and usage analytics.
• CometChat — for real-time messaging and chat infrastructure between students and teachers.
• Razorpay — for secure payment processing and subscription management. All payment data is handled in compliance with PCI-DSS standards.
• Google Gemini AI (via Genkit) — for generating AI-powered tutor recommendations, bio enhancements, and resource suggestions.

We encourage you to review the privacy policies of these third-party providers to understand how they handle your data.

Your data is stored securely using Google Firebase Firestore and protected by Firebase Authentication. We implement the following security measures:

• Firestore Security Rules: Granular, role-based access controls that ensure students can only access their own data, teachers can only modify their own profiles and batches, and sensitive data is restricted from unauthorized reads.
• Encryption: All data transmitted between your device and our servers is encrypted using TLS/SSL (HTTPS). Data at rest in Firestore is encrypted by default using Google's infrastructure.
• Secure Authentication: Passwords are never stored in plain text. Firebase Authentication uses industry-standard hashing and salting mechanisms.

While we employ commercially reasonable measures to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

We retain your personal data for as long as your account is active or as needed to provide our services. Specifically:

• Account Data: Retained for as long as your account exists. Upon account deletion, personal data will be removed within 30 days, except where retention is required by law.
• Transaction Records: Payment and subscription records are retained for a minimum of 5 years to comply with financial and tax regulations.
• Chat History: Archived chat messages are retained for up to 12 months after the conversation ends, after which they may be permanently deleted.
• Analytics Data: Aggregated, anonymized usage data may be retained indefinitely for platform improvement purposes.

TutorLink is designed to be used by students of various ages, including minors. We take the privacy of children seriously:

• Users under the age of 18 should only register and use the Platform under the supervision and consent of a parent or legal guardian.
• We do not knowingly collect personal information from children under 13 without verifiable parental consent, in accordance with applicable child privacy laws.
• If we learn that we have inadvertently collected personal information from a child under 13 without proper consent, we will take steps to delete such data promptly.
• Parents or guardians may contact us at any time to review, modify, or request deletion of their child's personal data.

Depending on your location and applicable data protection laws, you may have the following rights regarding your personal data:

• Right of Access: You may request a copy of the personal data we hold about you.
• Right to Rectification: You may update or correct inaccurate personal data through your profile settings or by contacting us.
• Right to Deletion: You may request the deletion of your account and personal data, subject to our data retention obligations.
• Right to Data Portability: You may request a machine-readable copy of your personal data for transfer to another service.
• Right to Object: You may object to the processing of your data for specific purposes, such as marketing communications.

To exercise any of these rights, please contact us using the details provided at the bottom of this page. We will respond to your request within 30 days.

Our Platform uses cookies and similar technologies to enhance your experience:

• Essential Cookies: Required for basic platform functionality, such as session management and authentication.
• Analytics Cookies: Used by Firebase Analytics to understand how users interact with our Platform, including page views, feature usage, and session duration.
• Preference Cookies: Used to remember your settings and preferences (such as theme and language selections).

You can manage cookie preferences through your browser settings. However, disabling essential cookies may impair core platform functionality.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. When we make material changes:

• We will update the "Last updated" date at the top of this page.
• For significant changes, we may notify you via email or through a prominent notice on the Platform.
• Your continued use of the Platform after any changes constitutes acceptance of the updated policy.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.