Privacy Policy

Your privacy is our priority. This policy explains how we collect, use, and protect your personal data in compliance with GDPR and EU privacy laws.

Last updated: August 24, 2025

1. Data Controller & Contact Information

Data Controller

Legal Entity: iTutorOnline.com (Sole Proprietorship)

Registration Number: 0801.470.814

VAT Number: BE0801.470.814

Address: Belgium (full address available upon request)

Privacy Contact: privacy@iTutorOnline.com

General Contact: support@iTutorOnline.com

Data Protection Officer (DPO)

As we process personal data within normal business limits, we have not appointed a formal DPO. For privacy-related inquiries, contact us at privacy@iTutorOnline.com.

2. Personal Data We Collect

👤

Account & Profile Information

Name, email address, and password
Profile photo and bio
Subject expertise and qualifications
Languages spoken
Teaching experience and rates
Availability and timezone

🎓

Verification Data (Tutors)

Educational certificates and diplomas
Government-issued ID for verification
Professional certifications
Background check documents (where required)
Bank account details for payments

💬

Communication & Usage Data

Messages between tutors and students
Session bookings and scheduling data
Reviews and ratings
Support ticket conversations
Virtual classroom recordings (with consent)
Whiteboard content and session notes

💳

Payment & Transaction Data

Payment method details (processed by Stripe)
Transaction history and receipts
Billing addresses
VAT/tax information
Commission and payout records

📱

Technical & Device Data

IP addresses and location data
Browser type and version
Device information and operating system
Usage patterns and navigation data
Cookies and similar tracking technologies
Error logs and performance data

3. How We Use Your Personal Data

Under GDPR, we must have a legal basis for processing your personal data. Here's how we use your data and our legal justification:

📝

Account Management

Contract Necessity

Creating and managing your account, authentication, profile display, and platform functionality.

🤝

Facilitating Connections

Contract Necessity

Connecting tutors and students, displaying profiles, managing bookings, and enabling communication.

💰

Payment Processing

Contract Necessity

Processing payments through Stripe, managing commissions, issuing receipts, and handling refunds.

✅

Verification & Safety

Legitimate Interest

Verifying tutor credentials, preventing fraud, detecting abuse, and maintaining platform safety.

🛠️

Platform Improvement

Legitimate Interest

Analyzing usage patterns, fixing bugs, improving features, and optimizing platform performance.

📧

Marketing Communications

Consent

Sending promotional emails, platform updates, and educational content (you can opt out anytime).

⚖️

Legal Compliance

Legal Obligation

Meeting tax requirements, responding to legal requests, and complying with EU regulations.

📊

Analytics & Insights

Consent

Understanding user behavior, measuring platform success, and generating usage statistics (with your consent via cookie banner).

4. Who We Share Your Data With

💳

Stripe (Payment Processing)

EU/US

Data Shared: Payment details, transaction data, billing information

Purpose: Secure payment processing and fraud prevention

Safeguards: Stripe is PCI-DSS compliant with adequate data protection

🗄️

Supabase (Database & Auth)

Data Shared: All account and platform data

Purpose: Database hosting, authentication, and platform functionality

Safeguards: EU-based infrastructure with GDPR compliance

🌐

Vercel (Hosting)

Global/EU

Data Shared: Website usage data, performance metrics

Purpose: Website hosting and content delivery

Safeguards: Standard Contractual Clauses (SCCs) for international transfers

📁

Cloudflare R2 (File Storage)

Data Shared: Profile images, documents, session recordings

Purpose: Secure file storage and content delivery

Safeguards: EU data centers with enterprise security

📧

Purelymail (Email Service)

Data Shared: Email addresses, communication preferences

Purpose: Sending platform notifications and marketing emails

Safeguards: Privacy-focused email provider with EU infrastructure

Important:

We never sell your personal data to third parties
We only share data necessary for the specific service
All third parties are contractually bound to protect your data
We may disclose data if required by law or to protect our legal rights

5. International Data Transfers

Within the EU

Most of your data is processed within the European Union through our EU-based infrastructure (Supabase EU, Cloudflare EU regions).

Outside the EU

Some data may be transferred outside the EU for:

Stripe (US): Protected by adequacy decision and PCI-DSS compliance
Vercel (Global): Secured by Standard Contractual Clauses (SCCs)

Transfer Safeguards

When data leaves the EU, we ensure appropriate safeguards through:

✓ Adequacy decisions by EU Commission✓ Standard Contractual Clauses (SCCs)✓ Binding Corporate Rules✓ Strong encryption and security measures

6. How Long We Keep Your Data

Account Data

Until account deletion

Profile information, preferences, and account settings are kept while your account is active and deleted when you close your account.

Transaction Records

10 years

Payment history, receipts, and tax-related data kept for legal and accounting requirements under EU law.

Communications

3 years after account closure

Messages, reviews, and support conversations kept for dispute resolution and platform safety.

Session Recordings

1 year or until deletion

Virtual classroom recordings kept until manually deleted by users, maximum 1 year automatic retention.

Technical Data

2 years

Server logs, IP addresses, and analytics data for security monitoring and platform improvement.

Marketing Data

Until consent withdrawn

Email preferences and marketing data deleted immediately when you unsubscribe or withdraw consent.

7. Your Rights Under GDPR

As a data subject under GDPR, you have several important rights regarding your personal data. You can exercise these rights by contacting us at privacy@iTutorOnline.com.

👁️

Right of Access

Request a copy of all personal data we hold about you, including how it's used and who it's shared with.

Response: Within 1 month

✏️

Right to Rectification

Correct inaccurate or incomplete personal data. You can also update most information directly in your account settings.

Response: Without delay

🗑️

Right to Erasure

Request deletion of your personal data ("right to be forgotten") when it's no longer needed or you withdraw consent.

Response: Within 1 month

⏸️

Right to Restrict Processing

Limit how we use your data while disputes are resolved or when data is inaccurate.

Response: Within 1 month

📦

Right to Data Portability

Export your data in a structured format to transfer to another service provider.

Response: Within 1 month

🚫

Right to Object

Object to processing based on legitimate interests, including marketing and profiling.

Response: Immediate for marketing

↩️

Right to Withdraw Consent

Withdraw consent for marketing, analytics, or other consent-based processing at any time.

Response: Immediate

⚖️

Right to Lodge a Complaint

File a complaint with your local data protection authority if you're unsatisfied with our response.

Contact your DPA directly

Lodge a Complaint

If you believe we've mishandled your personal data, you can file a complaint with:

Belgium (our jurisdiction): Autorité de protection des données (APD/GBA) - www.dataprotectionauthority.be
Your local EU data protection authority in your country of residence

8. Data Security & Protection

We implement comprehensive technical and organizational measures to protect your personal data:

🔐

Encryption

All data encrypted in transit (HTTPS/TLS 1.3)
Database encryption at rest
End-to-end encryption for sensitive communications

👥

Access Controls

Role-based access permissions
Multi-factor authentication for admin accounts
Regular access reviews and audits

🛡️

Infrastructure Security

SOC 2 compliant hosting providers
Regular security updates and patches
DDoS protection and firewall systems

📊

Monitoring & Response

24/7 security monitoring
Automated threat detection
Incident response procedures

Security Disclaimer

While we implement industry-standard security measures, no system is 100% secure. We cannot guarantee absolute security but commit to using reasonable and appropriate measures to protect your data and will notify you promptly of any security breaches as required by law.

9. Cookies & Tracking Technologies

We use cookies and similar technologies to improve your experience and analyze platform usage. Our cookie banner allows you to control which cookies are used.

Essential Cookies

Required

Necessary for basic platform functionality, authentication, and security. These cannot be disabled.

Session management
Authentication tokens
Security and fraud prevention
Load balancing

Analytics Cookies

Your Choice

Help us understand how users interact with our platform to improve functionality and user experience.

Usage statistics
Page performance
Feature adoption rates
Error tracking

Marketing Cookies

Your Choice

Used to deliver personalized content and measure the effectiveness of our marketing campaigns.

Personalized content
Email campaign tracking
Social media integration
Conversion measurement

Managing Your Cookie Preferences

Update preferences anytime through our cookie banner
Use browser settings to block or delete cookies
Opt out of analytics through your account settings
Contact us to discuss specific tracking concerns

10. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect:

Changes in data protection laws and regulations
New features or services on our platform
Changes to our data processing practices
Feedback from users and privacy authorities

How We Notify You

Significant changes: Email notification and prominent platform notice
Minor updates: Updated "Last modified" date and platform notification
Your options: Review changes and continue using our platform or close your account if you disagree

11. Contact Us About Privacy

Privacy Inquiries

Email: privacy@iTutorOnline.com

Response Time: Within 5 business days for initial response

For all privacy-related questions, data subject requests, and concerns about how we handle your personal data.

General Support

Email: support@iTutorOnline.com

Response Time: Within 24 hours

For technical support, account issues, and general platform questions.

Postal Address

[Company Name] BVBA/SRL
[Complete Address]
Belgium

For formal legal communications and official correspondence.

Questions About Your Privacy?

We're here to help. Contact our privacy team for any questions about how we protect and use your personal data.

Contact Privacy Team View Terms of Service