Privacy Policy

Tuto Education Platform

Operated by: Tarun Tageja

Location: Ho Chi Minh City, Vietnam

Contact: support@tutoglobal.com

Effective Date: Upon App Launch

Last Updated: December 26, 2024

Introduction

Welcome to Tuto Education Platform ("Tuto," "we," "us," or "our"). We are committed to protecting the privacy and security of our users, especially students, parents, teachers, and school administrators who use our mobile application and web dashboard.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App") and our web dashboard (collectively, the "Services"). Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access or use the Services.

Important for Parents and Schools:

  • Tuto is designed specifically for educational institutions and families
  • We comply with FERPA (Family Educational Rights and Privacy Act) for student education records
  • We comply with COPPA (Children's Online Privacy Protection Act) for children under 13
  • Schools maintain ownership and control of student data
  • Parents have extensive rights to control their children's information

Table of Contents

  1. Information We Collect
  2. How We Use Your Information
  3. Student Data and FERPA Compliance
  4. Children's Privacy and COPPA Compliance
  5. School Data Ownership and Control
  6. How We Share Your Information
  7. Third-Party Services
  8. Data Security
  9. Data Retention and Deletion
  10. Your Privacy Rights
  11. Cookies and Tracking Technologies
  12. Contact Us

1. Information We Collect

1.1 Information You Provide Directly

User Account Information:

  • Full name
  • Email address
  • Phone number (optional)
  • Password (encrypted)
  • User role (Parent, Teacher, School Administrator)
  • Profile picture (optional)

Student Information (provided by parents or school administrators):

  • Student full name
  • Date of birth
  • Grade level
  • School association
  • Health information (with parental consent)
  • Academic records (attendance, homework, grades)

Photos and Media:

  • Photos of school activities, events, and student work
  • Videos of school events (with appropriate permissions)
  • User-uploaded content for school communication

Location Data (Future Feature):

  • Approximate location for finding nearby educational resources
  • Note: Location data is NOT currently used for school dashboard features
  • Location permission is for future features outside the school management system
  • You can deny location access without affecting school features

1.2 Information Collected Automatically

Usage Data:

  • App features you use
  • Pages you visit on the web dashboard
  • Device information (type, operating system, app version)
  • IP address

Cookies (Web Dashboard Only):

  • Authentication cookies (to keep you logged in)
  • Language preference cookies (to remember your language choice)
  • Session management cookies

1.3 Information We Do NOT Collect

  • We do NOT collect credit card or payment information (app is free)
  • We do NOT track your precise GPS location for school features
  • We do NOT collect biometric data
  • We do NOT collect data from social media without your explicit consent

2. How We Use Your Information

2.1 Providing and Improving Our Services

  • Account Management: Create and manage user accounts, authenticate users
  • School Communication: Facilitate communication between parents, teachers, and schools
  • Educational Services: Provide access to attendance records, homework, announcements, events
  • Health Records: Manage student health information and medicine reminders (with parental consent)
  • Photo Sharing: Allow schools to share photos and videos of school activities
  • Messaging: Enable secure communication within the school community

We will NEVER:

  • Sell your personal information to third parties
  • Use student data for advertising purposes
  • Share your data with third parties for their marketing purposes
  • Display third-party advertisements in the app

3. Student Data and FERPA Compliance

FERPA Compliance

Tuto Education Platform complies with the Family Educational Rights and Privacy Act (FERPA), which protects the privacy of student education records.

What are Education Records?

Education records include information directly related to a student and maintained by an educational institution, such as:

  • Attendance records
  • Grades and academic performance
  • Discipline records
  • Health records maintained by the school
  • Special education records

Our Role Under FERPA:

  • Tuto acts as a "school official" with "legitimate educational interests"
  • We access education records only as necessary to provide our Services
  • We maintain the same privacy and security standards as the school

4. Children's Privacy and COPPA Compliance

COPPA Compliance

Tuto Education Platform complies with the Children's Online Privacy Protection Act (COPPA) for children under 13 years of age.

How We Protect Children:

  • We only collect information from children with parental or school consent
  • Children cannot independently create accounts
  • We do not display third-party advertisements to children
  • We do not collect more information than necessary for educational purposes

Parental Rights Under COPPA:

Parents have the right to:

  • Review their child's personal information
  • Request that we delete their child's personal information
  • Refuse to allow further collection or use of their child's information
  • Withdraw consent at any time

To Exercise These Rights: Contact your child's school administrator or email us at support@tutoglobal.com with subject "COPPA Request"

5. School Data Ownership and Control

Schools Own Their Data

  • All student education records belong to the school
  • Schools can export their complete data at any time
  • Schools can request deletion of all their data
  • Tuto is merely a "data processor" - schools are the "data controllers"

School Data Isolation

How We Protect School Privacy:

  • Each school's data is completely isolated from other schools
  • Parents can only see their own children's data
  • Teachers can only access students in their assigned classes
  • School administrators control access within their institution
  • No data sharing between schools without explicit permission

6. How We Share Your Information

When We Share Information:

Within Your School Community:

  • Teachers can see students in their assigned classes
  • Parents can see their own children's information
  • School administrators can access all school data

Service Providers:

Third-party services that help us operate the platform (see Section 7). These providers are contractually obligated to protect your data.

When We Do NOT Share Information:

We will NEVER sell your personal information, share student data with advertisers, or share data with third parties for their marketing purposes.

7. Third-Party Services

We use the following third-party services to operate Tuto Education Platform:

Supabase (Database and Authentication)

Purpose: Secure data storage and user authentication

Privacy Policy: https://supabase.com/privacy

Firebase (Analytics and Auth Support)

Purpose: App analytics, crash reporting, and authentication

Privacy Policy: firebase.google.com/support/privacy

Google OAuth (Sign-In)

Purpose: Allow users to sign in with Google accounts

Privacy Policy: policies.google.com/privacy

All third-party services sign Data Processing Agreements (DPAs) with us, comply with FERPA and COPPA requirements, and are prohibited from using student data for their own purposes.

8. Data Security

Security Measures:

Technical Safeguards:

  • Encryption: All data is encrypted in transit (TLS/SSL) and at rest (AES-256)
  • Secure Authentication: Password hashing with bcrypt, OAuth 2.0 support
  • Access Controls: Role-based access control (RBAC) to limit data access
  • Database Security: Isolated school databases, row-level security policies
  • Regular Updates: Timely security patches and updates

Your Role in Security:

  • Use a strong, unique password
  • Do not share your password with others
  • Log out of shared devices
  • Report suspicious activity immediately

Data Breach Notification: In the unlikely event of a data breach, we will notify affected schools and users within 72 hours and report to appropriate authorities as required by law.

9. Data Retention and Deletion

For detailed information about how long we keep your data and how to request deletion, please see our Data Retention Policy.

Summary:

  • Active User Data: Retained while your account is active
  • Student Records: Controlled by school, not individual users
  • Deleted Accounts: 30-day grace period, then permanent deletion
  • Backups: May retain data for up to 90 days for disaster recovery

To Request Deletion: Email support@tutoglobal.com with subject "Account Deletion Request"

10. Your Privacy Rights

Right to Access

View your personal data and know what we have about you

Right to Correction

Correct inaccurate or update outdated information

Right to Deletion

Delete your personal account and data

Right to Export

Receive your data in a portable format

To Exercise Your Rights: Email support@tutoglobal.com with your specific request

11. Cookies and Tracking Technologies

Web Dashboard Cookies:

Essential Cookies (Cannot be disabled)

Authentication cookies to keep you logged in

Name: sb-*-auth-token (Supabase session)

Functional Cookies (Can be disabled)

Language preference cookie (365 days)

Name: lang

Mobile App: The mobile app does NOT use browser cookies. It uses secure local storage for authentication tokens and device preferences.

We Do NOT Use:

  • Advertising cookies
  • Social media tracking cookies
  • Third-party marketing cookies

12. Contact Us

General Inquiries

Email: support@tutoglobal.com

Alternative Email: tarun@tutoglobal.com

Phone: +84 0349640253 (Vietnam)

Mail:

Tarun Tageja
Tuto Education Platform
Ho Chi Minh City, Vietnam

Specific Requests:

  • Data Access: Subject: "Data Access Request"
  • Deletion: Subject: "Account Deletion Request"
  • COPPA: Subject: "COPPA Request"

Response Time: General inquiries within 48 hours, Data requests within 30 days

Thank you for trusting Tuto Education Platform with your family's educational journey.

Last Updated: December 26, 2024 | Version 1.0

Questions? Email us at support@tutoglobal.com