Privacy Policy
Last updated: February 2026
1. Who We Are
Tutorioo is an AI-powered tutoring platform for UK students. For the purposes of UK data protection law, the data controller is:
Tutorioo
30 N Gould St Ste 100, Sheridan, WY 82801, United States
Email: support@tutorioo.com
As we are established outside the UK and process personal data of individuals in the UK, we are subject to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Information We Collect
Information you provide directly
- Account information: name, email address, date of birth, year group
- Student learning data: lesson history, quiz answers and scores, homework submissions, progress reports
- Payment information: billing details processed by Stripe (we do not store card numbers)
- Communications: support requests, feedback, and emails you send us
Information collected automatically
- Technical data: IP address, browser type and version, device type, operating system
- Usage data: pages visited, features used, session duration, error logs
- Cookies: see our Cookie Policy and Section 9 below
3. How and Why We Use Your Information
Under UK GDPR, we must have a lawful basis for each way we use your personal data. The table below sets out our processing activities and the legal basis for each:
| Purpose | Lawful Basis |
|---|---|
| Creating and managing your account | Performance of our contract with you |
| Providing AI tutoring lessons and homework help | Performance of our contract with you |
| Processing payments and managing subscriptions | Performance of our contract with you |
| Sending service-related emails (e.g. lesson reports, account updates) | Performance of our contract with you |
| Generating learning progress reports | Performance of our contract with you |
| Platform security, fraud prevention, and abuse detection | Legitimate interest (keeping our platform safe) |
| Error monitoring and debugging (via Sentry) | Legitimate interest (maintaining service quality) |
| Website analytics (Google Analytics, Meta Pixel) | Consent (you can accept or reject analytics cookies) |
| Marketing emails | Consent (you can unsubscribe at any time) |
| Complying with legal obligations | Legal obligation |
4. Who We Share Your Data With
We do not sell your personal data. We share data only with trusted service providers ("processors") who help us operate our platform. Each processor is bound by a data processing agreement.
| Processor | Purpose | Data Shared | Location |
|---|---|---|---|
| Google (Gemini AI) | AI tutoring engine | First name, year group, quiz answers, lesson content | United States |
| Supabase | Database hosting and authentication | All account and learning data | United States |
| Stripe | Payment processing | Email, name, payment details | United States |
| Sentry | Error monitoring | Technical errors, anonymised user identifiers | United States |
| Google Analytics | Website analytics (with consent) | Anonymised usage data, IP address | United States |
| Meta (Facebook Pixel) | Advertising measurement (with consent) | Page views, conversion events | United States |
5. International Data Transfers
Your personal data is transferred to and processed in the United States by our service providers listed above. The United States does not have an adequacy decision from the UK government.
To protect your data during these transfers, we rely on Standard Contractual Clauses (SCCs) approved by the UK government, along with supplementary measures where appropriate. These safeguards ensure your data receives a level of protection substantially equivalent to that provided under UK GDPR.
You may request a copy of the relevant safeguards by contacting us at support@tutorioo.com.
6. How Long We Keep Your Data
We retain different types of data for different periods:
| Data Type | Retention Period |
|---|---|
| Account information | Until you delete your account. Deletion is immediate and irreversible. |
| Lesson sessions and transcripts | Until you delete your account (deleted immediately with account) |
| Homework sessions and uploads | Until you delete your account (deleted immediately with account) |
| Progress reports | Until you delete your account (deleted immediately with account) |
| Payment records | 7 years (legal obligation for tax and accounting purposes) |
| Security and audit logs | 180 days |
| Analytics data | 1 year |
| Support correspondence | 2 years after last contact |
When you delete your account, your personal data is deleted immediately. Some data may be retained longer if required by law (e.g., payment records for tax purposes).
7. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — ask us to correct inaccurate or incomplete data
- Right to erasure — ask us to delete your personal data
- Right to restrict processing — ask us to limit how we use your data
- Right to data portability — receive your data in a structured, machine-readable format
- Right to object — object to processing based on legitimate interest
- Right to withdraw consent — where we rely on consent, you can withdraw it at any time
To exercise any of these rights, contact us at support@tutorioo.com. We will respond within one month.
Parents and guardians may exercise these rights on behalf of their children by contacting us from the email address associated with their parent account.
You can also download a copy of your data directly from your account settings, and delete your account from the settings page.
8. Right to Lodge a Complaint
If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection supervisory authority:
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk
We would appreciate the opportunity to address your concerns before you contact the ICO, so please reach out to us first at support@tutorioo.com.
9. Cookies
We use strictly necessary cookies to operate our platform (such as authentication cookies). These do not require consent.
We also use optional analytics and advertising cookies (Google Analytics, Meta Pixel) which are only activated after you give consent via our cookie banner. You can change your preferences at any time.
For full details, see our Cookie Policy.
10. Children's Privacy
Tutorioo is designed for students in UK school years (KS2 to KS5), including children under the age of 18. We take children's privacy seriously and design our service with their best interests in mind, in accordance with the ICO's Age Appropriate Design Code.
Under-13 users
Children under 13 cannot create an account independently. A parent or guardian must initiate the account setup and provide consent. Parents can access and manage their child's data through the parent dashboard.
Age 13 to 17
Students aged 13 to 17 may create their own accounts. They have the same data rights as adult users and can manage their own data through the platform.
AI tutoring and children's data
Our AI tutoring service (see Section 11) processes limited children's data to provide personalised lessons. Only the student's first name, year group, subject, and their quiz or homework answers are shared with the AI provider. No email addresses, dates of birth, full names, or other identifying information are sent to the AI. The AI does not retain student data between sessions.
What we do not do
- We do not use children's data for marketing or advertising purposes
- We do not profile children for commercial purposes
- We do not share children's data with advertisers
- We do not send children's personal identifiers (email, date of birth, full name) to AI providers
- Analytics cookies are not activated for any user without explicit consent
For more detail on how we keep students safe on our platform, including our AI content filtering, moderation policies, and reporting mechanisms, please see our Safety Policy.
11. Automated Decision-Making and AI
Tutorioo uses artificial intelligence (Google Gemini) to provide personalised tutoring. The AI is used to:
- Generate explanations tailored to the student's year group and subject
- Evaluate quiz and homework answers
- Provide hints and feedback
- Generate progress reports
These AI features assist in the educational experience but do not produce decisions with legal or similarly significant effects on students. The AI does not make decisions about school admissions, grading, or any consequential outcomes. All AI-generated content is supplementary educational material.
The data shared with the AI provider is limited to: the student's first name, year group, subject, and their answers. No email addresses, dates of birth, or payment information are shared with the AI provider.
12. Data Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- Encryption in transit (TLS/HTTPS) and at rest
- Field-level encryption for sensitive personal data
- Row-level security in our database
- Regular security audits and monitoring
- Access controls and authentication requirements
While we take reasonable precautions, no method of transmission over the internet or electronic storage is 100% secure.
13. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or through a notice on our platform. The "Last updated" date at the top indicates when the policy was last revised.
14. Contact Us
For any questions about this Privacy Policy or how we handle your personal data, please contact us:
Email: support@tutorioo.com
Address: 30 N Gould St Ste 100, Sheridan, WY 82801, United States