Privacy Policy
Last updated: 17 May 2026
This privacy policy explains how Tutors4Tutees("we", "us", "our") collects, uses and protects your personal data when you use the Tutors4Tutees platform at portal.tutors4tutees.com.
Who we are
Tutors4Tutees is a sole-trader business operated by Henry Walden. We are the data controller for the personal data we process about you.
- Contact email for data-protection enquiries: henry@tutors4tutees.com
- Postal address: available on request via the contact email above
- ICO registration: application in progress — current status available on request
What personal data we collect
From parents
- Name, email address, mobile/WhatsApp number
- Children's first names, year groups and school subjects
- Billing details and payment card information (processed by Stripe — we never see your full card number)
- Session preferences, communications with us, and account history
From tutors
- Name, email address, mobile/WhatsApp number, profile photo
- Subject expertise, qualifications, availability, and "about me" description
- UK bank sort code, account number and account name (used to pay you each month)
- Lesson records and notes
From applicants
- The information you submit on our application or enquiry form
- A SHA-256 hash of your IP address (used solely to prevent spam — we cannot recover your real IP from this)
Automatically when you use the site
- Pages you visit and actions you take (only if you accept analytics cookies)
- Device and browser type
- Error reports — diagnostic information when something goes wrong (used to fix bugs; processed under our legitimate interests)
Why we collect it (purposes and lawful bases)
| What | Why | Lawful basis (UK GDPR) |
|---|---|---|
| Account creation and login | To provide the service | Contract |
| Lesson scheduling and billing | To deliver tutoring services | Contract |
| Payment processing | To take payment from parents and pay tutors | Contract |
| Transactional email notifications | To keep you informed about your account | Contract / Legitimate interests |
| Marketing email | To tell you about service updates | Consent (you can opt out anytime) |
| Analytics (PostHog) | To improve the platform | Consent |
| Error monitoring (Sentry) | To detect and fix bugs | Legitimate interests |
| Fraud and abuse prevention | To protect users and the business | Legitimate interests |
| Bank details for tutor payments | To pay tutors their monthly earnings | Contract |
| Accounting and tax records | To comply with UK tax law | Legal obligation |
Who we share your data with
We use the following sub-processors (third-party services). Each has its own privacy notice.
| Service | Purpose | Location |
|---|---|---|
| Supabase | Database hosting, authentication | EU (Ireland) |
| Vercel | Application hosting | EU + USA |
| Stripe | Payment processing | Ireland + USA |
| Resend | Transactional email | USA |
| PostHog | Analytics (only with consent) | EU (Germany) |
| Sentry | Error monitoring | USA |
Transfers outside the UK/EEA are protected by the UK International Data Transfer Agreement (IDTA) or the EU Standard Contractual Clauses, as adopted by the UK Information Commissioner's Office (ICO).
We do not sell your personal data. We do not share it with anyone except the sub-processors listed above and where we are legally required to (e.g., HMRC, law enforcement).
How long we keep your data
| What | How long |
|---|---|
| Active account data | While your account is open |
| Lesson and billing records | 6 years after the tax year (HMRC requirement) |
| Payment records | 6 years (HMRC requirement) |
| Marketing opt-in records | Until you opt out, then 1 year |
| Application records (where the applicant didn't join) | 12 months |
| Analytics data (PostHog) | 12 months |
| Error reports (Sentry) | 90 days |
| Backups | Rolling 30-day window |
If you close your account, we delete or anonymise personal data once we no longer need it for the legal purposes above.
Children's data
Our service is used by families with school-age children. Children's data (first name, year group, subjects, lesson notes) is provided to us by their parent or legal guardian, who is our contracting customer. Children do not have direct accounts on the platform. We process this data on the basis of the parent's contract with us.
Your rights
Under UK GDPR you have the right to:
- Access the personal data we hold about you (a "subject access request")
- Correct inaccurate data
- Erase your data ("right to be forgotten") — subject to legal obligations to retain billing/tax records
- Restrict how we use your data
- Object to processing based on legitimate interests
- Portability — receive a copy of your data in a portable format
- Withdraw consent at any time (for analytics and marketing)
To exercise any of these rights, email us at henry@tutors4tutees.com. We respond within 30 days.
You also have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk if you think we have mishandled your data.
Cookies and tracking
See our Cookies Policy for the full list. You can change your preferences anytime via the cookie settings link in the footer.
Security
We protect your data with industry-standard measures including encrypted connections (HTTPS), encrypted storage, hashed passwords, role-based access control, audit logging on sensitive actions, and daily backups.
If we ever discover a personal data breach that puts your rights at risk, we will notify you and the ICO within 72 hours as required by UK GDPR.
Changes to this policy
We may update this policy from time to time. The "Last updated" date at the top shows the most recent change. Material changes will be notified by email.
Contact
For any questions about this privacy policy or how we handle your data, email henry@tutors4tutees.com.