Skip to main content

Privacy Policy

Last updated: April 2026

1. Who We Are

TutorWiser Ltd ("TutorWiser", "we", "us") operates an online tutoring platform connecting students and parents with qualified tutors for 11+, GCSE, and A-Level subjects. We are the data controller for personal data processed through our platform.

2. Data We Collect

We collect the following categories of personal data:

  • Account data: name, email address, phone number, role (parent/student/tutor)
  • Student data: date of birth, school, year group, subjects, learning preferences
  • Tutor data: qualifications, DBS certificate details, teaching experience, addresses
  • Session data: booking dates/times, session duration, meeting room codes
  • Payment data: processed securely by Stripe. We do not store card numbers.
  • Assessment data: answers, scores, progress tracking across curriculum topics
  • Communications: chat messages between tutors and parents/students via GetStream

3. How We Use Your Data

  • Providing the tutoring platform and matching students with tutors
  • Processing bookings and payments
  • Facilitating video tutoring sessions via Daily.co
  • Sending notifications about bookings, sessions, and account updates via Novu
  • Tracking student progress and generating recommendations
  • Verifying tutor qualifications and DBS status
  • Monitoring platform errors and performance via Sentry
  • Preventing fraud and ensuring platform safety

4. Legal Basis for Processing

We process your data based on:

  • Contract: to provide our tutoring services to you
  • Legitimate interest: platform safety, fraud prevention, service improvement
  • Consent: marketing communications (opt-in only)
  • Legal obligation: financial records, safeguarding requirements

5. Third-Party Services

We share data with the following processors:

  • Supabase: database hosting and authentication (EU region)
  • Stripe: payment processing (PCI DSS compliant)
  • Daily.co: video meeting infrastructure
  • GetStream: real-time chat messaging
  • Novu: notification delivery (email and in-app)
  • Sentry: error monitoring (anonymised where possible)

6. Children's Data

Our platform serves students aged 11-18. Student accounts are created and managed by parents. Students under 16 cannot create accounts independently. Parents have full visibility of their children's assessment results and session data. We process children's data with heightened care in accordance with ICO guidance on children's data.

7. Data Retention

  • Account data: retained while your account is active, deleted within 30 days of account closure
  • Payment records: retained for 7 years for tax/legal compliance
  • Chat messages: retained for 12 months after last activity
  • Assessment data: retained while the student account is active
  • Session recordings (if enabled): retained for 90 days

8. Your Rights (GDPR)

You have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request deletion of your data
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time

To exercise these rights, contact us at privacy@tutorwiser.com.

9. Security

We protect your data using Row-Level Security (RLS) at the database level, encrypted connections (TLS), secure authentication via Supabase Auth, and regular security reviews. Tutor payment data is handled exclusively by Stripe Connect and never touches our servers.

10. Contact

For privacy enquiries, contact our Data Protection Officer at privacy@tutorwiser.com or write to TutorWiser Ltd, United Kingdom.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.