Privacy Policy

1. About This Policy

This Privacy Policy explains how Tutor Marketplace (“we”, “us”, “our”) collects, uses, stores, and protects your personal information when you use the Tutor Marketplace website and platform at tutor-marketplace.com (“Platform”).

We are committed to protecting your privacy and handling your personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).

While small businesses with annual turnover under $3 million are generally exempt from the Australian Privacy Principles, we have chosen to comply with these principles as a matter of best practice and to reflect our commitment to protecting user data, particularly for minors using our Platform.

This policy applies to all users of the Platform, including students, parents and guardians, and tutors.

2. Information We Collect

2.1 Information You Provide

When you create an account or use the Platform, we may collect:

• Account information: Your name (first name, last name), email address, and password (stored securely in hashed form)
• Profile information: Your role (student, tutor, or parent/guardian), age band, year level, suburb, timezone, and profile photo (if uploaded)
• Tutor-specific information: Qualifications, subjects offered, bio/headline, availability windows, tier assignment (Foundation/Advanced/Elite), and Stripe account details for payouts
• Phone numbers: Tutors provide a mobile phone number for interview scheduling and account support. Phone numbers are not displayed publicly or shared with students or parents.
• Academic documents: Tutors upload academic documents (ATAR statements, transcripts, university enrolment proof, degree certificates, teaching registrations) for credential verification. These documents are stored securely and accessible only to Platform administrators.
• Interview and assessment data: Tutor tier assignments, interview scores, reference check records, and application records are stored as part of Platform operations. Interview scores and internal assessments are not shared with tutors.
• Child safety verification: Working With Children Check (WWCC) number, state/territory of issue, and expiry date — collected for child safety verification purposes
• Booking information: Booking requests, session dates and times, student notes, tutor responses, and session details
• Workspace content: Files, notes, and resources uploaded to lesson workspaces
• Session recordings: Video, audio, and whiteboard content from all tutoring sessions (paid lessons and free trial lessons), recorded automatically for safety and quality assurance purposes
• Payment information: Payment amounts and transaction records. Credit card details are collected and processed directly by Stripe and are never stored on our servers.
• Communications: Messages sent through the Platform, reports submitted, and correspondence with our support team
• Session summaries: Advanced and Elite tier tutors may submit session summaries (topics covered, takeaways, homework). These are shared with students and/or parents.
• Study plans: Elite tier tutors may create multi-week study plans for students. These are shared with the student and/or parent.
• Reviews: Ratings and comments left after sessions
• Bundle purchases: Bundle selections, pricing, session counts, and usage tracking for billing and service delivery purposes
• Recurring schedule preferences: Preferred lesson days, times, and frequency to facilitate automatic session booking

2.2 Information Collected Automatically

When you use the Platform, we may automatically collect:

• Device and browser information: Browser type, operating system, and device type
• Usage information: Pages visited, features used, and interactions with the Platform
• Log data: IP address, access times, and referring URLs
• Cookies and similar technologies: We use essential cookies to maintain your login session and remember your preferences (such as timezone settings). We do not use advertising or tracking cookies.

2.3 Information About Minors

Our Platform serves students who may be under 18 years of age. We collect the minimum information necessary to provide the tutoring service. For students under 13, accounts must be created and managed by a parent or legal guardian.

We do not knowingly collect personal information from children under 13 without parental consent. If we become aware that we have collected personal information from a child under 13 without appropriate consent, we will take steps to delete that information.

2.4 Information from Third Parties

We may receive information from third-party authentication providers (such as Google) if you choose to sign in using their service. This typically includes your name, email address, and profile picture. We use this information solely to create and maintain your account.

2.5 Session Recordings

We record all tutoring sessions, including paid lessons and free trial lessons (video, audio, and whiteboard content), for safety and quality assurance purposes. Session recordings are:

• Stored securely in encrypted cloud storage
• Accessible only to authorised Tutor Marketplace administrators
• Retained for 90 days from the session date, then automatically and permanently deleted
• Not shared with tutors, students, parents, or third parties except where required by Australian law
• Collected under our legitimate interest in child safety and platform quality under the Australian Privacy Act 1988

Session recordings are used solely for the purposes of investigating complaints or disputes, ensuring compliance with child safety policies, monitoring session quality, and responding to support requests. Recordings are never used for marketing, advertising, or profiling purposes.

We collect and process data from free trial lessons in the same manner as paid sessions, including session recordings, review submissions, and booking metadata.

3. How We Use Your Information

We use your personal information for the following purposes:

• Providing the service: Creating and managing accounts, facilitating bookings, processing payments, and enabling lesson workspaces
• Communication: Sending booking confirmations, payment receipts, session reminders, and other transactional notifications via email
• Trust and safety: Verifying tutor profiles, reviewing reports, moderating content, resolving disputes, and enforcing our Terms of Service
• Child safety verification: Collecting and verifying Working With Children Check details to ensure tutors meet child safety requirements. WWCC data is stored securely in our database with access restricted to authorised admin personnel and is never shared publicly or with other users.
• Platform improvement: Understanding how users interact with the Platform to improve features, fix issues, and develop new functionality
• Legal compliance: Meeting our obligations under Australian law, responding to legal requests, and protecting our legal rights

We do not use your personal information for advertising, marketing to third parties, or profiling for purposes unrelated to the tutoring service.

4. How We Share Your Information

4.1 Between Users

When you use the Platform, certain information is shared between users as part of the service:

• Students can see: Tutor profiles (name, headline, bio, subjects, rates, availability, reviews, and trust metrics)
• Tutors can see: Student first name, booking details (date, time, duration, subject, student notes), and age band
• Shared in workspaces: Both the tutor and student in a booking can access files and notes uploaded to that booking's workspace

Email addresses are not shared between students and tutors. Communication is facilitated through the Platform.

4.2 Service Providers

We use the following third-party service providers who may process your data on our behalf:

• Supabase (database and authentication): Stores account data, booking records, and workspace files. Supabase uses servers that may be located outside Australia.
• Stripe (payment processing): Processes payments, manages tutor payouts, and handles sensitive financial information. Stripe's privacy policy governs their handling of your payment data.
• Resend (email delivery): Sends transactional emails such as booking confirmations and notifications.
• Vercel (hosting): Hosts the Platform application.
• Jitsi Meet (self-hosted) (video conferencing): Powers the in-platform video calling for lessons. Our Jitsi server is self-hosted and operated by us. All sessions are recorded using Jibri, our self-hosted recording service (see Section 2.5 for details).

These providers are bound by their own privacy policies and data processing agreements. We select providers who maintain appropriate security standards.

4.3 Legal Requirements

We may disclose your information if required to do so by law, regulation, legal process, or government request. We may also disclose information if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, or to investigate potential violations of our Terms of Service.

4.4 Business Transfers

If Tutor Marketplace is acquired, merged, or transfers its assets, user data may be transferred as part of that transaction. We will notify affected users before their personal information becomes subject to a different privacy policy.

4.5 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing or any other purpose.

5. Data Storage and Security

5.1 Where Your Data Is Stored

Your data is stored using Supabase, which may use servers located in Australia or internationally. Payment data is stored by Stripe in accordance with PCI DSS (Payment Card Industry Data Security Standard) requirements.

5.2 Security Measures

We take reasonable steps to protect your personal information, including:

• Encryption of data in transit (HTTPS/TLS)
• Secure password hashing (we never store plaintext passwords)
• Row-level security policies on our database, ensuring users can only access data they are authorised to see
• Signed URLs for workspace file access, restricting files to booking participants only
• Regular security reviews of our codebase and infrastructure

No system is perfectly secure. While we take reasonable precautions, we cannot guarantee the absolute security of your data.

5.3 Protection of Minor Data

We apply additional protections to personal information of users under 18:

• We collect only information strictly necessary to provide the tutoring service
• We do not use minor data for marketing, profiling, or behavioural analysis
• We do not share minor data with third parties except as necessary to operate the Platform (e.g., Stripe for payment processing)
• WWCC verification helps ensure tutors working with minors have been screened
• Parents and guardians may request access to, correction of, or deletion of their child's data at any time by contacting us

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the service.

• Account data: Retained for the life of the account. If you delete your account, we will delete or anonymise your personal information within 30 days, except where retention is required by law.
• Booking and payment records: Retained for a minimum of 7 years to comply with Australian tax and financial record-keeping obligations.
• Workspace files: Retained for the life of the associated booking. Files may be deleted by users or automatically after a reasonable retention period.
• Session recordings: Automatically deleted 90 days after the session date. Recordings may be deleted earlier by an administrator. Recordings are not retained after deletion — once deleted, they cannot be recovered.
• Communication logs and reports: Retained as long as reasonably necessary for safety, moderation, and dispute resolution purposes.
• WWCC records: WWCC numbers, issuing states, verification dates, and expiry dates are retained for as long as the tutor’s account is active and for a reasonable period thereafter. If a tutor deletes their account, WWCC records are removed within 30 days unless retention is required by law.

6.1 Data Breach Response

In the event of a data breach that is likely to result in serious harm to any individual whose personal information is involved, we will:

• Take reasonable steps to contain the breach and reduce potential harm
• Assess the breach to determine whether it is likely to result in serious harm
• Notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches (NDB) scheme
• Provide recommendations to affected individuals about steps they can take to protect themselves

We maintain incident response procedures to ensure timely detection and response to data breaches.

7. Your Rights

Under Australian privacy law, you have the right to:

• Access your personal information held by us
• Correct inaccurate or outdated personal information
• Request deletion of your personal information (subject to legal retention requirements)
• Withdraw consent for optional data processing
• Complain to the Office of the Australian Information Commissioner (OAIC) if you believe we have mishandled your personal information

To exercise any of these rights, contact us at the email address listed below. We will respond to requests within 30 days.

7.1 Accessing Your Data

You can access and update most of your personal information directly through your account settings on the Platform.

7.2 Deleting Your Account

You can request account deletion by contacting us. When you delete your account:

• Your profile information is removed from the Platform
• Your name is removed from public-facing pages
• Booking records are retained in anonymised form for legal compliance
• Workspace files associated with your bookings are retained for the other participant's access, but your identifying information is removed

8. Cookies

We use cookies and similar technologies only for essential purposes:

• Session cookies: To keep you logged in while using the Platform
• Preference cookies: To remember your settings (such as timezone)

We do not use advertising cookies, tracking pixels, or third-party analytics cookies. We do not serve targeted advertisements.

You can configure your browser to reject cookies, but this may affect your ability to use the Platform.

9. Children's Privacy

We recognise the importance of protecting children's privacy. Our Platform is designed to be used by students of all ages, including minors, with appropriate parental oversight.

• We collect only the minimum information necessary to provide the tutoring service
• We do not serve advertising to any users, including minors
• We do not create behavioural profiles of minor users
• We do not share minor users' information with third parties for marketing purposes
• Parent and guardian accounts can manage and oversee minor student accounts
• Parents and guardians may request access to, correction of, or deletion of their child's personal information at any time

If you are a parent or guardian and believe your child has provided personal information without your consent, please contact us and we will take steps to remove that information.

10. International Data Transfers

Some of our service providers (Supabase, Stripe, Vercel, Resend) may store or process data on servers located outside Australia. Where data is transferred internationally, we rely on the service provider's own data protection measures and contractual commitments to ensure appropriate safeguards are in place.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. If we make material changes, we will notify users by email or through a prominent notice on the Platform.

The “Last updated” date at the top of this policy indicates when it was most recently revised. Continued use of the Platform after changes are posted constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or complaints about this Privacy Policy or our handling of your personal information, please contact us at:

Email: tutormarketplace1@gmail.com
Website: tutor-marketplace.com

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

Website: www.oaic.gov.au
Phone: 1300 363 992