Skip to content
TutorTab

Privacy Policy

Last updated: March 19, 2026

1. Introduction

This Privacy Policy describes how Joshua Wetzel, sole proprietor, doing business as TutorTab ("TutorTab," "we," "us," or "our"), collects, uses, and protects your personal information when you use the TutorTab platform at tutortab.net (the "Platform").

By using the Platform, you consent to the data practices described in this policy. If you do not agree, please do not use the Platform.

2. Information We Collect

2a. Information You Provide

Tutor accounts: Name, email address, phone number, business name, business address, URL slug, availability schedule, cancellation policy, service types and pricing, invoice abbreviation, and notification preferences.

Parent accounts: Name, email address, phone number (optional), student names, and session-related notes.

2b. Information from Third-Party Services

Google: When a Tutor signs in with Google, we receive their Google account name, email address, and profile picture. We also access Google Calendar data (event titles, descriptions, times, locations, and attendee information) as authorized by the Tutor.

Stripe: When a Tutor connects their Stripe account, Stripe provides us with a connected account identifier. We do not receive or store bank account numbers, routing numbers, or government-issued ID information — this data is held exclusively by Stripe. For Parents, payment card details are collected directly by Stripe and are never transmitted to or stored on our servers.

2c. Information Collected Automatically

We collect IP addresses for rate limiting and security purposes. We use essential session cookies for authentication (keeping you logged in). We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Platform
  • Process session bookings between Tutors and Parents
  • Facilitate payment processing through Stripe
  • Synchronize calendar events between your Google Calendar and the Platform
  • Send transactional emails: session confirmations, reminders, invoices, payment receipts, and account notifications
  • Enforce rate limits and protect against abuse
  • Monitor errors and maintain platform stability
  • Comply with legal obligations

We do not sell, rent, or share your personal information with advertisers or data brokers. We do not use your data for advertising purposes.

4. How We Share Your Information

We share your information only in the following circumstances:

4a. Between Tutors and Parents

When a Parent books a session with a Tutor, the Tutor receives the Parent's name, email address, and student information necessary for the session. Parents receive the Tutor's business name, availability, and service information displayed on the booking page. This sharing is essential to the Platform's function.

4b. Third-Party Service Providers

We use the following third-party services to operate the Platform:

  • Google (OAuth and Calendar API) — Authentication and calendar synchronization for Tutors. Subject to Google's Privacy Policy.
  • Stripe — Payment processing. Stripe receives payment information directly from users. Subject to Stripe's Privacy Policy.
  • Brevo — Transactional email delivery. Brevo receives recipient email addresses and email content necessary for delivery. Subject to Brevo's Privacy Policy.
  • Sentry — Error monitoring. Sentry may receive technical error data including IP addresses and request metadata. No personal content (names, emails, payment data) is intentionally sent to Sentry. Subject to Sentry's Privacy Policy.
  • MongoDB Atlas — Database hosting. Your data is stored on MongoDB Atlas infrastructure. Subject to MongoDB's Privacy Policy.
  • Heroku (Salesforce) — Application hosting. Subject to Salesforce's Privacy Policy.

4c. Legal Requirements

We may disclose your information if required by law, subpoena, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5. Data Storage and Security

Your data is stored on servers located in the United States. We implement industry-standard security measures to protect your personal information, including:

  • HTTPS encryption for all data in transit
  • HttpOnly, Secure, and SameSite cookie attributes for session management
  • Cryptographic tokens for authentication (magic links use 32-byte random tokens)
  • Rate limiting on all public endpoints to prevent brute-force attacks
  • No storage of payment card details (handled exclusively by Stripe)
  • No user passwords stored (passwordless authentication for all users)

While we take reasonable steps to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Cookies and Similar Technologies

We use only essential cookies required for the Platform to function:

  • Tutor session cookie — Maintains your login session after signing in with Google. HttpOnly, Secure, SameSite.
  • Parent session cookie — Maintains your login session after clicking a magic link. HttpOnly, Secure, SameSite. Expires after 30 days.
  • Booking form cookie — When you submit a booking request, your name, email, phone number, student name, student info, and location are saved to your device so the form can be pre-filled on your next visit. This cookie is stored only on your device, is not transmitted to any third party, and is used solely to improve your booking experience — not for advertising, analytics, or tracking. Expires after 1 year.

We do not use advertising cookies, tracking cookies, or third-party analytics cookies. We do not participate in cross-site tracking.

7. Data Retention

We retain your personal information for as long as your account is active. We do not automatically delete data based on time periods.

When you request account deletion (see Section 8), your personal information is removed after a 30-day grace period. Anonymized transaction records (invoices, session history) may be retained indefinitely for financial and legal compliance purposes, but will contain no personally identifiable information.

If a Tutor account is deactivated due to disconnected Google Calendar integration, the account data is retained and accessible if the Tutor chooses to reactivate.

8. Your Rights

You have the right to:

  • Access your data — View your personal information through your account dashboard at any time.
  • Correct your data — Update your personal information through your account settings.
  • Delete your data — Request deletion of your personal information through your account settings or by emailing [email protected]. Deletion requests are processed after a 30-day grace period, during which you may cancel the request.
  • Disconnect third-party servicesTutors may disconnect Google Calendar and Stripe through their dashboard settings. Note that disconnecting Google Calendar will result in account deactivation after 7 days.

To exercise any of these rights, use your account settings or contact us at [email protected].

9. Children's Privacy

TutorTab accounts may only be created by individuals who are 18 years of age or older. We do not knowingly collect personal information directly from children under 13. Student names and session information are provided by Parents or Tutors, not by students themselves.

If you believe we have inadvertently collected personal information from a child under 13, please contact us at [email protected] and we will promptly delete it.

10. Google API Services User Data Policy

TutorTab's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We only request access to Google Calendar data that is necessary for session scheduling and availability management.
  • We create, update, and delete Google Calendar events on your behalf when sessions are approved, modified, or cancelled.
  • We do not use Google data for advertising, retargeting, or interest-based advertising.
  • We do not sell, share, or transfer Google data to third parties except: (a) to provide user-facing features with your consent, (b) for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) in a merger or acquisition with your explicit prior consent.
  • We do not use Google data for credit assessment, lending, or surveillance purposes.
  • We do not use Google data to build user profiles for advertising.
  • No human at TutorTab will read your Google data unless you give affirmative consent for specific data, it is necessary for security or abuse investigation, it is required by law, or the data has been aggregated and anonymized.
  • You may revoke TutorTab's access to your Google data at any time through your Google Account permissions page. Disconnecting Google Calendar from TutorTab will initiate account deactivation after 7 days.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and by posting the updated policy with a revised "Last updated" date. Your continued use of the Platform after the effective date of any changes constitutes acceptance of the revised policy.

12. Contact

For questions about this Privacy Policy or your personal data, contact us at [email protected].