This Privacy Policy applies to visitors of the TutorCloud website and users of the TutorCloud platform:

• tudents (school-linked and independent)
• Parents or legal guardians
• Teachers and educators
• School and district administrators
• Adult learners
• Visitors to our website and platform

Separate contractual agreements may apply to schools, districts, and institutional customers. Where such
agreements exist, they govern data handling for school-linked students in addition to this policy.

Depending on how TutorCloud is used, we act in different legal capacities:

2.1 School-Linked Students

• The school or district is the Data Controller.
• TutorCloud acts as a Data Processor and, where applicable, as a “school official” with legitimate
  educational interest.
• Data is processed only on documented instructions from the school or district.

2.2 Independent Students, Parents, Teachers, and Adult Learners

• TutorCloud acts as the Data Controller.
• We determine the purposes and means of processing personal data in accordance with this policy.

3.1 Information You Provide

• Name, email address, and account credentials
• Role information (student, parent, teacher, administrator)
• Grade level and subjects
• Parent or guardian contact details where required

3.2 Educational and Academic Data

• Readiness check and benchmark assessment results
• Learning plans and progress data
• Session history and mastery states
• Teacher-assigned or AI-recommended learning activities

3.3 Usage and Technical Data

• Log files, access timestamps, and activity records
• Device and browser information
• IP address and approximate location

TutorCloud provides services to children in K–12 education.

• We collect children’s personal data only for educational purposes.
• Parental or institutional consent is obtained as required by law.
• Children’s data is never used for advertising or marketing.
• Parents and schools may review, correct, or request deletion of children’s data, subject to applicable legal obligations.

A separate Children’s Privacy Notice provides additional detail.

We use personal data only for legitimate and lawful purposes, including:

• Providing and operating the TutorCloud platform
• Creating and managing learning plans
• Generating AI-based instructional content and learning recommendations
• Supporting teaching, facilitation, and academic progress
• Account management and user support
• Security, fraud prevention, and system integrity
• Legal and regulatory compliance

TutorCloud’s AI systems generate instructional content and learning recommendations but do not make automated decisions that determine academic outcomes, grades, advancement, or eligibility.

Depending on jurisdiction, we rely on one or more of the following:

• Consent (including parental consent for children)
• Performance of a contract
• Compliance with legal obligations
• Legitimate educational or operational interests
• Instructions from schools or districts (for school-linked students)

We may share personal data only with:

• Schools or districts (for school-linked students)
• Authorized teachers and administrators
• Service providers and sub-processors supporting platform operations
• Legal or regulatory authorities where required by law

We do not sell personal data.

TutorCloud operates globally. Personal data may be transferred and stored outside the user’s country of residence.

Where required by law, we implement appropriate safeguards, such as contractual protections, access controls, and security measures, to ensure lawful cross-border data transfers.

We retain personal data only for as long as necessary to:

• Fulfill educational and contractual purposes
• Comply with legal obligations
• Resolve disputes and enforce agreements

Retention periods may vary based on user role and applicable law. School-linked student data is retained according to school or district instructions unless otherwise required by law.

We implement administrative, technical, and organizational safeguards to protect personal data, including:

• Role-based access controls
• Encryption where appropriate
• Audit logs and monitoring
• Incident response procedures

No system is completely secure, but we take reasonable steps to protect personal data from unauthorized access, loss, or misuse.

These safeguards operate within TutorCloud’s internal information security and AI risk management framework.

Depending on your location, you may have the right to:

• Access your personal data
• Correct inaccurate data
• Request deletion or restriction
• Withdraw consent
• Object to certain processing
• Lodge a complaint with a data protection authority

Requests can be submitted using the contact details below. Requests relating to school-linked students may be handled in coordination with the school or district.

TutorCloud uses cookies and similar technologies to:

• Maintain sessions
• Improve platform functionality
• Analyze usage patterns

Details are provided in our Cookie Policy.

We may update this Privacy Policy from time to time. Material changes will be communicated through the platform or other appropriate means.

For privacy-related inquiries, requests, or complaints, contact:

Privacy Officer
TutorCloud
Email: [email protected]

Capitalized terms used but not defined in this Privacy Policy shall have the meanings assigned to them in the TutorCloud Definitions & Glossary.