Privacy Policy
Effective Date: May 12, 2026 • Last Updated: May 30, 2026
1. Introduction
Welcome to TutorKit (“we,” “us,” or “our”). TutorKit is a personalized learning and interview preparation platform. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website (tutorkit.com) and related services (collectively, the “Service”).
By using TutorKit, you agree to the practices described in this policy. If you do not agree, please do not use the Service.
2. Information We Collect
2.1 Information You Provide
- Account information: Name, email address, and password when you create an account, or profile information received from third-party authentication providers (such as Google or GitHub) if you choose to sign up through those services.
- Profile data: Information you provide during onboarding, such as your field of study or work, experience level, and learning goals.
- User-generated content: Messages, responses, answers, and other content you submit while using the Service, including interactions with courses and interview preparation features.
- Payment information: Payments are processed by our third-party payment processor. We do not receive or store your full payment card details. We retain only transaction identifiers and subscription status necessary to manage your account.
- Communications: Messages you send to our support team.
2.2 Information Generated Through Use
As you use the Service, we generate derived data to personalize your experience. This includes information about your learning preferences, progress, and areas of focus. We use automated analysis to produce these insights. The specific methods we use are proprietary and may evolve over time.
2.3 Information Collected Automatically
- Usage data: Pages visited, features used, session duration, scroll depth, referrer, and interaction patterns.
- Device data: IP address (used only to derive your approximate country and a daily-rotating anonymous visitor identifier before being discarded server-side), browser type, operating system, and device type.
- Cookies and similar technologies: Before you accept our cookie banner, we use a cookieless, server-generated daily-rotating identifier to measure aggregate traffic to our marketing pages — no cookies or local storage are written to your device during this period. After you accept, we use cookies as described in Section 7.
3. How We Use Your Information
We use your information to:
- Provide, operate, and maintain the Service, including generating personalized content and feedback
- Process your content through third-party artificial intelligence services to deliver core functionality (see Section 4)
- Analyze your interactions to personalize and improve your experience
- Process payments and manage your subscription
- Send transactional communications (such as password resets and payment confirmations)
- Monitor for security threats, fraud, and abuse
- Improve the Service through analysis of aggregate, de-identified usage patterns
- Comply with legal obligations
3.1 Internal Model Development
We may use anonymized and aggregated data derived from user interactions to develop, train, and improve our internal systems and models. Anonymization is performed by stripping direct and indirect identifiers and applying techniques intended to prevent re-identification. We treat data as anonymized only when re-identification is not reasonably possible by us or any third party. We do not sell or license user data — anonymized or otherwise — to third parties for their own model training purposes.
3.2 Third-Party AI Provider Training
We process user content through third-party AI providers (currently OpenAI) under their commercial API terms, which prohibit using customer API content to train their models. We do not enroll in any program that permits third-party training on your data.
3.3 What We Do Not Do
- We do not sell your personal information.
- We do not use your data for advertising or ad targeting.
- We do not share your individual content, profile, or derived insights with employers, educational institutions, or any other third party.
4. Third-Party Services
We rely on third-party service providers to operate the Service. We share only the minimum data necessary for each provider to perform its function.
| Provider | Purpose | Data Shared |
|---|---|---|
| OpenAI | AI content generation and analysis | User-submitted content necessary to generate responses |
| Supabase | Authentication and data storage | Account data and user-generated content |
| Stripe | Payment processing | Name, email, payment details (handled directly by Stripe) |
| Vercel | Frontend hosting and analytics | IP address, usage data |
| Fly.io | Backend hosting and API runtime | Server logs, request metadata |
| Sentry | Error monitoring and crash reporting | Crash reports and request context, which may incidentally include user-submitted content captured in error traces |
| PostHog | Product analytics and session replay | Event data and anonymized IP address. Marketing-page visits are measured cookielessly (see Section 7.2). Session recordings (sampled at 10%) are made only after you have accepted analytics cookies and only for signed-in users inside the product, with all form inputs masked. |
| Resend | Transactional email delivery | Email address and message contents (e.g., support replies, feedback submissions) |
| Cloudflare | Bot protection (sign-up CAPTCHA) | IP address and browser signals, used to verify you are not a bot when creating an account |
We may add, remove, or change third-party service providers as necessary to operate and improve the Service. Where a change would materially affect how your data is processed, we will provide at least 30 days' advance notice by updating this policy and, where applicable, by email.
Important: Certain features of the Service require us to transmit your content to third-party AI providers for processing. These providers operate under their own privacy policies and data handling practices, which may change over time. While we select providers with strong data practices, we cannot guarantee how third parties will handle your data and are not responsible for their privacy practices. We encourage you to review the privacy policies of our key providers.
5. Data Retention
We retain your data as follows:
- Account and user-generated data: Retained while your account is active. When you request account deletion, your data is held for a 30-day grace period during which you can cancel the deletion. After 30 days, your personal data is permanently deleted, subject to legal retention requirements.
- Payment records: Retained as required by applicable tax and financial regulations.
- Server logs: Retained for a limited period for security and debugging purposes, then automatically deleted.
- Anonymized and aggregated data: May be retained indefinitely as it cannot be used to identify you.
6. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate data.
- Deletion: Request deletion of your account and all associated personal data.
- Data export: Request a machine-readable export of your data.
- Objection: Object to certain types of processing.
- Withdraw consent: Where processing is based on consent, withdraw that consent at any time.
To exercise any of these rights, contact us at privacy@tutorkit.com or use the account settings page. We will respond within a reasonable timeframe consistent with applicable law.
6.1 Account Deletion
You can request account deletion at any time from the Settings page. Once requested, deletion is scheduled for 30 days later. During this period you may sign in and cancel the deletion to restore your account in full. After 30 days have elapsed, your personal data — including your account information, user-generated content, and derived profile data — is permanently deleted. After that point, deletion is irreversible. Some data may be retained where required by law (such as financial records). If you have an active paid subscription when you schedule deletion, we will cancel it at the end of the current billing period.
7. Cookies
7.1 Essential Cookies
We use cookies that are strictly necessary for the Service to function, including authentication cookies that keep you logged in and session cookies that maintain your state as you navigate the site. These cannot be disabled.
7.2 Analytics
Marketing pages (cookieless): Before you make a choice on our cookie banner, we measure aggregate traffic to our marketing pages (home, pricing, etc.) using a server-generated identifier derived from your IP address and browser, rotated every 24 hours. No cookies or local storage are written to your device, and we cannot identify you across days. Where applicable under GDPR, we rely on the legitimate interest legal basis (Article 6(1)(f)) — understanding aggregate product usage with minimal privacy impact. You can object to this processing at any time by declining our cookie banner, or for requests that go beyond declining (e.g., deletion of historical anonymous data) by emailing privacy@tutorkit.com.
After you accept analytics cookies: we use cookies and local storage to maintain a stable visitor identifier across sessions, link your activity to your account, and (for signed-in users only) record a 10% sample of product sessions for usability research. All form inputs are masked in recordings. We do not record sessions on marketing pages. You can withdraw consent at any time through the “Cookie preferences” section of your account settings, which will stop further analytics and recording.
7.3 No Advertising Cookies
We do not use advertising or tracking cookies. We do not run ads on the Service.
8. Age Requirement
TutorKit is intended for users aged 18 and older. By creating an account, you represent and confirm that you are at least 18 years of age. We do not knowingly collect personal information from anyone under 18. If we become aware that a user is under 18, we will terminate their account and delete their data. If you believe someone under 18 is using the Service, please contact us at privacy@tutorkit.com.
9. Data Security
We implement reasonable technical and organizational measures to protect your personal information, including encryption of data in transit and at rest, access controls, and regular security reviews. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.
In the event of a data breach that affects your personal information, we will notify affected users and relevant authorities promptly, in accordance with applicable law.
10. International Data Transfers
TutorKit is based in the United States. Your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate. By using the Service, you acknowledge that your data may be transferred to jurisdictions that may have different data protection laws than your jurisdiction of residence.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (if you have an account) and by posting a notice on the Service before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.
12. Contact Us
If you have questions about this Privacy Policy or your personal data, contact us at:
- Email: privacy@tutorkit.com