Privacy Policy - Enterprise Edition
Effective Date: January 1, 2025 | Version 8.2.1 Enterprise
Instant Tutor Corporation ("we," "our," or "us") is committed to protecting the privacy of our 10+ million users globally.
🛡️ Full Regulatory Compliance
âś“ COPPA Certified (Children's Privacy)
âś“ FERPA Compliant (Educational Records)
âś“ GDPR Compliant (EU Data Protection)
âś“ CCPA Compliant (California Privacy)
âś“ PIPEDA Compliant (Canadian Privacy)
âś“ SOC 2 Type II Certified
1. Information We Collect
1.1 Information You Provide
| Data Category |
Examples |
Purpose |
| Account Information |
Name, email, date of birth, grade level |
Account creation & age verification |
| Educational Data |
Assessment scores, progress tracking, learning preferences |
Personalized learning paths |
| Special Needs Info |
IEP goals, accommodations (optional) |
Adaptive support features |
| Payment Information |
Processed via Stripe (we don't store cards) |
Subscription management |
1.2 Automatically Collected Information
- Usage Analytics: Pages visited, features used, time spent learning
- Device Information: Browser type, OS, screen resolution (for optimization)
- Neural Learning Mirror™ Data: Anonymized cognitive patterns (never personally identifiable)
- Performance Metrics: Response times, error rates (for platform improvement)
1.3 Information We DON'T Collect
- Biometric data (except optional webcam for proctoring with explicit consent)
- Social Security Numbers
- Medical records (beyond learning accommodations)
- Third-party social media data
2. How We Use Information
2.1 Primary Uses
- Personalized Learning: AI algorithms create custom learning paths based on performance
- Progress Tracking: Monitor advancement toward IEP goals and grade-level standards
- Neural Adaptation: Our Neural Learning Mirror™ adjusts difficulty in real-time
- Parent Communication: Generate progress reports and learning insights
- Safety & Security: Prevent fraud and protect user accounts
2.2 AI Processing
We use OpenAI GPT-4 and Anthropic Claude APIs for content generation. Data sent to these services is:
- Anonymized (no personal identifiers)
- Encrypted in transit
- Not used for AI model training per our enterprise agreements
- Deleted after processing
3. COPPA Compliance (Under 13 Users)
🧒 Special Protections for Children
We take extra precautions with users under 13:
- Parental Consent Required: Verified through credit card or consent form
- Limited Data Collection: Only essential educational information
- No Behavioral Advertising: Zero targeted ads to children
- Parent Access Rights: Review, delete, or download child's data anytime
- No Social Features: Chat and forums disabled for under-13 accounts
4. FERPA Compliance (Educational Records)
4.1 School Official Exception
When used by schools, we operate under FERPA's "School Official" exception:
- We perform institutional services that would otherwise be done by school employees
- We're under direct control of the school regarding education records
- We use records only for authorized educational purposes
4.2 Parent/Guardian Rights
- Access all educational records of children under 18
- Request corrections to inaccurate data
- Opt-out of certain data uses
- File complaints with the U.S. Department of Education
5. Data Sharing & Disclosure
5.1 We Share Data With:
| Recipient |
Data Shared |
Purpose |
| Parents/Guardians |
Full access to child's data |
Parental oversight |
| School Districts |
Aggregate performance data |
Educational reporting |
| AI Providers (OpenAI, Anthropic) |
Anonymized queries only |
Content generation |
| Payment Processor (Stripe) |
Billing information |
Transaction processing |
5.2 We NEVER:
- Sell personal information to third parties
- Share data with advertisers
- Use student data for behavioral targeting
- Allow third-party tracking cookies
6. Data Security
đź”’ Enterprise-Grade Security
- Encryption: AES-256 at rest, TLS 1.3 in transit
- Access Controls: Role-based permissions, multi-factor authentication
- Infrastructure: SOC 2 Type II certified data centers
- Monitoring: 24/7 security monitoring and intrusion detection
- Incident Response: Dedicated security team with 1-hour SLA
- Regular Audits: Annual third-party security assessments
- Data Backups: Hourly backups with 30-day retention
- Vulnerability Management: Weekly security scans and patches
7. International Data Transfers
7.1 GDPR Compliance (EU Users)
- Legal Basis: Legitimate interests in providing educational services
- Data Transfers: Standard Contractual Clauses for EU-US transfers
- Rights: Access, rectification, erasure, portability, objection
- Data Protection Officer: dpo@empathytutor.com
7.2 Data Localization
Primary servers in USA. CDN endpoints in EU, Asia, and Australia for performance.
8. Your Privacy Rights
8.1 Universal Rights
- Access: Download all your data in machine-readable format
- Correction: Fix any inaccurate information
- Deletion: Request account and data deletion
- Portability: Transfer data to another service
- Opt-Out: Disable specific features or data collection
8.2 California Residents (CCPA)
- Right to know categories of data collected
- Right to non-discrimination for exercising rights
- Right to opt-out of data sales (we don't sell data)
- Annual privacy rights metrics available upon request
9. Data Retention
| Data Type |
Retention Period |
Reason |
| Active Account Data |
Duration of account + 30 days |
Service provision |
| Educational Records |
7 years after graduation |
Legal requirements |
| Payment Records |
7 years |
Tax compliance |
| Security Logs |
1 year |
Security analysis |
| Deleted Account Data |
90 days (then permanently deleted) |
Recovery option |
10. Cookies & Tracking
10.1 Essential Cookies Only
- Session Cookies: Maintain login state
- Security Cookies: Prevent CSRF attacks
- Preference Cookies: Remember settings (optional)
NO third-party tracking cookies or advertising pixels
11. Contact Information
Privacy Team: privacy@empathytutor.com
Data Protection Officer: dpo@empathytutor.com
COPPA Inquiries: coppa@empathytutor.com
Phone: 1-800-EDU-SAFE (338-7233)
Mail: Privacy Department, Instant Tutor Corp, 1000 Education Blvd, Suite 500, Innovation City, DE 19901
Response Times
- General inquiries: 48 hours
- Rights requests: 30 days (GDPR/CCPA)
- Security incidents: 72 hours notification
12. Changes to Privacy Policy
We'll notify you of material changes via:
- Email to registered address
- Prominent website notice for 30 days
- In-app notification
For users under 13, we'll notify parents directly.
© 2025 Instant Tutor Corporation. Your Privacy is Our Priority.
This privacy policy represents our commitment to protecting 10+ million learners worldwide.