Privacy Policy

Version 5.0 — Last Updated: April 22, 2026

DISCLAIMER: This Privacy Policy was drafted with AI assistance and does not constitute legal advice from a licensed attorney. Tudius Inc. recommends review by qualified privacy counsel before publication. This document is a comprehensive draft intended for review and finalization.

1. Introduction

Tudius Inc. (“we,” “us,” “our,” or the “Company”) operates the Tudius platform (the “Platform”), an automated personal academy platform that provides tutors with technology tools to manage their independent tutoring practice — including scheduling, lesson planning, progress tracking, automated reporting, and payment processing — and connects students with tutors. We are incorporated in Canada and headquartered in Toronto, Ontario.

Tudius Inc. is not a school, private career college, or educational institution under any provincial or federal statute. We provide software tools that tutors use to manage their independent tutoring practices. Any references to “academy” in our branding describe the comprehensive nature of our technology platform, not an educational institution.

We are committed to protecting your privacy and handling your personal information responsibly. This Privacy Policy describes how we collect, use, disclose, retain, and protect your personal information when you use our Platform, in accordance with applicable Canadian and international privacy legislation.

This Policy applies to all users of the Platform, including tutors, students, parents/guardians of minor students, and visitors.

Operator: Tudius Inc., a corporation incorporated under the laws of Canada

Registered Office: 2815 109A St NW, Edmonton, Alberta, Canada

Privacy Officer: Taeyoung Park, Chief Executive Officer

Privacy Contact (Email): privacy@tudius.com

Privacy Contact (Telephone): +1 (780) 710-9623

Mailing Address: Toronto, Ontario, Canada

The Privacy Officer is responsible for overseeing compliance with this Policy and applicable privacy legislation, as required under Quebec's Act to modernize legislative provisions as regards the protection of personal information (S.Q. 2021, c. 25, s. 3.1) and for receiving inquiries under 16 C.F.R. s. 312.4(d)(2)(i).

2. Applicable Laws

This Privacy Policy is designed to comply with:

Personal Information Protection and Electronic Documents Act (PIPEDA, S.C. 2000, c. 5) — Canada's federal private-sector privacy law
Quebec Law 25 (An Act to modernize legislative provisions as regards the protection of personal information, S.Q. 2021, c. 25) — applicable to all Quebec residents using the Platform
Alberta Personal Information Protection Act (PIPA, S.A. 2003, c. P-6.5) — applicable to Alberta residents
Children's Online Privacy Protection Act (COPPA, 15 U.S.C. ss 6501-6506; 16 C.F.R. Part 312, as amended effective June 23, 2025) — applicable to users under 13 in the United States
Canada's Anti-Spam Legislation (CASL, S.C. 2010, c. 23) — governing commercial electronic messages

We apply the strictest applicable standard across all jurisdictions to ensure consistent protection for all users.

3. Information We Collect

We collect only the personal information necessary for the purposes identified in this Policy, in accordance with PIPEDA Schedule 1, Principle 4 (Limiting Collection).

3.1 Information You Provide Directly

Account Registration (All Users)

Email address
Password (stored in hashed form by our authentication provider; we never have access to your plaintext password)
Role selection (student or tutor)
Full name (optional at signup)

We log signup events (role, sign-up method, and marketing channel attribution — UTM parameters and landing referrer, when present) internally to measure how visitors find Tudius and how well our campaigns convert. This data stays within our systems and is not shared with third parties.

Tutor Profile

Biography text
Profile photos
Tutoring rate (per 30-minute session)
Subjects taught
Location (city/neighbourhood text)
Geographic coordinates (for map-based search; stored at reduced precision)
Online availability setting
Short-term and trial lesson availability settings

Student Profile

Preferred subjects
Location (city/neighbourhood text)

Booking Information

Booking type (recurring, short-term, or trial)
Scheduling details (day of week, start time, duration)
Booking status and cancellation records
Recurring monthly billing authorization and subscription records (for monthly student-tutor billing arrangements) (NEW — v3)

Reviews

Star rating (1-5)
Written review comments (publicly displayed on the tutor's profile)

Follow Relationships

Records of which students follow which tutors

Academic Data (Academy Features) NEW

Lesson plans created by tutors for their students
Assignment records and completion status
Session notes recorded by tutors after each session
Grade and score data entered by tutors
Progress metrics derived from the above data

Calendar and Availability Data NEW

Tutor availability windows (days and hours available for tutoring)
Calendar sync metadata (free/busy status only; see Section 3.3)

Identity and Background Verification Data UPDATED — v5

Tutors who opt into the Verified program provide:

Criminal Record Check:

Criminal record check document: submitted for admin review. The original document is permanently deleted immediately after review. Only the pass/fail result and date of the check are retained.
CRC data is collected with separate, express consent. This consent is not bundled with your acceptance of the Terms of Service.
CRC results are retained for the duration of the tutor's Verified status. Upon withdrawal from the Verified program or account deletion, CRC results are deleted within 30 days.

Government-Issued Identification:

Government-issued photo identification (driver's license, passport, or provincial ID card): used solely to confirm identity.
ID document images are deleted within 30 days of verification. Only the verification result (confirmed/not confirmed), verification method, and timestamp are retained.

Not accepted: Ontario Health Cards (OHIP) are NOT accepted as identity verification documents (Ontario Health Insurance Act, R.S.O. 1990, c. H.6, s. 34(3)). Social Insurance Numbers (SIN) are also not collected.

Data Storage: Verification data is stored on servers in the United States (Supabase Inc., AWS us-east-1) under a Data Processing Agreement. Tudius Inc. remains accountable for the protection of your data regardless of storage location, in accordance with PIPEDA Principle 1 and Quebec Law 25 s. 17.

Consent Withdrawal: You may withdraw your consent and leave the Verified program at any time by contacting the Privacy Officer (privacy@tudius.com). Withdrawal is as easy as providing consent — a single email request is sufficient. Upon withdrawal, all verification data is deleted within 30 days.

Parent/Guardian Contact Information NEW

Parent/guardian email address (for COPPA consent verification and progress report delivery)
Parent/guardian communication preferences for automated reports

3.2 Information Collected Automatically

Technical Information

IP address
Browser type and version
Device information
Pages visited and interaction patterns
Timestamps of access

Authentication Data

Session tokens (stored in HTTP-only cookies; not accessible to client-side scripts)
Authentication state

Platform-Generated Data NEW

Automated progress report content (generated from academic data entered by tutors)
Automated report generation metadata (timestamps, delivery status)
Automated reminder and check-in event logs
Accountability tracking events (session attendance, assignment completion timestamps)

3.3 Information from Third-Party Services

Stripe (Payment Processing)

We receive opaque payment identifiers (Stripe Payment ID, Checkout Session ID) from Stripe Inc. We do NOT receive, process, or store your credit card numbers, CVV codes, bank account numbers, or other cardholder data. All payment card information is collected and processed directly by Stripe through their hosted checkout page.
For tutors: Stripe Connect account identifiers and payment enablement status
For tutor subscriptions: Stripe Customer ID, Subscription ID, subscription tier and status

Google Maps (Location Services)

When you enter a location on your profile, we use Google Maps API to convert your address to geographic coordinates for map-based tutor search functionality.

Google Calendar (Calendar Sync) NEW

If you choose to connect your Google Calendar, we request three OAuth scopes: (REVISED — v4)
- calendar (full calendar management) — used to automatically create and manage a dedicated “Tudius Tutoring” calendar on your Google account. We do not read your existing calendars — we only create events on the dedicated calendar. With your explicit consent (event_read_consent), existing events may be read for bidirectional sync.
- calendar.events (read/write events on specific calendars) — used to create, edit, and delete session events on the dedicated calendar. Events are automatically created when bookings are approved and updated on cancellation or schedule changes.
- calendar.freebusy (read free/busy information) — used to check your schedule for conflicts by reading only whether time slots are free or busy. No specific event content is read.
PIPEDA Principle 4 (Limiting Collection): Tudius requests Google Calendar's full management scope but performs write operations only on the dedicated calendar. We access only freebusy information from your existing calendars. Unless you explicitly consent to bidirectional sync, we do not access the details of your existing events.
Calendar sync is entirely optional and requires your separate, express consent.
You may disconnect your calendar at any time, and all sync data is deleted immediately upon disconnection.

Resend Inc. (Automated Reports) NEW

When automated progress reports are sent to parents/students, we use Resend Inc. to deliver these messages. Resend processes recipient email addresses and report content solely for delivery purposes under a Data Processing Agreement.

3.4 Information We Do NOT Collect

Credit card numbers, CVV codes, or bank account details (handled exclusively by Stripe)
Government-issued identification document images — we do not retain copies of identity documents after verification is complete. Only the verification result, method, and timestamp are retained (verify-and-delete pattern). See Section 3.1 and Section 7 for details. (REVISED — v3)
Government-issued identification numbers (e.g., SIN, health card numbers)
Health information or medical records
Racial or ethnic origin
Religious or philosophical beliefs
Biometric data
Life pattern data: We do NOT collect information about your daily routines, including wake times, sleep times, meal schedules, or other personal habits (NEW — explicitly prohibited)
Individual Education Plan (IEP) data or formal learning disability diagnoses, unless expressly provided by the tutor in session notes (NEW)
Google Calendar event titles, descriptions, attendees, or content — by default, only free/busy status is accessed. If you enable bidirectional sync, event titles and times are accessed with your separate express consent (see Section 20.1). (REVISED — v4)

4. How We Use Your Information

We use your personal information only for the purposes identified at or before the time of collection, as required by PIPEDA Schedule 1, Principle 2 (Identifying Purposes).

Purpose	Data Used	Legal Basis
Account creation and authentication	Email, password, role	Contractual necessity (PIPEDA s. 7(1)(b))
Tutor profile display and search	Bio, photos, rate, subjects, location, coordinates	Contractual necessity — core platform function
Student-tutor matching	Preferred subjects, location	Contractual necessity
Booking management	Booking details, schedule, status	Contractual necessity
Payment processing	Stripe payment identifiers, amounts	Contractual necessity
Tutor subscription billing	Stripe customer/subscription IDs, tier, status	Contractual necessity
Automatic subscription renewal and billing NEW	Stripe customer ID, payment method, subscription tier, billing interval	Contractual necessity (PIPEDA s. 7(1)(b)); express consent at subscription
Public reviews and rankings	Ratings, review text	Express consent (review submission is a voluntary, affirmative action; reviews are publicly visible)
Follow relationships	Student-tutor follow records	Contractual necessity
Map-based tutor search	Geographic coordinates	Express consent (location permission at profile creation)
Lesson plan management NEW	Lesson plans, assignment records	Express consent (academy feature activation)
Automated progress report generation NEW	Academic data (lesson plans, assignments, grades, session notes)	Express consent (separate opt-in for report generation)
Progress report delivery to parents NEW	Report content, parent email address	Express consent (parent consent for receiving reports)
Automated reminders and check-ins NEW	Booking schedule, session data, student contact	Express consent (separate opt-in for automated communications)
Calendar availability display NEW	Availability windows, calendar free/busy status	Express consent (calendar sync opt-in)
Confirming tutor or student identity through verification processes NEW — v3	Identity verification documents, verification result, method, timestamp	Express consent (identity verification opt-in; document submission is voluntary)
Processing recurring monthly student-tutor payments NEW — v3	Stripe subscription IDs, billing cycle, payment amounts, student-tutor pairing	Contractual necessity (PIPEDA s. 7(1)(b)); express consent at monthly billing agreement
Platform security and fraud prevention	IP address, session tokens, access logs	Legitimate interest in platform security (PIPEDA Principle 7)
Legal compliance	Various, as required	Legal obligation

We do NOT use your personal information for:

Targeted advertising or behavioural profiling
Sale to third parties
Automated decision-making that produces legal effects without human oversight (see Section 11 on Rankings and Section 19 on Academic Reports)
Any purpose not listed above without obtaining your separate consent
Training artificial intelligence or machine learning models (NEW)

5. Consent

In accordance with PIPEDA Schedule 1, Principle 3 (Consent) and Quebec Law 25 (S.Q. 2021, c. 25), we obtain your consent for the collection, use, and disclosure of your personal information. Consent must be clear, free, informed, and specific for each purpose (Law 25 requirement).

5.1 Implied Consent

We rely on implied consent for data processing that is obvious and necessary for the primary service you have requested:

Account creation when you voluntarily sign up
Booking management when you create a booking
Payment processing when you initiate a payment through Stripe Checkout

5.2 Eight Granular Consent Categories REVISED — v5

In compliance with Quebec Law 25's prohibition on bundled consent, we maintain eight separate consent categories. Each requires independent, unambiguous consent. You may consent to any combination of these categories independently. The “Personal Information Collected” column maps each consent category to the specific personal information types collected under it, satisfying 16 C.F.R. s. 312.4(d)(2)(ii) (separate-category enumeration of personal information collected from children).

#	Consent Category	Description	Personal Information Collected NEW — v5	Who Consents	How to Withdraw
1	Core Tutoring Services	Collection of booking, scheduling, and payment data necessary for the tutoring service, including account management, session booking, schedule management, subscription billing, automatic subscription renewal, and recurring monthly student-tutor billing arrangements	Account: name, email, hashed password, date of birth, avatar. Profile: subjects, grade level, location (for matching). Booking: session timestamps, duration, meeting URL, status. Payment: Stripe customer/payment-method tokens, last 4 digits, subscription identifier (no full card data).	Tutor and Student (implied at signup)	Account deletion
2	Calendar Sync	Connection to Google Calendar for free/busy availability display	Google OAuth refresh token (encrypted at rest), calendar identifier, free/busy time intervals (start/end UTC). No event titles, descriptions, attendees, or location data are read or stored.	Tutor (express opt-in via OAuth)	Disconnect calendar in settings
3	Progress Reports to Parents	Generation and delivery of automated progress reports to parent/guardian email	Academic data: subjects, lesson plans, assignment titles and completion status, grade entries, session notes, progress metrics (attendance, on-time completion rate). Parent contact: parent/guardian name, email, optional phone. Report metadata: send timestamp, delivery status.	Student or Parent (express opt-in) + Tutor (express activation)	Toggle off in report settings
4	Automated Reminders	Session reminders, lesson plan alerts, and accountability check-in notifications	Email address (required), optional phone for SMS, booking schedule timestamps, reminder preferences (timing, channel), notification log entries.	Student or Parent (express opt-in)	Toggle off in notification settings
5	Marketing Communications	Promotional emails, newsletter, new feature announcements	Email address, marketing-engagement metadata (open and click counts, unsubscribe status), marketing preferences, CASL consent record (timestamp, source).	All users (separate express opt-in, CASL s. 6(1))	Unsubscribe link or settings
6	Analytics	Aggregated, de-identified usage data for platform improvement	Pseudonymous Google Analytics identifiers (_ga, _ga_id, _gid — see Section 14.3), device fingerprint (browser, OS, viewport), page-view events, session duration. Identifiers are not linked to account identifiers and are never used to advertise to or profile minor users.	All users (express opt-in)	Toggle off in privacy settings
7	Identity Verification NEW — v3	Processing of government-issued photo identification for identity confirmation. Document images are deleted immediately after verification; only the verification result, method, and timestamp are retained	Government-issued identification image (transient, deleted promptly per 16 C.F.R. s. 312.5(b)(2)(v)), optional facial-match photograph (transient, deleted promptly per s. 312.5(b)(2)(vii)). Retained verification metadata: provider name, method identifier, pass/fail outcome, timestamp.	Tutor or Student (express opt-in; document submission is voluntary)	Contact Privacy Officer; note that verification result cannot be retroactively undone, but the “Identity Confirmed” designation can be removed from your profile
8	Targeted Advertising (Meta) NEW — v5	Sharing usage signals with Meta (Facebook/Instagram) Pixel and Conversions API for cross-site advertising audiences and conversion measurement. Independent of 1st-party Analytics — declining here disables all 3rd-party ad-tech transmission while leaving GA4 product analytics available if Analytics is granted. Legal basis: 16 C.F.R. s. 312.5(a)(2) separate parental verifiable consent for 3rd-party data sharing for advertising purposes (2026 COPPA amendment).	Pseudonymous Meta identifiers (_fbp, _fbc), event names and custom_data (currency, value, content_ids), hashed identifiers (em SHA-256, external_id), client IP, user-agent. No raw PII transmitted. Never fired for minor users absent verified parental Category 8 consent (16 C.F.R. s. 312.5(a)(2)).	All users (express opt-in; minors require separate verifiable parental consent — default declined)	Toggle off in privacy settings; parents may revoke via the Parent Portal at any time

Withdrawal of consent for any category is as easy as giving consent, as required by Quebec Law 25. Withdrawal does not affect the lawfulness of processing performed before withdrawal. Note that withdrawing consent for Category 1 (Core Tutoring) requires account closure, as the Platform cannot function without this data.

5.3 Consent for Minors EXPANDED

Users under 13: Cannot create accounts on this Platform. If we discover that a user is under 13, we will immediately delete their account and all associated personal information (COPPA, 15 U.S.C. s. 6502).
Users aged 13-17: Require verified parental or guardian consent before account creation. We will request the parent/guardian's email address and send a consent notification. The parent/guardian may review, modify, or revoke consent at any time (Quebec Law 25: under-14 consent requirement; COPPA: constructive knowledge provisions).
Users aged 14-17 in Quebec: Require parental or guardian consent per Quebec Law 25.
Academic data for minors: (NEW) Parental consent for account creation does NOT automatically extend to academy features. Parents must provide separate consent for each applicable consent category (Categories 3, 4, and 6 above) before academic data about their child is collected, processed, or shared. This reflects the Quebec Law 25 prohibition on bundled consent and the COPPA requirement for separate consent for third-party disclosure (16 C.F.R. s. 312.5, as amended).
Parental opt-out from reports: (NEW) Parents may opt out of receiving automated progress reports without terminating the tutoring relationship. Opting out of reports does not affect the underlying tutoring service.

See Section 12 (Children's Privacy) for complete details.

5.4 Withdrawing Consent

You may withdraw your consent at any time by:

Updating your privacy settings in your account dashboard (per-category toggles)
Contacting the Privacy Officer at privacy@tudius.com
Deleting your account

Withdrawal of consent is as easy as giving consent, as required by Quebec Law 25.

6. Disclosure and Sharing

We disclose your personal information only in the following circumstances:

6.1 Public Display

The following information is publicly visible on the Platform by design:

Tutor profiles: Bio, photos, rate, subjects, location (text), online availability, short-term/trial settings
Reviews: Reviewer's display name, rating, and comment text (displayed on the tutor's profile)
Rankings: Aggregated ranking scores by subject (derived from reviews)

6.2 Platform Participants

Tutors can see the profiles of students who have active bookings with them (preferred subjects, location)
Students can see tutor profiles for search and booking purposes
Booking parties can see booking details, session schedules, and payment records for their own bookings
Parents/Guardians (NEW) can see: (a) their child's academic progress data (lesson plans, assignment status, session notes, grades) if the tutor has activated academy features AND the parent has consented to Category 3 (Progress Reports); (b) automated progress reports delivered to their email. Parents can only access data for their own verified child — not other students

6.3 Third-Party Service Providers

We share personal information with the following service providers, who process it on our behalf under contractual data protection obligations:

Provider	Location	Data Shared	Purpose
Supabase Inc.	United States	All platform data (profiles, bookings, sessions, payments, reviews, academic data, lesson plans, progress reports)	Database hosting, authentication, real-time services
Stripe Inc.	United States	Payment identifiers, amounts, customer/subscription data, Connect account data	Payment processing, subscription billing, tutor payouts
Vercel Inc.	United States	Server-side request data, IP addresses, access logs	Application hosting and delivery
Google (Google Maps API)	United States	Location queries, geographic coordinates	Map display and geocoding
Google (Calendar API) NEW	United States	Free/busy calendar status only (no event content)	Calendar availability sync (opt-in only)
Google LLC (Google Analytics 4) NEW — v5	United States	Pseudonymous analytics identifiers (_ga, _ga_id, _gid), device and browser metadata, page-view events, session duration. Not linked to account identifiers and not used to profile or advertise to minor users	Aggregate traffic analytics and engagement measurement under Google Analytics Data Processing Terms (2025). Retention 14 months (GA4 default). Disclosed here as primary third-party recipient under 16 C.F.R. s. 312.4(d)(2)(iv); see Section 14.3 for cookie-level detail
Meta Platforms, Inc. (Facebook/Instagram Pixel + Conversions API) NEW — v5	United States and Ireland	Pseudonymous browser/device identifiers (_fbp, _fbc), event names, custom event data (currency, value, content_ids), hashed identifiers (em SHA-256, external_id), client IP, user-agent. No raw PII transmitted. Never fired for minor users absent verifiable parental consent on Section 5.2 Category 8 (16 C.F.R. s. 312.5(a)(2))	Targeted advertising audience measurement and conversion deduplication via Meta Pixel and Conversions API under Meta Business Tools Terms and Meta Data Processing Agreement. Retention per Meta DPA. Subject to dual-gate consent: Section 5.2 Category 6 (Analytics) AND Category 8 (Targeted Advertising). Disclosed as third-party recipient under 16 C.F.R. s. 312.4(d)(2)(iv); see Section 14.3 for cookie-level detail
Resend Inc.	United States	Parent/student email addresses, automated report content	Automated progress report delivery
Sentry Inc. (Functional Software, Inc.)	United States	Error context, stack traces, IP address, browser metadata	Error tracking and application stability monitoring
Upstash Inc.	United States	IP-derived rate limit keys (1-minute TTL, automatically deleted)	API rate limiting and abuse prevention
Identity Verification Service (to be selected) NEW — v3	To be confirmed	Government-issued identification images (transmitted for verification processing; deleted by the service after confirmation). Verification result returned to Tudius	Identity verification processing under Data Processing Agreement. DPA and Privacy Impact Assessment will be completed before any data transfer (Quebec Law 25, s. 17)

Each provider is contractually bound by a Data Processing Agreement (DPA) that requires them to protect your personal information in accordance with applicable privacy legislation. See Section 9 (Cross-Border Transfers) for details.

6.4 Legal Obligations

We may disclose personal information without consent where required by law, including:

In response to a court order, subpoena, or lawful request by a government authority
To comply with applicable legislation (PIPEDA s. 7(3)(c))
To protect the rights, safety, or property of Tudius Inc., our users, or the public

6.5 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. You will be notified of any change in ownership or use of your personal information.

6.6 No Sale of Personal Information

We do NOT sell your personal information to any third party. We use targeted advertising (Meta Pixel and Conversions API) only when the user has explicitly opted in via the Targeted Advertising (Meta) consent category (Section 5.2, Category 8); the default for that category is declined. For minor users (under 18), this category requires verifiable parental consent collected through the Parent Portal — absent that explicit parental opt-in, no targeted-advertising data is transmitted to any third party (16 C.F.R. s. 312.5(a)(2), as amended).

7. Data Retention

We retain personal information only as long as necessary for the purposes for which it was collected, in accordance with PIPEDA Schedule 1, Principle 5 (Limiting Use, Disclosure, and Retention) and the COPPA amended rule's data retention requirements (16 C.F.R. s. 312.10, as amended).

Data Category	Retention Period	Basis
Account profile data	Duration of active account + 30 days after deletion request	Service provision
Booking records	7 years after booking completion	Canada Revenue Agency requirements (Income Tax Act, s. 230(1))
Payment records	7 years after transaction	CRA requirements; financial audit obligations
Review content	Duration of active account; anonymized or deleted upon account deletion	Service provision
Session tokens	Duration of authenticated session	Security
Server access logs	90 days	Security monitoring and incident response
Breach incident records	Minimum 5 years (24-month minimum per PIPEDA s. 10.3)	PIPEDA s. 10.3; Quebec Law 25 s. 63.8
Lesson plans NEW	Duration of tutoring relationship + 30 days after last session	Purpose fulfillment; tutor may export before deletion
Assignment records NEW	Duration of tutoring relationship + 90 days	Purpose fulfillment; needed for final report generation
Grade/score data NEW	Duration of tutoring relationship + 90 days	Purpose fulfillment
Session notes NEW	Duration of tutoring relationship + 30 days	Purpose fulfillment; may contain subjective assessments
Progress reports (sent) REVISED — v4	Duration of tutoring relationship + 2 years following its termination	Dispute resolution and accuracy verification; parental access rights (COPPA s. 312.6, PIPEDA Principle 9)
Calendar sync data NEW	Real-time only; deleted immediately on disconnect	Data minimization
Parent/guardian contact info NEW	Duration of minor's account or until consent revocation	COPPA compliance + service delivery; deleted within 30 days of consent revocation
Accountability check-in logs NEW	90 days (rolling window)	Operational; no long-term retention justified
Automated reminder logs NEW	90 days (rolling window)	Operational
Identity verification metadata NEW — v3	Duration of account (verification result, method, and timestamp only; document images are deleted immediately after verification)	PIPEDA Principle 5 (limiting retention); verify-and-delete pattern per OPC guidance
Monthly billing records NEW — v3	7 years after last billing transaction	CRA tax requirements (Income Tax Act, s. 230(1)); financial audit obligations

Data Retention — Progress Reports NEW — v4

Progress reports are retained for the duration of the tutoring relationship plus two (2) years following its termination. After this retention period, reports are automatically deleted. Parents/guardians may at any time request access to and review the personal information collected from their child, including progress reports, by contacting our Privacy Officer at privacy@tudius.com. We will respond to such requests within thirty (30) days in accordance with PIPEDA Principle 9. Parents/guardians may also request earlier deletion of their child's progress reports.

When retention periods expire, personal information is permanently deleted or irreversibly anonymized. We do not retain children's personal information indefinitely (COPPA, 16 C.F.R. s. 312.10, as amended).

Written Data Retention Policy: In compliance with the amended COPPA rule, this Section 7 constitutes our published written data retention policy, disclosing the purposes of collection, business need for retention, and deletion timeframes for all categories of personal information.

8. Security Safeguards

We implement security safeguards appropriate to the sensitivity of the personal information, as required by PIPEDA Schedule 1, Principle 7 (Safeguards).

Technical Measures

Encryption at rest for all stored data (provided by Supabase)
Encryption in transit (TLS/HTTPS for all connections)
Row-Level Security (RLS) policies on every database table, ensuring users can only access data they are authorized to see
HTTP-only, Secure session cookies (not accessible to client-side JavaScript; prevents cross-site scripting attacks)
Content Security Policy (CSP) headers to prevent injection attacks
Strict Transport Security (HSTS) to enforce HTTPS connections
Input validation on all data submissions (server-side)
Immutable booking fields protected by database triggers (student_id, tutor_id, type, rate cannot be modified after booking creation)
Academic data protected by role-based RLS: (NEW) Lesson plans and session notes are accessible only to the creating tutor, the enrolled student, and the student's verified parent/guardian. Tutors cannot access other tutors' lesson plans
Parent access verification: (NEW) Parent/guardian access to student academic data requires a verified parent-student relationship, enforced at the database level

Organizational Measures

Designated Privacy Officer responsible for privacy compliance
Data access limited to what is necessary for each user role
Third-party processors bound by Data Processing Agreements
No storage of payment card data on Platform servers (PCI DSS SAQ A compliant)

Payment Security

All payment card information is collected, processed, and stored exclusively by Stripe Inc. through their PCI DSS Level 1 certified infrastructure. Our Platform is SAQ A compliant — we never receive, transmit, or store cardholder data. Only opaque Stripe-generated identifiers are stored in our database.

9. Cross-Border Transfers

Your personal information may be transferred to, stored in, and processed in the United States, where our service providers operate. The United States does not have a comprehensive federal privacy law equivalent to PIPEDA or Quebec Law 25.

In accordance with Quebec Law 25 s. 17 and PIPEDA Schedule 1, Principle 1 (Accountability), we have conducted Privacy Impact Assessments for each cross-border transfer and executed Data Processing Agreements with each provider. We have implemented the following safeguards:

Provider	Transfer Safeguards
Supabase	Data Processing Agreement with GDPR Art. 28 terms; EU Standard Contractual Clauses; encryption at rest and in transit
Stripe	Data Processing Agreement; PCI DSS Level 1 certification; EU Standard Contractual Clauses
Vercel	Data Processing Agreement; GDPR-compliant terms; encryption in transit
Google Maps	Data Processing Amendment; limited to location query data
Google Calendar NEW	Data Processing Amendment; limited to free/busy status data only; no event content transferred
Resend Inc.	Data Processing Agreement; processes email addresses and report content for delivery only; no data retention beyond delivery confirmation
Sentry Inc. (Functional Software, Inc.)	Data Processing Agreement; error data retained for 90 days; IP address scrubbing available
Upstash Inc.	Data Processing Agreement; IP-derived keys with 1-minute TTL; automatic deletion after expiry
Identity Verification Service (to be selected) NEW — v3	To be confirmed; Data Processing Agreement and Privacy Impact Assessment will be completed before any identity document data is transferred, as required by Quebec Law 25, s. 17. Verification service will process document images solely for identity confirmation and delete them after verification

Tudius Inc. remains accountable for your personal information regardless of where it is processed. Our contractual arrangements with each provider require them to maintain privacy protections equivalent to those required under Canadian law.

For Quebec residents: Privacy Impact Assessments for each cross-border transfer are available upon request to the Privacy Officer.

10. Your Rights

You have the following rights regarding your personal information. To exercise any of these rights, contact the Privacy Officer at privacy@tudius.com.

10.1 Right of Access (PIPEDA Principle 9)

You may request access to the personal information we hold about you. We will respond within 30 days of receiving your request. We may charge a reasonable fee for manifestly unfounded or excessive requests.

10.2 Right to Correction (PIPEDA Principle 6)

You may request correction of inaccurate or incomplete personal information. You may also update most of your information directly through your account settings.

10.3 Right to Deletion

You may delete your account at any time through the self-serve account deletion feature in your profile settings. You may also request deletion by contacting us at privacy@tudius.com. In accordance with PIPEDA Principle 4.3.8, you have the right to withdraw your consent and have your personal information deleted. Upon deletion:

Your profile information will be permanently deleted within 30 days
Booking and payment records will be anonymized (personal identifiers removed) but retained for 7 years as required by the Canada Revenue Agency
Your reviews will be anonymized or deleted
Your follows will be deleted
Session cookies and authentication data will be immediately invalidated
Academic data: (NEW) Lesson plans, assignment records, session notes, and grade data will be offered for export (see Section 10.4) and then permanently deleted within 30 days
Progress reports: (NEW) Sent reports will be anonymized (personal identifiers removed) and retained for up to 2 years for dispute resolution
Calendar sync: (NEW) Immediately disconnected and all sync data deleted
Parent contact info: (NEW) Deleted within 30 days (or immediately upon parent request)

10.4 Right to Data Portability EXPANDED

You may request a copy of your personal information in a structured, commonly used, machine-readable format (JSON or CSV). This right is provided under Quebec Law 25 and aligns with GDPR Art. 20 for any EU-based users.

Academic data portability: (NEW) You may export all academic data associated with your account, including lesson plans, assignment records, grades, session notes, and all progress reports ever generated. Export is available in JSON format and human-readable PDF summary. This ensures you can take your academic history with you if you switch tutors or platforms.

10.5 Right to De-indexing (Quebec Law 25 s. 28.1)

Quebec residents may request that personal information disseminated through the Platform be de-indexed from search engine results. If your profile or review information is indexed by search engines, you may request its removal. We will implement technical measures (such as noindex directives) within a reasonable time.

10.6 Right to Information About Automated Processing

You have the right to be informed about any automated decision-making that produces effects concerning you, including our tutor ranking algorithm (see Section 11) and automated progress reports (see Section 19).

10.7 Complaint Mechanism (PIPEDA Principle 10)

If you believe your privacy rights have been violated, you may:

Contact the Privacy Officer at privacy@tudius.com
File a complaint with the Office of the Privacy Commissioner of Canada (OPC): www.priv.gc.ca
Quebec residents: File a complaint with the Commission d'acces a l'information du Quebec (CAI): www.cai.gouv.qc.ca
Alberta residents: File a complaint with the Office of the Information and Privacy Commissioner of Alberta (OIPC): www.oipc.ab.ca

11. Automated Decision-Making and Rankings

Our Platform uses an automated ranking system for tutors. The ranking algorithm calculates a score based on:

Average review rating from student reviews
Number of reviews (weighted logarithmically to avoid manipulation)

The formula is: rank_score = average_rating x ln(review_count + 1)

Rankings are calculated per subject and determine a tutor's position in search results for that subject.

Your rights regarding rankings:

You may request an explanation of how your ranking was calculated
You may contest your ranking position by contacting the Privacy Officer
A human review process is available for ranking disputes

Rankings are recalculated automatically when reviews are added, updated, or deleted. No individual has the ability to manually override rankings outside of the dispute resolution process.

Automated progress reports are also a form of automated processing. See Section 19 for details on how reports are generated, your rights regarding report content, and the tutor review safeguard.

11.1 Platform Messaging & Retention Nudges

In-app messages are processed for (1) delivery, (2) automated pattern-matching of contact information and keywords, and (3) display of advisory retention guidance (“nudges”). No human reviews message content except as required for safety reports, legal requests, or with your explicit consent. Detection events are retained for 90 days. Legal basis: PIPEDA Schedule 1 Principle 3 (express consent obtained at signup) and Principle 4, Alberta PIPA s. 7(2) and s. 11, Quebec Law 25 s. 8.1, and GDPR Art. 6(1)(f) legitimate interest for EU users.

12. Children's Privacy SUBSTANTIALLY EXPANDED

Tudius Inc. takes the privacy of children seriously. As a tutoring platform that provides academy-level management tools, we recognize that our Platform serves users under 18, including students in K-12 education.

12.1 Age Requirements

Under 13: You must be 13 years of age or older to create an account on this Platform. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will delete that information promptly (COPPA, 15 U.S.C. s. 6502).
Ages 13-17: Users between 13 and 17 may use the Platform only with verified parental or guardian consent.
Under 14 (Quebec): Quebec residents under 14 require parental or guardian consent per Quebec Law 25.

12.2 Parental Consent Process

For users aged 13-17, we require:

The minor provides a parent/guardian's email address during registration
We send a consent notification to the parent/guardian explaining what information is collected and how it is used
The parent/guardian must affirmatively consent before the minor's account is activated
Parents/guardians may review their child's personal information, revoke consent, and request account deletion at any time

Academy feature consent for minors: (NEW) Parental consent for account creation does NOT automatically extend to academy features. Before academic data about a minor is collected, the parent/guardian must provide separate consent for each applicable consent category (see Section 5.2). This separate consent is required under both Quebec Law 25 (bundled consent prohibition) and the amended COPPA rule (separate consent for third-party disclosure, 16 C.F.R. s. 312.5, as amended).

12.2.1 Verifiable Parental Consent (VPC) Methods NEW — v5

The Children's Online Privacy Protection Rule (16 C.F.R. s. 312.5(b)(2), as amended by the 2025 Final Rule effective June 23, 2025; compliance deadline April 22, 2026) enumerates the following methods of verifiable parental consent. Tudius Inc. discloses below which method(s) we currently use, which method(s) we plan to add, and how each maps to the statutory list.

Statutory enumeration (16 C.F.R. s. 312.5(b)(2)):

Providing a consent form to be signed by the parent and returned via U.S. mail, fax, or electronic scan
Requiring the parent, in connection with a monetary transaction, to use a credit card, debit card, or other online payment system that provides notification of each separate transaction to the primary account holder
Having the parent call a toll-free telephone number staffed by trained personnel
Having the parent connect to trained personnel via video conference
Verifying the parent's identity by checking a form of government-issued identification against databases of such information, where the parent's identification is deleted by the operator from its records promptly after such verification is complete
Knowledge-based authentication (KBA) — presenting the parent with a knowledge-based question of sufficient difficulty that a child age 12 or under in the parent's household could not reasonably ascertain the answer
Verifying a picture of the parent's government-issued identification by comparing it to a second photo of the parent using facial recognition technology, with the picture deleted after verification
“Email plus” — obtaining verifiable parental consent by an email coupled with additional steps to provide assurances that the person providing the consent is the parent (such as sending a confirmatory email after receiving consent, or calling or sending a letter to the parent),only when the operator collects personal information for use internally and does not disclose it to third parties
“Text plus” NEW 2025 amendment — the SMS/text-message equivalent of “email plus” with the same internal-use-only condition (16 C.F.R. s. 312.5(b)(2)(ix), added by the 2025 Final Rule)

Method currently in use at Tudius

Email Confirmation with Delayed Activation (mapped to 16 C.F.R. s. 312.5(b)(2)(viii) “email plus”): The minor (ages 13–17, or under 14 for Quebec residents) provides a parent or guardian email address during registration. We send a consent notification to that email explaining what information is collected, how it is used, and how to revoke. The parent must affirmatively complete the consent form before the minor's account is activated. We then impose an activation delay during which the parent may revoke; the account is activated only after the delay elapses without revocation.

Disclosure-limitation acknowledgment. Section 312.5(b)(2)(viii) restricts the “email plus” method to operators that collect personal information for internal use only and do not disclose it to third parties. After tutor matching is complete, Tudius shares the matched minor's first name, grade level, and subject with the matched tutor solely for the purpose of providing the tutoring service the parent has consented to. We treat this matched-tutor sharing as a service-provider disclosure under the FTC's ed-tech guidance rather than a third-party disclosure that would defeat “email plus” eligibility. For pre-matching discovery, the minor's profile is presented in anonymized form (first-name initial, subject and grade level only). Parents who prefer not to rely on this interpretation may elect the government-ID method described below once it is wired up (anticipated Q2 2026).

Methods planned (Q2 2026 — H-1)

Government-Issued ID Check + Facial Match (mapped to 16 C.F.R. s. 312.5(b)(2)(v) and (vii)): We are wiring up an identity-verification provider so that parents who prefer not to rely on the “email plus” method may instead upload a photo of a government-issued identification document. The provider verifies the identification against an authoritative database and, where appropriate, performs a facial match between the document photograph and a second photograph of the parent. The identification image is deleted from our records promptly after the verification is complete, as required by 16 C.F.R. s. 312.5(b)(2)(v). Stripe Identity is one pre-available commercial product that supports both s. 312.5(b)(2)(v) and s. 312.5(b)(2)(vii); the provider for Tudius will be finalized as part of the H-1 implementation task and disclosed in Section 6.3 (Third-Party Service Providers) when wire-up is complete.

Backup method (manual review)

If a parent encounters a technical issue with any automated method above, the parent may request manual review by Tudius's Privacy Officer (contact information in Section 1). The Privacy Officer will conduct a documented review using a combination of the enumerated methods above (typically (i) signed consent form returned via electronic scan plus (iii) a confirming telephone call) and record the verification in our consent ledger.

12.3 Protections for Minor Accounts

For accounts identified as belonging to users under 18:

No targeted advertising or behavioural profiling absent verifiable parental consent on Section 5.2 Category 8 (Targeted Advertising — Meta), which defaults to declined for all minor accounts
No sale or sharing of data for marketing purposes
No disclosure of personal information to third parties for targeted advertising absent verifiable parental consent on Section 5.2 Category 8 (16 C.F.R. s. 312.5(a)(2) separate verifiable parental consent, as amended)
Data collection limited to what is strictly necessary for the tutoring service
Enhanced security controls on account access
Academic data minimization: (NEW) Academic data collected for minors is limited to what is necessary for the tutoring service. Engagement metrics designed to increase platform usage are NOT collected from minor accounts
No AI training: (NEW) Personal information of minor users is never used for training artificial intelligence or machine learning models
Data retention limits: (NEW) Personal information of minor users is retained only as long as reasonably necessary for the purpose for which it was collected, and is never retained indefinitely (COPPA, 16 C.F.R. s. 312.10, as amended)
Monthly billing prohibition: (NEW — v3) Minor students (ages 13-17) cannot enter monthly billing agreements directly. Monthly billing for tutoring services involving a minor student must be authorized and paid by a parent or guardian. This reflects that minors cannot enter recurring financial contracts under the Ontario Age of Majority and Accountability Act (R.S.O. 1990, c. A.7) and that recurring charges on minor accounts require separate parental consent under COPPA (16 C.F.R. s. 312.5(a)(2))

12.4 COPPA 2026 Compliance REVISED

In compliance with the amended COPPA rule (effective June 23, 2025; compliance deadline April 22, 2026):

We do not engage in targeted advertising directed at users under 13
We do not send push notifications that monetize children's data
We require separate parental consent before disclosing children's personal information to third parties for any purpose beyond the core tutoring service (16 C.F.R. s. 312.5, as amended)
Data collected from minor users is limited to service necessity only
We maintain and publish a written data retention policy (Section 7) as required by the amended rule
We do not retain children's personal information indefinitely
Parental access and deletion rights are fully supported
Ed-tech context: (NEW) While the FTC did not adopt ed-tech-specific amendments in the 2026 final rule, the FTC has stated it will continue to enforce COPPA in the educational technology context consistent with its existing guidance. As a platform providing educational management tools, we apply heightened COPPA scrutiny to all academic data collected about minors

12.5 Parent Portal NEW

Parents/guardians of minor users have access to our Parent Portal where they can:

View all personal information collected about their child
View academic data (lesson plans, assignments, grades, session notes) if Category 3 consent is active
View all automated progress reports sent about their child
Modify or revoke consent for any consent category (Section 5.2)
Request correction of inaccurate information in progress reports
Request deletion of their child's account and all associated data
Export their child's academic data in JSON or PDF format

Progress report access: NEW — v4 Parents/guardians may at any time request access to and review progress reports and other personal information collected from their child by contacting our Privacy Officer. We will respond within thirty (30) days in accordance with COPPA s. 312.6 and PIPEDA Principle 9. Parents/guardians may also request earlier deletion of their child's progress reports (subject to retention periods in Section 7).

12.6 Reporting Concerns

If you believe a child under 13 has created an account on this Platform, please contact the Privacy Officer immediately at privacy@tudius.com. We will investigate and take appropriate action, including account deletion if warranted.

13. Commercial Electronic Messages (CASL) EXPANDED

In compliance with Canada's Anti-Spam Legislation (CASL, S.C. 2010, c. 23):

13.1 Transactional Messages (Exempt)

The following messages are transactional in nature and do not require separate consent:

Email verification during account creation
Booking confirmations and cancellation notices
Payment receipts and subscription status updates
Security alerts (password changes, suspicious activity)

13.2 Automated Service Messages NEW

The following automated messages are classified as transactional under CASL s. 6(6)(a) because they provide information about an ongoing service the recipient has consented to:

Automated progress reports sent to parents/students (provided Category 3 consent is active and no promotional content is included)
Session reminders sent to students before scheduled sessions
Lesson plan alerts sent to tutors before sessions
Accountability check-in notifications about specific booked sessions

CRITICAL CONSTRAINT: These messages must contain ONLY information about the tutoring service. The moment any promotional content (e.g., “upgrade your plan,” “refer a friend”) is included, the entire message becomes a commercial electronic message requiring separate express consent under CASL s. 6(1).

13.3 Commercial Messages (Consent Required)

The following types of messages require your separate, express consent (Category 5):

Promotional offers and discounts
Newsletter and platform updates
New feature announcements (beyond essential service updates)
Marketing communications from Tudius Inc.

You may opt out of commercial messages at any time by:

Clicking the “unsubscribe” link in any commercial email
Updating your communication preferences in your account settings
Contacting the Privacy Officer

Unsubscribe requests are processed within 10 business days, as required by CASL s. 11(1).

All commercial electronic messages include:

Sender identification (Tudius Inc.)
Contact information (Privacy Officer email and mailing address)
Functional unsubscribe mechanism

14. Cookies and Similar Technologies

14.1 Essential Cookies

We use essential cookies that are strictly necessary for the Platform to function:

Authentication session cookies (HTTP-only, Secure, SameSite): Maintain your login session
CSRF protection tokens: Prevent cross-site request forgery attacks

These cookies are necessary for the Platform to operate and cannot be disabled.

14.2 Consent-Based Cookies

We do NOT use advertising, retargeting, or social media tracking cookies. Analytics and performance cookies described in Section 14.3 below are set ONLY after you provide explicit consent via our cookie banner. No tracking cookies are set without your affirmative action.

14.3 Analytics and Performance Cookies (Consent-Required)

The following cookies may be set only after you provide explicit consent:

Cookie	Provider	Purpose	Duration	Set When
analytics_consent	Tudius (first-party)	Records your analytics consent preference	365 days	You click “Accept” or “Decline” on our cookie banner
_ga	Google LLC (US)	Google Analytics cross-session identifier	2 years	You click “Accept Analytics”
_ga_{id}	Google LLC (US)	Google Analytics property-specific identifier	2 years	You click “Accept Analytics”
_gid	Google LLC (US)	Google Analytics daily session identifier	24 hours	You click “Accept Analytics”

These cookies are set only after you provide explicit consent. You may withdraw consent at any time by clicking the cookie settings link in the footer. Withdrawing consent deletes these cookies and stops all analytics tracking. For users under 18, analytics cookies require verified parental consent (see Section 12).

14.4 Functional Cookies

The following cookies are necessary for the Parent/Guardian Portal to function and are set only when a guardian accesses the portal:

Cookie	Purpose	Duration	Set When
portal_session	Parent/Guardian portal authentication (HttpOnly, Secure)	30 minutes	Guardian logs into Parent Portal
portal_session_expires	Portal session expiry display	30 minutes	Guardian logs into Parent Portal

14.5 Persistent Identifiers Used for Internal Operations

The following persistent identifiers support the internal operations of our Platform as defined in COPPA 16 C.F.R. s. 312.2:

Identifier	Purpose	Shared With	Retention
Supabase Auth UUID	Account identification	Supabase Inc. (database hosting)	Account lifetime
Supabase JWT session token	Authentication (HttpOnly cookie)	Supabase Inc.	Session duration
IP address	Security, rate limiting, geolocation	Supabase, Vercel, Upstash, Sentry (when active)	Varies by service
Stripe Customer ID	Payment processing	Stripe Inc.	Account lifetime
Sentry trace ID	Error tracking and diagnostics	Sentry Inc.	90 days (Sentry retention)
Google Calendar ID	Calendar sync (opt-in only)	Google LLC	Until disconnection

Identifiers marked “consent-only” are collected only after you provide explicit consent. For children under 13, collection of any persistent identifier requires verified parental consent (see Section 12).

15. Data Governance

In compliance with Quebec Law 25 s. 63.3-63.4, Tudius Inc. maintains a data governance framework that includes:

This Privacy Policy
A data retention and destruction schedule (Section 7)
Access request handling procedures (Section 10)
A complaint handling process (Section 10.7)
A confidentiality incident register (maintained internally per Law 25 s. 63.8)
Privacy Impact Assessment records for cross-border transfers
Privacy Impact Assessments for each academy feature (NEW) — assessed before implementation per Law 25 s. 3.3
Written data retention policy (NEW) — published as Section 7 per amended COPPA rule

These governance documents are available upon request to the Privacy Officer.

16. Breach Notification

In the event of a security breach involving your personal information, we follow a structured response protocol in compliance with PIPEDA s. 10.1 and Quebec Law 25 s. 63.8:

Assessment: We assess whether the breach creates a real risk of significant harm (RROSH) to affected individuals, considering the sensitivity of the information, the probability of misuse, and the number of individuals affected.
Notification to Regulators: If a RROSH determination is made, we notify the Office of the Privacy Commissioner of Canada (OPC) as soon as feasible, and the Commission d'acces a l'information du Quebec (CAI) with diligence, if Quebec residents are affected.
Notification to You: If the breach creates a real risk of significant harm to you, we will notify you directly, describing the nature of the breach, the types of personal information involved, steps we have taken, steps you can take, and how to contact the Privacy Officer.
Record-Keeping: All security incidents are recorded in our confidentiality incident register and retained for a minimum of 24 months (PIPEDA s. 10.3).
Minor-Specific Notification: (NEW) If a breach involves academic data or other personal information of minor users, we will notify the parent/guardian directly in addition to the minor's account holder.

17. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes:

We will update the “Last Updated” date at the top of this Policy
We will notify you by email or through a prominent notice on the Platform
Material changes take effect 30 days after notification, unless earlier compliance is required by law
Your continued use of the Platform after the effective date constitutes acceptance of the updated Policy

For Quebec residents: Any material change to this Policy that affects your rights will be communicated to you directly, and we will obtain your renewed consent where required by Law 25.

18. Contact Information

For any questions, concerns, or requests related to this Privacy Policy or your personal information:

Privacy Officer: Taeyoung Park

Email: privacy@tudius.com

Mailing Address: Toronto, Ontario, Canada

Response Times

Access requests: Within 30 days (PIPEDA s. 8(3))
Correction requests: Promptly upon verification
Deletion requests: Within 30 days
De-indexing requests: Within a reasonable time
Complaints: Acknowledged within 5 business days; substantive response within 30 days
Academic data export requests: Within 30 days (NEW)
Consent withdrawal requests: Processed within 5 business days (NEW)

19. Academic Data and Progress Reporting NEW

This section describes how we handle academic data collected through the Platform's academy features (lesson plans, assignments, grades, session notes, and automated progress reports).

19.1 What Academic Data We Collect

When tutors activate academy features for a student, the following academic data may be collected:

Lesson plans: Curriculum outlines, learning objectives, and session agendas created by the tutor
Assignment records: Tasks assigned to the student, completion status, and due dates
Grade/score data: Scores and assessments entered by the tutor
Session notes: Post-session observations and notes recorded by the tutor
Progress metrics: Derived data calculated from the above (e.g., completion rates, score trends)

All academic data is created and entered by the tutor. The Platform does not independently assess student academic performance.

19.2 Automated Progress Report Generation

The Platform generates automated progress reports by aggregating academic data entered by tutors. Reports summarize lesson plan coverage, assignment completion, grade trends, and tutor session notes.

How reports are generated:

Reports are generated from data entered by the tutor and automated tracking (assignment completion timestamps, session attendance)
Reports may be generated on a weekly or monthly schedule, as configured by the tutor

Tutor review safeguard (PIPEDA Principle 6 — Accuracy):

Before any automated progress report is sent to a parent or student, the tutor must review and approve the report content
Tutors may edit, correct, or withhold any report before delivery
This safeguard is required by PIPEDA Principle 6 (Accuracy) — automated reports constitute representations of fact about student performance and must be accurate

“This report is generated based on data entered by your tutor and automated tracking. It does not constitute an official academic assessment. Contact your tutor directly for clarification or to discuss your child's progress.”

19.3 Automated Decision-Making Disclosure (Quebec Law 25 s. 12.1)

Automated progress reports constitute personal information rendered by automated processing. In compliance with Quebec Law 25 s. 12.1, we inform you that:

Reports are generated by automated processing of academic data
The personal information used includes lesson plans, assignment completion data, grade data, and session notes
You have the right to contest the content of any automated report
You may request human review of any report by contacting the Privacy Officer or your tutor directly

19.4 Academic Data Ownership and Portability

Tutor-created content: Lesson plans and session notes are created by tutors. Tutors retain the right to export their lesson plans at any time
Student academic records: Students (or parents of minors) may export all academic data associated with their account at any time in JSON or PDF format
On relationship end: When a tutoring relationship ends, both the tutor and student may export their respective data. After the retention period (Section 7), academic data is permanently deleted

19.5 What Academic Data Is NOT

Academic data collected through the Platform:

Is NOT an official academic record, transcript, or credential
Does NOT constitute an assessment by an educational institution
Does NOT replace or supplement Ontario Student Records (OSR) or any provincial student record system
Cannot be used for school admission, academic placement, or official evaluation purposes

20. Calendar Integration NEW

20.1 Calendar Sync Scope

If you choose to connect your Google Calendar (Category 2 consent), the Platform requests the following Google API scopes: (REVISED — v4)

calendar (full calendar management) — used to automatically create and manage a dedicated “Tudius Tutoring” calendar on your Google account. We do not read your existing calendars — we only create events on the dedicated calendar. With your explicit consent (event_read_consent), existing events may be read for bidirectional sync.
calendar.events (read/write events on specific calendars) — used to create, edit, and delete session events on the dedicated calendar. Events are automatically created when bookings are approved and updated on cancellation or schedule changes.
calendar.freebusy (read free/busy information) — used to check your schedule for conflicts by reading only whether time slots are free or busy. No specific event content is read.

PIPEDA Principle 4 (Limiting Collection): Tudius requests Google Calendar's full management scope but performs write operations only on the dedicated calendar. We access only freebusy information from your existing calendars. Unless you explicitly consent to bidirectional sync, we do not access the details of your existing events.

By default, what we CAN see:

Whether a time slot is marked as “free” or “busy” on your calendar

What we DO NOT see by default:

Event titles or names
Event descriptions or notes
Event attendees or invitees
Event locations
Any other event content or metadata

If you separately enable bidirectional sync, event titles and times from calendars you select become accessible to display scheduling conflicts. You can revoke this at any time. Attendees, locations, and attachments are never accessed even with bidirectional sync enabled.

20.5 Google API Disclosure NEW — v4

Tudius's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

We only use Google Calendar data for the purposes described in this Privacy Policy
We do not transfer Google Calendar data to third parties except as necessary to provide the service
We do not use Google Calendar data for advertising purposes
We do not allow humans to read Google Calendar data unless: (a) we have the user's explicit consent, (b) it is necessary for security purposes, (c) it is necessary to comply with applicable law, or (d) our use is limited to internal operations

20.2 How Calendar Data Is Used

Free/busy data is used solely to:

Display your availability for tutoring sessions on the Platform
Prevent double-booking with existing calendar commitments
Suggest available time slots to students browsing your profile

20.3 Calendar Data Handling

Calendar data is processed in real-time and is NOT stored persistently on our servers
We do not retain historical calendar data
Disconnecting your calendar immediately deletes all sync data
Calendar data is never shared with students, parents, or any third party — only the derived “available/unavailable” status is displayed

20.4 Disconnecting Calendar

You may disconnect your Google Calendar at any time through your account settings. Upon disconnection:

All calendar sync data is deleted immediately
Your availability display reverts to manually entered availability windows
No residual calendar data is retained

This Privacy Policy is effective as of March 7, 2026, with Version 4.0 amendments effective as of March 27, 2026 and Version 5.0 amendments effective as of April 22, 2026 (aligned to the FTC COPPA 2025 Final Rule compliance deadline).

This document was drafted with AI assistance and is intended as a comprehensive draft for review. It does not constitute legal advice from a licensed attorney. Tudius Inc. recommends review by qualified privacy counsel before final publication.