1 Overview & Our Commitment
BrightMinds Tutoring ("we," "our," or "us") operates the website brightminds.com and related tutoring services (collectively, the "Service"). We are committed to protecting the privacy of our users, including students, parents, and guardians.
This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our Service. Please read this policy carefully to understand our practices regarding your personal data.
We do not sell your personal information to third parties. Your data is used exclusively to provide and improve our tutoring services. We may share information only with your consent, to fulfill our services, or as required by law.
By accessing or using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.
This policy applies to information we collect through our website, mobile applications, in-person tutoring sessions, email communications, and any other services offered by BrightMinds Tutoring.
2 Information We Collect
We collect information to provide effective tutoring services, personalize your learning experience, and comply with legal obligations. The types of information we collect include:
2.1 Information You Provide Directly
- Account information: Name, email address, phone number, password, and date of birth when you create an account.
- Profile information: Educational level, subjects of interest, learning goals, and academic history.
- Payment information: Credit/debit card details, billing address, and transaction history. All payment data is processed securely through our payment processor (Stripe); we do not store full card numbers.
- Communications: Messages, emails, or chat messages you send to us.
- Parent/Guardian information: For students under 13 (or the applicable age in your jurisdiction), we collect parent/guardian names, contact information, and consent records.
- Scheduling preferences: Preferred session times, availability, and time zone information.
2.2 Information Collected Automatically
- Usage data: Pages visited, time spent on pages, click patterns, session duration, and interaction with learning materials.
- Device information: Browser type, operating system, IP address, device identifiers, and screen resolution.
- Session recordings: Audio and video recordings of tutoring sessions (with consent), used for quality assurance and review.
- Location data: General geographic location based on IP address (city/region level).
2.3 Information from Third Parties
- School records: With your consent, we may receive academic transcripts, grades, and test scores from educational institutions.
- Social media: If you connect your social media accounts for registration or sharing purposes.
- Analytics providers: Aggregated usage data from services like Google Analytics.
For students under 18, we collect limited educational performance data, which may be classified as special category data under GDPR. We process this data under legitimate educational purposes and with explicit parental consent where required.
3 How We Use Your Information
We use the information we collect for the following purposes:
- Delivering tutoring services: Matching you with qualified tutors, scheduling sessions, and providing learning materials tailored to your needs.
- Personalizing your experience: Creating customized learning plans, recommending subjects, and adjusting difficulty levels based on your progress.
- Progress tracking: Monitoring academic improvement, generating progress reports, and sharing updates with parents/guardians.
- Communication: Sending session reminders, administrative updates, progress reports, and educational resources.
- Payment processing: Processing tuition payments, issuing invoices, and managing refund requests.
- Service improvement: Analyzing usage patterns to improve our platform, develop new features, and enhance content quality.
- Quality assurance: Reviewing session recordings (with consent) to ensure tutoring quality and tutor performance standards.
- Marketing (with consent): Sending promotional materials, newsletters, and special offers — only if you have opted in.
- Legal compliance: Meeting regulatory requirements, responding to legal requests, and protecting our rights.
- Safety & security: Detecting fraud, preventing abuse, and ensuring the safety of our students and tutors.
Under GDPR and applicable data protection laws, our processing is based on: (a) Contract performance — to deliver tutoring services; (b) Legitimate interests — for service improvement and security; (c) Consent — for marketing and optional features; (d) Legal obligation — for compliance requirements.
4 Information Sharing & Disclosure
BrightMinds Tutoring may share your personal information in the following specific circumstances:
4.1 Service Providers & Business Partners
We share information with trusted third-party service providers who assist us in operating our platform. These providers are contractually obligated to use your data only for the specified purpose and are prohibited from using it for their own purposes.
| Category | Examples | Data Shared | Purpose |
|---|---|---|---|
| Cloud Hosting | AWS, Google Cloud | All service data | Infrastructure |
| Video Conferencing | Zoom, custom solution | Session recordings, chat | Tutoring delivery |
| Payment Processing | Stripe | Payment details | Transactions |
| Analytics | Google Analytics | Usage patterns (anonymized) | Insights |
| Email Marketing | Mailchimp | Email, preferences | Communication |
| Customer Support | Intercom, Zendesk | Messages, account info | Support |
4.2 Tutors
To deliver tutoring services, we share relevant information with your assigned tutor(s), including:
- Student name and educational level
- Subjects and topics to be covered
- Learning goals and areas for improvement
- Scheduling preferences
- Parent/guardian contact for administrative matters
All tutors are bound by strict confidentiality agreements and may not use student information for any purpose outside of providing tutoring services.
4.3 Parents & Guardians
For students under 18, we share the following with authorized parents/guardians:
- Session attendance and scheduling information
- Academic progress reports and assessment results
- Communications from the tutor regarding the student's learning
- Billing and account information
4.4 Legal Requirements & Safety
We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency). We may also disclose information to:
- Protect the rights, property, or safety of BrightMinds Tutoring, our users, or the public.
- Investigate and defend against legal claims or threats.
- Prevent fraud, abuse, or illegal activities on our platform.
- Comply with mandatory reporting obligations (e.g., child safeguarding concerns).
4.5 Business Transfers
In the event of a merger, acquisition, restructuring, or sale of all or part of our assets, your personal information may be transferred to the acquiring entity. We will notify you of any such change and provide options regarding your data.
4.6 With Your Consent
We may share information with any third party if you have given us explicit consent to do so. For example, sharing progress reports with your school upon your request.
BrightMinds Tutoring does not sell, trade, or rent your personal identification information to third parties for marketing or any other purpose. We do not participate in any data broker activities.
5 International Data Transfers
Your information may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ from those of your jurisdiction.
Specifically:
- Our primary data processing occurs in servers located in the United States and European Union.
- Some service providers may be located in other countries.
- If you are located outside these jurisdictions and choose to provide information to us, please note that we transfer your data to and process it in these countries.
Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.
For transfers from the EEA to countries outside the EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or other appropriate safeguards as required under GDPR.
6 Cookies & Tracking Technologies
We use cookies and similar tracking technologies to track activity on our Service and hold certain information. Here's what these technologies are and why we use them:
| Cookie Type | Purpose | Duration | Can You Opt Out? |
|---|---|---|---|
| Essential | Authentication, security, session management | Session to 30 days | No |
| Functional | Remember preferences, language, region | Up to 1 year | Yes |
| Analytics | Understand how users interact with our site | 2 years | Yes |
| Marketing | Deliver relevant ads and track campaign performance | Up to 1 year | Yes |
You can set your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use all portions of our Service, including scheduling features and personalized content.
We also use the following tracking technologies:
- Web beacons/pixels: Small electronic files used to count users who have visited pages or opened emails.
- Device fingerprints: For security and fraud prevention purposes.
- Local storage: To cache content and improve performance on the device.
7 Data Security
The security of your personal information is important to us. We implement a comprehensive set of administrative, technical, and physical safeguards designed to protect your personal information from unauthorized access, disclosure, alteration, and destruction.
7.1 Security Measures
- Encryption: All data in transit is encrypted using TLS 1.3. Data at rest is encrypted using AES-256 encryption.
- Access controls: Role-based access control (RBAC) ensures employees can only access data necessary for their job functions.
- Authentication: Multi-factor authentication (MFA) is required for all staff access to student data.
- Network security: Firewalls, intrusion detection systems, and regular vulnerability assessments.
- Employee training: All employees complete mandatory data protection and security training annually.
- Audit logging: All access to personal data is logged and regularly reviewed.
- Incident response: A documented incident response plan with defined escalation procedures and 72-hour breach notification protocol.
While no method of transmission over the Internet or electronic storage is 100% secure, we adhere to industry best practices and regulatory requirements including GDPR, FERPA (where applicable), and SOC 2 Type II standards to protect your personal information.
8 Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
| Data Category | Retention Period | Legal Basis | |||
|---|---|---|---|---|---|
| Account information | Duration of account + 3 years | Contract / Legal obligation | |||
| Session recordings | 90 days after recording | Quality assurance / Consent | |||
| Progress reports | Duration of account + 7 years | Legal obligation (FERPA) | d>Payment records | 7 years | Tax / Legal requirement |
| Marketing data | Until consent withdrawn | Consent | |||
| Analytics data | 26 months | Legitimate interest |
After the retention period expires, your data will be securely deleted or anonymized so that it can no longer be associated with you.
9 Children's Privacy
BrightMinds Tutoring is committed to protecting the privacy of children. Our services are designed to be used by students of all ages, and we take special care with children's data.
9.1 Students Under 13 (COPPA Compliance)
We do not knowingly collect personal information from children under 13 years of age without verifiable parental consent. If you are a parent or guardian of a child under 13:
- You must create the account on behalf of your child.
- You will be required to provide verifiable consent for data collection.
- You retain the right to review, delete, or modify your child's information at any time.
- You may revoke consent at any time by contacting our Privacy Officer.
9.2 Students Under 18
For students between 13 and 18 years of age, we require that a parent or legal guardian create the account and manage the student's privacy settings. Parents/guardians have the following rights:
- Access and review all data collected about their child.
- Request correction of inaccurate information.
- Request deletion of their child's data (subject to legal retention requirements).
- Opt out of marketing communications.
- Control session recording and review access.
If we become aware that we have collected personal information from a child under 13 without verified parental consent, we will take steps to delete that information as soon as possible. If you believe we have done so, please contact our Privacy Officer immediately.
9.3 Safeguarding
All BrightMinds Tutoring tutors undergo comprehensive background checks. We have a strict safeguarding policy that governs tutor-student interactions, including guidelines for online sessions and communication boundaries.
10 Your Rights & Choices
Depending on your location, you may have certain rights regarding your personal data. Below is a summary of common rights under major privacy regulations:
10.1 Rights Under GDPR (EU/UK)
- Right to access: Request a copy of the personal data we hold about you.
- Right to rectification: Request correction of inaccurate or incomplete data.
- Right to erasure ("right to be forgotten"): Request deletion of your personal data, subject to certain exceptions.
- Right to restrict processing: Request limitation of how we process your data.
- Right to data portability: Receive your data in a structured, commonly used, machine-readable format.
- Right to object: Object to processing based on legitimate interests or for direct marketing purposes.
- Right to withdraw consent: Withdraw consent at any time where processing is based on consent.
- Right to lodge a complaint: File a complaint with your local data protection authority.
10.2 Rights Under CCPA/CPRA (California)
- Right to know: Request information about categories and specific pieces of personal data collected.
- Right to delete: Request deletion of personal data collected through our services.
- Right to opt out: Direct us not to sell or share your personal information (note: we do not sell data).
- Right to correct: Request correction of inaccurate personal data.
- Right to limit use: Limit the use of sensitive personal information.
- Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.
10.3 How to Exercise Your Rights
To exercise any of these rights, please contact our Privacy Officer using the information in Section 12. We will respond to verifiable requests within 30 days (extendable by 60 days for complex requests). You may also:
- Access and modify your data through your account settings dashboard.
- Unsubscribe from marketing emails using the link at the bottom of any marketing email.
- Manage cookie preferences through our cookie consent banner or browser settings.
To protect your privacy, we may need to verify your identity before processing requests. For account holders, this may involve confirming login credentials. For non-account holders, we may request additional information. We will never ask for your password.
11 Changes to This Privacy Policy
We may update our Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We encourage you to review this page periodically for the latest information.
When we make material changes, we will notify you through one or more of the following methods:
- A prominent notice on our homepage or Service dashboard
- A direct email to the email address associated with your account
- For students under 18, notification will also be sent to the parent/guardian email on file
We will indicate the "Last Updated" date at the top of this Privacy Policy. Your continued use of our Service after any changes constitutes your acceptance of the updated policy.
Significant changes will require your renewed consent where applicable, particularly for users in the EU/EEA under GDPR.
12 Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy, our data practices, or your personal information, please don't hesitate to reach out.
📬 BrightMinds Tutoring — Privacy Team
We aim to respond to all privacy-related inquiries within 48 business hours.
San Francisco, CA 94102
12.1 EU/EEA Data Subject Requests
If you are located in the European Economic Area (EEA) and wish to exercise your data protection rights, please address your request to our designated Representative:
- EEA Representative: BrightMinds Data Protection Representative, c/o Legal Department, privacy@brightminds.com
- You also have the right to lodge a complaint with your local supervisory authority. A list of EU data protection authorities is available at edpb.europa.eu.
12.2 DPO Contact
Our Data Protection Officer (DPO) is available to assist with any data protection inquiries, concerns, or complaints:
- Email: dpo@brightminds.com
- Response time: Within 30 days as required by GDPR Article 12
We take your privacy seriously and are committed to transparency. If you have any concerns at any time, our privacy team is available to assist you. We believe in building trust through open communication.