Privacy Policy

Last updated: February 23, 2026

1. Introduction

Zutor ("we", "us", "our") operates the website zutor.app. This Privacy Policy explains how we collect, use, and protect your personal information when you use our Service.

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

Zutor
Amsterdam, the Netherlands
Email: support@zutor.app

3. Information We Collect

Information you provide:

Account data: name, email address, password
Student data: names, contact details, subjects, lesson notes, and payment records you enter into the Service
Payment data: processed and stored by our payment partner Paddle. We do not store your credit card details.
Communications: emails or messages you send to our support team

Information collected automatically:

Usage data: pages visited, features used, session duration
Device data: browser type, operating system, screen resolution
Cookies: essential cookies for authentication and session management

4. How We Use Your Information

We use your information to:

Provide and maintain the Service
Process subscriptions and payments (via Paddle)
Send transactional emails (account confirmation, password reset)
Send lesson reminders (email and/or Telegram, if enabled by you)
Improve the Service based on usage patterns
Respond to support requests

We do not use your information to:

Sell your data to third parties
Send unsolicited marketing emails (unless you opt in)
Build advertising profiles

5. Legal Basis for Processing (GDPR)

Contract: processing necessary to provide the Service you signed up for
Consent: optional features like Telegram reminders and marketing emails
Legitimate interest: improving the Service, preventing fraud

6. Data Sharing

We share your data only with:

Paddle — payment processing (as Merchant of Record)
Email service provider — for transactional emails (reminders, account notifications)
Hosting provider — for storing and serving the application

We do not sell, rent, or trade your personal information. All third-party providers are bound by data processing agreements.

7. Data Retention

Your data is retained for as long as your account is active.
If you delete your account, your data is permanently deleted within 30 days.
Payment records may be retained for up to 7 years for legal and tax compliance.

8. Your Rights (GDPR)

You have the right to:

Access your personal data
Rectify inaccurate data
Delete your account and data
Export your data (available via CSV export in the Service)
Restrict processing of your data
Object to processing based on legitimate interest
Withdraw consent at any time for optional features

To exercise any of these rights, contact us at support@zutor.app.

9. Cookies

We use only essential cookies required for the Service to function:

Session cookie: keeps you logged in
CSRF token: protects against cross-site request forgery

We do not use tracking cookies, advertising cookies, or analytics cookies that identify individual users.

10. Data Security

We protect your data with:

HTTPS/TLS encryption for all connections
Encrypted passwords (bcrypt hashing)
Regular security updates
Access controls limiting who can access production data

11. International Transfers

Your data is stored on servers in the EU. If data is transferred outside the EU, we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses).

12. Children's Privacy

The Service is not intended for children under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at support@zutor.app.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The "Last updated" date at the top indicates the latest revision.

14. Contact

For privacy-related questions or requests:

Email: support@zutor.app
Website: https://zutor.app