Privacy Policy
Welcome to TutorCreates operated via tutorcreates.com, and managed by Jupiter Castle Unipessoal LDA ("we", "us", or "our"). We are committed to protecting your privacy and respecting your data rights. This Privacy Policy explains how we handle, store, and protect your personal information in accordance with global data protection regulations.
Table of Contents
Who we are
Information we collect and use
Data Sharing and Disclosure
Cookies and third parties
Data Retention
Cross-Border Data Transfer
Protection and safeguard of your personal data
You Rights
Breach Notification
Changes to This Policy
Contact Information
Who We Are
Company: Jupiter Castle Unipessoal LDA
Location: Startup Santarém, Largo do Infante Santo, CIES - Centro de Inovação Empresarial de Santarém Sala 12, 2005-246 Santarém, Portugal
Tax Number: 517798590
Social Capital: 5,000 EUROS
Information we collect and use
When you access the Tutor Creates platform, we collect certain essential technical information to ensure the proper functioning and security of our website. This information includes:
- IP Address (Internet Protocol address): Your device's IP address, which helps us identify your device and approximate geographic location.
- User-Agent: Information about your browser and its version, which assists us in optimizing the website's performance and compatibility with different browsers and devices.
- Accept-Language: Your browser's language preferences, which help us deliver content in your preferred language.
- Referrer: The URL of the previous web page from which you accessed our website, aiding us in understanding how users find our website.
- Cookies: Small text files stored on your device that are essential and strictly necessary for website functionality, we do not use cookies for tracking.
- Connection Information: Details about your network connection, such as whether it's via HTTPS, and the supported encryption methods, ensuring secure communication between your device and our server infrastructure.
We collect this information as it is essential for establishing a technical connection between your device and our server infrastructure. Without this information, you may be unable to access our website.
When you login to your account via email, we collect your email address for the account creation and communication purposes.
When you log in to your account using your Google account credentials, we utilize the Google API for authentication purposes. This process involves the exchange of certain data to verify your identity and grant you access to our service. Email Address: Your email address associated with your Google account, which serves as a unique identifier for authentication purposes. Name: Your name as provided by your Google account, assisting in personalizing your user experience within our service. Profile Picture (if available): While we have the capability to access your profile picture through the Google API, we do not store this information. The data collected via the Google API, including your email address and name, is exclusively utilized for authentication purposes and communication with you. This enables us to verify your identity and facilitate your access to our service securely. We do not store your profile picture or any other data obtained through the Google API beyond the authentication process. Your email address and name is stored securely within our system to maintain your account and enable you to access our services.
When you contact us, we collect and utilize data from your communication for the purpose of providing our services. We use it solely for the provision of our services. This may include but is not limited to addressing your inquiries, providing support, and fulfilling service-related requests. Communication data may include information provided via email, chat, telephone, or other means of correspondence. This may encompass details such as your name, contact information, inquiry details, and any other information necessary to address your communication effectively.
Data Sharing and Disclosure
We do not share, sell, rent, or trade user information with third parties for their commercial purposes.
We share your personal information only when we have your consent.
Access to your data is strictly controlled according to the principle of "need to know." We have established Data Processing Agreements (DPAs) with each service provider to ensure that your data is handled in compliance with the General Data Protection Regulation (GDPR) and other relevant privacy regulations.
Groq: We use Groq API for assessments generation. When you are generating assessments, data processing follows privacy standards of Groq.
Postmark: We use Postmark to manage transaction email transmission (like for example, access code during login).
Mailchimp: We use Mailchimp to facilitate newsletter distribution and provide you with updates about our services.
Sentry: We use Sentry to assist in error tracking and performance monitoring of our services. It collects data such as device IP address, device name, operating system, and browser version to help diagnose and resolve issues, this data collection just happens when you have a technical issue within our platform.
InvoiceExpress: We utilize InvoiceExpress to issue invoices. We share necessary data with them to fulfil our legal obligations.
Stripe: We use Stripe to handle securely payment processing. Stripe collects and processes data necessary to process your payment.
Google API: If you chose to login with Google account. Google will process your email address, name, and profile picture if applicable and we will use them solely for the authentication purposes.
Fly.io: Hosts our platform and provides global server infrastructure, allowing us to serve data from the closest location to our users. We have implemented appropriate safeguards to ensure the secure transfer of data across borders. These safeguards include encryption during the data transfer and data backups.
Analytics: We use SimpleAnalytics, which neither tracks individual users, nor employs cookies, thus respecting your privacy.
In addition, we may provide information to third parties to the extent and for the purpose required by law.
Cookies and third parties
A cookie is a small piece of data a website stores on your computer or mobile devices when you visit the site. Cookies are divided in two types:
- First party cookies, these cookies are set by the website you are currently visiting, and only that website can read them. Additionally, the website may utilize external services that set their own cookies, known as third-party cookies.
- Persistent cookies, these are the cookies that remain on your device even after you close your browser. They are not automatically deleted. Conversely, session cookies are deleted when you close your browser.
At Tutor Creates, we prioritize your privacy and only use essential cookies that are strictly necessary for the functionality of our website. We do not utilize cookies for tracking purposes.
We use the following cookies:
Name | Service | Purpose | Cookie type and duration |
---|---|---|---|
_auth | Authentication | To know if the user is authenticated to the platform | Persistent cookies, 7 days |
csrf | Security | To safeguard your interaction with our services against cyberattacks | Persistent cookies |
toast-session | Alerts | To display success or error message when you perform an action in the platform. | Persistent cookies |
Tutor Creates website may provide links to the third-party websites. In order to use their content, you may need to agree and accept their terms and conditions and cookie policies over which we exercise no control.
Data Retention
We retain your data for the time necessary to fulfill the provision of services, namely until you delete your account. Upon deleting your account, data deletion results in immediate removal from active systems, with residual data securely deleted from backups after 30 days.
We are required by law to retain invoices for a period of 10 years, as per Portuguese tax regulations. We use InvoiceExpress, a third-party invoicing software certified by the Portuguese tax authorities, to issue invoices on our behalf. In order to fulfil our legal obligations, we share necessary data with InvoiceExpress, who acts as a data processor on our behalf.
Cross-Border Data Transfer
We use Fly.io's global server infrastructure to provide fast and reliable access to our platform. This means that your data may be transferred across borders to servers located in different regions. We have implemented appropriate safeguards to ensure the secure transfer of data, including encryption and access controls, to protect your data during transit.
Protection and safeguard of your personal data
We have implemented a number of organizational and technical measures to protect your personal data.
Organizational measures
contain restriction of access to the personal data, including multi-factor authentication, to ensure only authorized personnel can access your data, and only on a “need to know” principle.
Technical measures
involve implementing appropriate actions to address online security, potential data loss, data alteration, or unauthorized access, while considering the risks associated with processing and the characteristics of the personal data being processed.
Industry-Standard Encryption: Data is encrypted at rest and in, ensuring that all backups are secure for up to 30 days followed by immediate deletion.
Regular Security Updates and Audits: We constantly monitor and update our platform to ensure the latest security patches and best practices are applied.
SSL Certificates: Our website uses SSL certificates for encrypted communications.
We comply with General Data Protection Regulation in the EU Member States (Regulation (EU) 2016/679) and are committed to align with global data protection laws, ensuring that your rights are respected and upheld regardless of location.
Your Rights
You have specific set of rights as a “data subject” under Chapter III (Articles 15 - 22) of Regulation (EU) 2016/679, regarding your personal data, including: right to access your personal data, to rectify it in case your personal data in incomplete or inaccurate. Where applicable, you have also the right to restrict the processing of your personal data, object to processing, the right to erase your personal data, and the right to data portability.
Data deletion results in immediate removal from active systems, with residual data securely deleted from backups after 30 days.
You have the right under Chapter II (Article 7(3)) of Regulation (EU) 2016/679 to withdraw your consent to process your data at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
You can exercise these rights via the platform’s Settings, by notifying the Data Controller or by contacting the Data Protection Officer (please refer to the Contact Information section).
Breach Notification
In the event of a data breach, we will notify you and the relevant authorities within 72 hours after having become aware of the breach. We will take immediate action to contain and remediate the breach.
Changes to This Policy
This policy may be updated to reflect changes in legal standards, our data practices, or feedback from users. Changes will be posted on our platform, and we encourage regular review. We will notify you of any material changes to this Privacy Policy the email associated with your account. You are obliged to review the changes.
By continuing to use our services after any updates to this Privacy Policy, you acknowledge and agree to the revised terms. If you do not agree with the updated Privacy Policy, you should cease using our services and contact us for further assistance.
Contact Information
For questions regarding this privacy policy or our data handling practices, please contact us at support @ tutorcreates.com.
For questions related to the processing of your personal data under Regulation (EU) 2016/679, you may contact our Data Protection Officer is Liudmyla M., who can be contacted at liudmyla @ jupitercastle.pt.
This privacy policy was last updated on 10/05/2024.