Legal

Privacy Policy

Last updated: April 20, 2026 · Version 2026-04-20

This Privacy Policy explains how Tutro, Inc. (“Tutro”, “we”, “us”, “our”) collects, uses, discloses, stores, and protects personal information when you use tutro.ai, app.tutro.ai, or any other Tutro website, application, or service (collectively, the “Service”). It applies alongside our Terms of Service.

Tutro is headquartered in Ontario, Canada and is subject to Canada’s federal Personal Information Protection and Electronic Documents Act(PIPEDA). Where applicable, we also comply with the U.S. Children’s Online Privacy Protection Act (COPPA), and with other jurisdictions’ privacy laws where the Service is made available.

1. Information we collect

We collect the minimum information needed to run the Service. Categories:

  • Account data. Your email address, password (hashed, never stored in plaintext), full name (optional), and any preferences you set (language, timezone, notification preferences). If you sign in with Google or another identity provider, we receive your email, name, and profile image.
  • Learner-profile data.If you create learner profiles (for yourself or your children), we collect each learner’s display name, grade level, avatar emoji or uploaded image, and (optionally) an email and password if you opt into a full login for a learner aged 13 or older.
  • Prompt and upload data. The prompts you type, and the files you upload (photos, PDFs, PPTX slide decks). We pass these to AI providers so they can build a lesson.
  • Generated content. Lesson plans, narrations, keyframe diagrams, quizzes, voice-tutor transcripts, and any videos or audio we render for you.
  • Usage data. Quiz attempts, scores, progress, streaks, XP, credits spent, lessons watched, pages visited, feature interactions, device type, IP address, and approximate location inferred from IP. Collected to run the Service, detect abuse, and improve the product.
  • Billing data. Subscription status and plan tier are stored by Tutro; full credit-card numbers are handled by Stripe and never stored on Tutro servers.
  • Communications. Emails we send you (delivery metadata and content), any messages you send our support inbox, and any feedback you provide.
  • Cookies and similar. A small set of essential cookies used for login, session management, the active-learner picker, and the kid-magic-link session. We do not run third-party advertising cookies.

2. Why we collect it (purposes and legal bases)

We use personal information only for the following purposes, each tied to a PIPEDA-compatible basis (usually: your consent, or the performance of the contract embodied in our Terms of Service):

  • Creating and maintaining your account and learner profiles.
  • Generating lessons, quizzes, and voice-tutor responses based on your prompts and uploads.
  • Tracking progress, streaks, and gamification metrics.
  • Processing payments, preventing fraud, and complying with our tax and accounting obligations.
  • Sending transactional email (e.g. “your lesson is ready”, password resets), and — if you opt in — non-essential email such as the weekly family digest.
  • Debugging, securing, and improving the Service (including aggregated analytics in which individual learners are not identifiable).
  • Complying with legal obligations and enforcing our Terms of Service.

We do not sell or rent personal information, and we do not use personal information for third-party advertising, behavioural profiling, or to train our own AI models without your explicit consent.

3. AI processing and accuracy

The Service uses third-party AI models to generate lesson plans, diagrams, narration, quizzes, and voice-tutor conversations. Text prompts, uploaded files, and limited context about your account (such as grade level) are transmitted to those providers so they can return a result. Current providers include Anthropic, Google (Gemini, text-to-speech), OpenAI, and ElevenLabs. Each provider handles data under its own agreement with Tutro and its own privacy policy; we use providers that contractually commit not to train their models on your content.

AI-generated content may be inaccurate, out of date, or fabricated. You are responsible for verifying anything important before relying on it. See Section 2 of our Terms of Service for the full AI disclaimer.

4. How we share information

We share the minimum necessary data with the following categories of processors, each under a written agreement that binds them to use the data only for the purposes we set:

  • Hosting and database — Supabase (PostgreSQL, authentication, file storage) and Vercel (web hosting).
  • AI providers — Anthropic, Google, OpenAI, and ElevenLabs, used to generate content.
  • Email delivery — Resend, used for transactional email and (with opt-in) digest email.
  • Payments — Stripe, used to process subscriptions and top-ups.
  • Analytics — Google Analytics on the marketing site (aggregated traffic metrics; no personally identifiable information).

We may also disclose personal information when required by law, in response to a valid legal process, to protect our rights or the safety of our users, or as part of a merger, acquisition, or asset transfer (in which case this Policy continues to apply or you will be given notice).

5. Where we store data

Tutro primary database and storage are hosted in North America (currently in U.S. East-1 with Supabase). Some AI providers may process your prompts in the U.S. or in other jurisdictions covered by the provider’s agreement. By using the Service you consent to the transfer of your personal information to, and its storage and processing in, those jurisdictions. We require our processors to maintain security and privacy standards at least as protective as those applicable under PIPEDA.

6. Retention

We keep your personal information for as long as your account is active and for a reasonable period afterwards to comply with legal obligations, resolve disputes, and enforce our agreements. Specifically:

  • Account and learner profile data: retained until you delete your account, then purged within 30 days (excluding anonymized aggregate metrics).
  • Lesson uploads, generated content, and quiz history: retained for as long as the associated lesson exists. Deleting a lesson from the archive purges its diagrams, audio, and source uploads from our storage immediately.
  • Billing and tax records: retained for the period required by Canadian tax law (currently 6 years).
  • Server logs: retained for up to 90 days for security and debugging.

7. Security

We take reasonable technical and organizational measures to protect personal information: encryption in transit (TLS 1.2+), encryption at rest for files and database backups, row-level security policies on every sensitive table, hashed passwords, signed session cookies, scoped API keys for AI providers, and access controls for the small team that administers the Service. No system is perfectly secure, so we cannot guarantee absolute security. If we become aware of a breach that puts your personal information at material risk of harm, we will notify you and the Office of the Privacy Commissioner of Canada as required by PIPEDA.

8. Kids, parents, and guardians

Tutro is designed to be safe for learners of all ages, but direct accounts are only available to users who are 13 or older. For younger learners:

  • A parent or legal guardian may create a learner profile for a child under their parent account. The only information we collect about that child is what the parent types: display name, grade level, avatar emoji.
  • A parent may issue a magic-link session that lets the child sign in on any device by URL — without a Tutro account or password. No email or other personal contact information is collected from the child.
  • A parent may grant a child 13+ a full login with email and password, but only after affirming parental consent in the family page. We record the timestamp and the parent’s user ID as evidence of that consent.
  • Parents can review, export, correct, or delete any learner profile or learner account at any time from the family page.

We will not knowingly collect personal information directly from a child under 13 except through the mechanisms above, which are governed by the parent’s consent. If you believe a child has provided information to us without parental consent, please email privacy@tutro.ai and we will investigate and delete the information.

9. Your rights

Under PIPEDA and comparable laws you have the right to:

  • Access the personal information we hold about you.
  • Correct information that is inaccurate or incomplete.
  • Deleteyour account and associated data (from Settings → Privacy & data, or by emailing us).
  • Export your data in a portable format.
  • Withdraw consent for any non-essential processing at any time. Withdrawing consent for essential processing will mean we can no longer provide the Service.
  • Object to certain processing, or ask us to restrict it, where applicable law permits.
  • Lodge a complaint with a privacy regulator — in Canada, the Office of the Privacy Commissioner of Canada. We’d love the chance to address your concerns directly first.

10. Email preferences

We send two categories of email: transactional (account verification, password reset, lesson ready, moderation notices, billing receipts) and non-essential (streak reminders, weekly digests, re-engagement, community activity). Non-essential email is opt-out controllable from Settings → Email preferences. Every non-essential email also includes an unsubscribe link as required by Canada’s Anti-Spam Legislation (CASL).

11. Changes to this Policy

We may update this Policy from time to time. If we make material changes we will notify you by email or in-app at least 14 days before they take effect, and we will update the “Last updated” date and the version number above. Continued use of the Service after the effective date constitutes acceptance of the updated Policy.

Contact

Tutro, Inc. — Privacy Office
Toronto, Ontario, Canada
privacy@tutro.ai