Book a FREE Trial

Legal

Privacy Policy

Effective date:  ·  Last updated:

At Brainza Inc. ("Brainza", "we", "our", or "us") we are committed to protecting your privacy. This Policy explains what personal data we collect when you use brainza.ca and our 1-on-1 online tutoring platform, why we collect it, and the choices you have.

1. Information We Collect

Account & Identity

When you register we collect your name, email address, and the role you choose (student or tutor). Authentication is handled by Clerk; you may sign in with Google, Apple, or email. We never store your password.

Profile Information

Tutors may provide a biography, subject specialisms, hourly rate, and a profile photo. Students may provide their year group and learning goals. This information is displayed within the platform to facilitate bookings.

Session & Booking Data

We record scheduled sessions, their status (upcoming, completed, cancelled), and duration in order to manage your calendar and process invoices.

Messages & Files

Real-time chat messages exchanged during or between sessions are stored in our database. Files shared through the platform (worksheets, notes, assignments) are stored in encrypted cloud storage.

Usage Data

We automatically collect information about how you interact with the platform: browser type and version, device type, operating system, pages visited, and timestamps. This data is collected in aggregate and is used only for product improvement.

Payment Data

Billing is handled by Stripe. We never store raw card numbers. We receive and retain transaction IDs, invoice amounts, and payment status in order to support your billing history.

2. How We Use Your Information

  • Provide, operate, and improve the Brainza platform and its features.
  • Match students with tutors and facilitate session bookings.
  • Send booking confirmations, reminders, and cancellation notices via email.
  • Process payments and issue invoices on behalf of tutors.
  • Respond to your support requests and troubleshoot issues.
  • Detect and prevent fraud, abuse, or violations of our Terms of Service.
  • Comply with legal obligations and enforce our agreements.
  • Analyse platform usage in aggregate to make product decisions.

We do not sell your personal data. We do not use your data to serve third-party advertising.

3. Sharing & Disclosure

We share your data only in the following circumstances:

  • Service providers — We use trusted third-party processors (Clerk for auth, Stripe for payments, Daily.co for video, Cloudflare R2 for file storage, Resend for email, and MongoDB Atlas for the database). Each provider is bound by a data-processing agreement.
  • Other platform users — Your profile information visible to the other party in a session (e.g. a student's name is visible to their booked tutor, and vice versa).
  • Legal requirements — We may disclose information when required by law, court order, or to protect the rights, property, or safety of Brainza, its users, or the public.
  • Business transfers — In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a materially different privacy policy.

4. Video Sessions & Recordings

Live 1-on-1 sessions are delivered via Daily.co. Video and audio are transmitted peer-to-peer where network conditions allow. Sessions are not recorded by default.

If a recording feature is made available in the future, both participants will be notified and must consent before a recording begins. Any recordings would be stored in encrypted private cloud storage and accessible only to the session participants.

5. Payments

All payment processing is handled securely by Stripe. Your card details are entered directly into Stripe's PCI-DSS-compliant forms and never touch our servers. We store only the Stripe customer ID, invoice reference, amount, currency, and payment status needed for your billing history and tutor payouts.

Invoices are generated by Brainza administrators and sent to you via Stripe. You can view your invoice history at any time inside your account.

6. Cookies & Tracking

We use the following types of cookies:

  • Strictly necessary — Session tokens set by Clerk to keep you signed in. These cannot be disabled without breaking authentication.
  • Functional — Small preferences stored in localStorage (e.g. UI state). No personally identifiable data.
  • Analytics — Aggregate, anonymised usage data to understand how the platform is used. No cross-site tracking is performed.

We do not use advertising cookies or share cookie data with ad networks.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with our services. Specifically:

  • Account data — Kept until you delete your account, plus a 30-day recovery window.
  • Chat messages & uploaded files — Kept for 2 years after the associated session, then permanently deleted.
  • Payment records — Retained for 7 years to satisfy financial and tax regulations.
  • Server logs — Automatically purged after 90 days.

After the applicable retention period, data is permanently deleted or anonymised so it can no longer be linked to you.

8. Your Rights

Depending on your jurisdiction you may have the following rights regarding your personal data:

  • Access — Request a copy of the personal data we hold about you.
  • Correction — Ask us to correct inaccurate or incomplete data.
  • Erasure — Request deletion of your account and associated data (subject to legal retention requirements).
  • Portability — Receive your data in a structured, machine-readable format.
  • Objection — Object to processing based on legitimate interests.
  • Restriction — Ask us to limit how we use your data while a complaint is resolved.
  • Withdraw consent — Where processing is based on consent, withdraw it at any time without affecting past processing.

To exercise any of these rights, email us at support@brainza.ca. We will respond within 30 days. If you believe we have not addressed your concern adequately, you have the right to lodge a complaint with your local data protection authority.

9. Children's Privacy

Brainza's platform is intended for users aged 13 and over. Users under 13 may not create accounts. If a student is under 18, a parent or guardian must agree to these terms on their behalf and may contact us to review or delete their child's data.

If we become aware that we have inadvertently collected personal data from a child under 13 without appropriate consent, we will delete it promptly. Contact us at support@brainza.ca if you believe this has occurred.

10. Security

We implement industry-standard safeguards including TLS encryption in transit, encryption at rest for stored files, role-based access controls, and regular dependency security audits. No method of transmission over the Internet is 100% secure, but we continuously work to protect your information.

If you discover a potential security vulnerability, please disclose it responsibly by emailing support@brainza.ca rather than posting it publicly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For material changes, we will notify you by email or by placing a prominent notice on the platform at least 14 days before the change takes effect.

Your continued use of Brainza after changes take effect constitutes your acceptance of the updated Policy.

12. Contact Us

If you have questions, concerns, or requests about this Privacy Policy or the data we hold, please reach out:

Brainza Inc.
Privacy Enquiries
support@brainza.ca

We aim to respond to all privacy-related enquiries within 5 business days.

Back to Home