STEMConnectsSTEMConnects

Privacy Policy

Last updated: March 8, 2026

1. Introduction

STEMConnects ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our online tutoring platform. By using STEMConnects, you consent to the practices described in this policy.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, password, and role (student or tutor).
  • Profile Information: Avatar, bio, education history, qualifications, and teaching experience (tutors); grade level, school name, and learning goals (students).
  • Parent/Guardian Information: Parent or guardian name, email, and phone number for minor students.
  • Payment Information: Billing details processed securely through Stripe. We do not store full credit card numbers on our servers.
  • Communications: Messages sent through our in-app messaging system and session materials you upload.
  • Tutor Application Materials: Resumes, transcripts, certifications, and background check information.

2.2 Information Collected Automatically

  • Device Information: IP address, browser type, operating system, and device identifiers for security purposes.
  • Usage Data: Pages visited, features used, session timestamps, and interaction patterns.
  • Login Events: Login timestamps, IP addresses, and device fingerprints to detect unauthorized access.

3. How We Use Your Information

  • Provide and maintain our tutoring platform services.
  • Match students with appropriate tutors based on subject and availability.
  • Process payments and manage tutor payouts.
  • Send booking confirmations, session reminders, and account notifications.
  • Enforce our Terms of Service and protect against fraud or abuse.
  • Improve our platform through aggregated, anonymized analytics.
  • Respond to support requests and communicate important updates.

4. Data Sharing

We do not sell your personal data. We share information only in the following circumstances:

  • Between Users: Tutor profiles are visible to students for search and booking. Student names and session details are shared with their booked tutors.
  • Service Providers: We use trusted third-party services including Stripe (payments), Supabase (data storage and authentication), Zoom (video conferencing), and Resend (email delivery).
  • Legal Requirements: We may disclose information when required by law, court order, or to protect rights, safety, or property.

5. Data Security

We implement industry-standard security measures including encrypted connections (TLS), two-factor authentication (TOTP MFA), rate limiting, account lockout protections, and comprehensive audit logging. While no system is 100% secure, we take reasonable steps to protect your data from unauthorized access, alteration, or destruction.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Update or correct inaccurate personal data through your profile settings.
  • Deletion: Request deletion of your account and personal data. Some data may be retained for legal or financial obligations.
  • Data Portability: Export your personal data in a machine-readable format (JSON).
  • Withdraw Consent: Opt out of non-essential communications at any time.

To exercise these rights, visit your Account Settings or contact us at privacy@stemconnects.com.

7. GDPR Compliance (EEA Users)

If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases:

  • Contract Performance: Processing necessary to provide our tutoring services.
  • Legitimate Interests: Platform security, fraud prevention, and service improvement.
  • Consent: Optional marketing communications and non-essential cookies.
  • Legal Obligation: Tax records, financial reporting, and regulatory compliance.

EEA users have additional rights including the right to lodge a complaint with a supervisory authority and the right to restrict processing. Data transfers outside the EEA are protected by appropriate safeguards.

8. FERPA Compliance (U.S. Education Records)

STEMConnects recognizes the importance of student education privacy under the Family Educational Rights and Privacy Act (FERPA). When we handle education records:

  • Session history, learning goals, and academic progress are treated as education records.
  • We do not disclose education records to third parties without consent, except as permitted by law.
  • Parents or guardians of minor students may request access to their child's education records.
  • Students aged 18 and older control access to their own education records.

For FERPA-related requests, contact privacy@stemconnects.com.

9. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. After account deletion, we anonymize personal data but may retain anonymized transaction records for financial and legal compliance (typically 7 years for tax purposes). Audit logs are retained for security purposes for up to 2 years.

10. Children's Privacy

STEMConnects serves students of various ages, including minors. For students under 18, we require parent or guardian contact information during registration. We do not knowingly collect personal data from children under 13 without verifiable parental consent. If you believe a child under 13 has provided us with personal data without parental consent, please contact us immediately.

11. Data Processing Agreement

For detailed information about how we process data on behalf of our users, including our sub-processors, security measures, and breach notification procedures, please review our Data Processing Agreement.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a prominent notice on our platform. Your continued use of STEMConnects after changes take effect constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us: