Privacy Policy

Last Updated: July 2026

TutorPortal ("the Platform", "we", "us", or "our") is committed to protecting and respecting your data privacy in strict accordance with the Protection of Personal Information Act, No. 4 of 2013 ("POPIA") of South Africa. This Privacy Policy explains how we collect, process, use, and protect personal information belonging to independent tutors, parents, and learners.


1. Information We Collect

To provide our scheduling and administrative software tracking utility, we process the following categories of personal information:

  • Tutor Data: Full name, email address, cell phone number, and banking configuration details.
  • Student/Learner Data: Full name, academic grade, and registered subjects or topics covered.
  • Parent Data: Full name and cell phone number (utilized strictly for transaction distribution).
  • Financial & Transaction Data: Session logs, duration hours, unbilled balances, calculated base costs, billing statuses, and payment totals processed.

2. Purpose of Processing Data & Shared Client Portals

We collect and process personal data exclusively to fulfill our operational function as an administrative software utility. This includes:

  • Facilitating lesson scheduling, logging hours, and tracking unpaid accounts.
  • Generating explicit, customized transaction itemization strings for distribution via WhatsApp.
  • Client Portals / Parent Views: Generating secure, read-only, non-sequential unguessable URLs (UUIDs) that allow parents/guardians to review localized calendar views and session logs specifically tied to their child's student record.
  • Routing secure credit card payment compilation requests directly from invoice links and client portal instances to our payment gateway infrastructure provider.
  • Populating analytical dashboard charts regarding monthly hours and income breakdown.

We do not use your data for marketing profiling, and we will never sell, rent, or trade personal data to third-party marketing firms.

3. Third-Party Infrastructure Operators & Data Isolation

To host and run our scalable digital infrastructure securely, data is safely passed to and processed by our verified third-party technology providers:

  • Supabase (Data Storage): Personal records and transaction indices are housed within a cryptographically isolated cloud hosting environment utilizing strict Row-Level Security (RLS) policies. Read-only permissions for Client Portals are heavily constrained via strict database filtering schemas to ensure parents can only query data matching their exact, encrypted link token.
  • Paystack (Payment Processing): Payment flows are handled directly by Paystack's secure, PCI-compliant infrastructure. TutorPortal does not store or see credit card credentials.
  • Vercel (Application Hosting): The user interface and encrypted transmission routes run over forced HTTPS connections.

4. Client View Link Security Advisory

Because Client Portals rely on a secure token contained within the unique link string rather than a standard email password prompt, the user (parent/guardian) acknowledges that the confidentiality of the link rests entirely in their custody. If a link is forwarded or shared with a third party, that third party will be able to view the associated read-only student logs. You may request your tutor to reset or re-issue your profile identifiers if a leak is suspected.

5. Your Rights Under POPIA

In terms of Section 24 of POPIA, all users possess the "Right to be Forgotten" and may request the absolute deletion or correction of their personal data assets. Requests for complete workspace deactivation and account purges can be directed to our database system deletion routines by canceling your account.