Privacy Policy — Purkinje Lab

1. Information We Collect

Account information: name, .edu email address, school name, academic year, and profile photo. If you choose to add it, we may store an optional US state on your profile to support location-relevant features (for example, matching optional geo-targeted tutor promotions in search). Tutor-specific: bio, subjects, hourly rate, Step score (optional), and verification documents (student ID photo). Payment information: processed and stored by Stripe — we do not store credit card numbers or bank account details on our servers. Usage data: pages visited, sessions booked, and interactions with the Platform.

2. How We Use Your Information

We use your information to: provide and maintain the Platform; process bookings and payments; send transactional emails (booking confirmations, payment receipts); display tutor profiles to students; verify tutor identity and qualifications; and improve the Platform.

3. Information Sharing

We share your information with: Stripe for payment processing; Resend for transactional emails; Supabase for data storage and authentication; and Vercel for hosting and analytics. We do not sell your personal information to third parties.

4. Data Storage

Your data is stored in Supabase (hosted on AWS). Profile photos and verification documents are stored in Supabase Storage. All data is encrypted in transit (TLS) and at rest.

5. Cookies

We use essential cookies for authentication and session management. We use Vercel Analytics for aggregate usage statistics — this does not use cookies and does not track individual users across sites.

6. Your Rights

You may: access your personal data through your account settings; update your information at any time; request deletion of your account and associated data; and opt out of non-essential email notifications through notification preferences.

7. Data Retention

We retain your data for as long as your account is active. In-app notification events are automatically deleted after 7 days. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., payment records for tax compliance).

8. Security

We implement industry-standard security measures including: row-level security policies on all database tables; encrypted connections (HTTPS/TLS); secure authentication via Supabase Auth; and role-based access control.

9. Children's Privacy

The Platform is intended for users 18 and older. We do not knowingly collect information from children under 18.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email or an in-app notification.

11. Contact

For privacy questions or data requests, contact us at privacy@purkinjelab.com.