Privacy Policy

Last updated: 4 May 2026

Tutorly ("we", "us", "our") is operated by Sana Malik, a sole trader based in the United Kingdom. This Privacy Policy explains how we collect, use, and protect your personal information when you use the Tutorly mobile application (the "App").

We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Information we collect

1.1 Account information

When you sign in with Apple, we receive:

• A unique Apple-provided user identifier
• Your name (if you choose to share it)
• Your email address (or Apple's private relay email if you choose to hide your real email)

1.2 Voice data

During tutoring sessions, your voice is captured by your device's microphone and transmitted in real time to OpenAI's Realtime API for processing. We do not store voice recordings on our servers.

1.3 Usage data

We track, in our database:

• Number of tutoring sessions you have started each day
• Total session duration per day (for tier enforcement)
• Subscription status and expiry date (if you subscribe to Tutorly Pro)

1.4 Device and technical information

Apple's App Store provides us with anonymous, aggregate analytics about app installations, crashes, and version usage. We do not link this data to your account.

2. How we use your information

• To provide and operate the tutoring service
• To authenticate your account and secure access
• To enforce free, trial, and Pro tier limits
• To process subscription payments via Apple's In-App Purchase system
• To respond to your support requests
• To comply with legal obligations

3. Third-party processors

We use the following third-party services to operate Tutorly:

• Apple Inc. — Sign in with Apple, App Store, In-App Purchase processing. Subject to Apple's Privacy Policy.
• OpenAI, L.L.C. — Real-time AI voice processing. Voice audio is sent to OpenAI's Realtime API for transcription and response generation. Subject to OpenAI's Privacy Policy. OpenAI does not use API data to train their models by default.
• Vercel Inc. — Backend hosting and infrastructure. Servers located in EU (London region).
• Upstash Inc. — Database (Redis) for storing user accounts and usage data.

4. Data location and transfers

Our backend infrastructure is hosted in the European Union (London region). Voice processing by OpenAI may take place in the United States. Where personal data is transferred outside the UK, we rely on standard contractual clauses or other lawful safeguards approved by the UK Information Commissioner's Office.

5. Data retention

• Account data is retained while your account is active.
• Usage data (daily session counts) is retained for 48 hours, then automatically deleted.
• Voice data is processed in real time and not stored by us. OpenAI may retain processing logs for up to 30 days for abuse prevention.
• If you delete your account, all associated data in our systems is removed within 30 days.

6. Your rights under UK GDPR

You have the right to:

• Access a copy of the personal data we hold about you
• Rectify inaccurate personal data
• Erase your data ("right to be forgotten")
• Restrict or object to certain processing
• Withdraw consent at any time
• Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk

To exercise these rights, email us at tutorlyAI_app@outlook.com. We will respond within one month.

7. Children's privacy

Tutorly is intended for users aged 13 and over. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at tutorlyAI_app@outlook.com and we will promptly delete the information.

Users between 13 and 16 should obtain parental or guardian consent before signing up.

8. Security

We protect your data using industry-standard measures:

• All data is transmitted over encrypted TLS connections
• API keys and secrets are stored in encrypted environment variables, not in source code
• Database access requires authenticated tokens
• Authentication tokens are stored in your device's secure Keychain

9. Cookies and tracking

The Tutorly mobile app does not use cookies or tracking technologies. We do not engage in advertising or sell your data to third parties.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the App or by email. Continued use after a change constitutes acceptance of the updated policy.

11. Contact us

If you have questions or concerns about this Privacy Policy or our data practices:

Sana Malik (sole trader)
Email: tutorlyAI_app@outlook.com