Brill Tutor Privacy Policy

1. Introduction

Welcome to Brill Tutor, an AI-powered standardized test preparation platform. This Privacy Policy explains how Brill Tutor ("we," "our," or "us") collects, uses, protects, and shares information when you use our standardized test preparation service (the "Service").

We are committed to protecting your privacy and ensuring you own and control your educational data. This policy describes our practices in clear, understandable language and explains your rights regarding your information.

Our Service provides:

• 2,000+ standardized test practice questions across Math and Reading & Writing
• 15+ full-length adaptive practice exams
• AI tutor assistance with personalized hints and explanations
• Performance analytics and progress tracking
• Targeted skills practice and quick practice modes

2. Information We Collect

We limit our data collection to what is necessary to provide you with an excellent standardized test preparation experience. Here's exactly what we collect:

Account Information

When you create an account, we collect:

• Email Address: Used for account access and communication
• Password: Encrypted and securely stored

Educational Data and Performance Information

To provide personalized standardized test preparation, we collect:

• Practice Session Data: Your answers to practice questions, response times, and completion status
• Performance Analytics: Accuracy rates, strengths/weaknesses analysis, and progress over time
• Study Preferences: Difficulty level selections, subject focus areas, and practice modes used
• AI Tutor Interactions: Questions asked to our AI tutor and explanations provided (to improve service quality)
• Test Results: Scores from practice exams and module performance data

Usage and Technical Information

To ensure our service works properly, we automatically collect:

• Usage Patterns: Features used, time spent on platform, navigation paths
• Session Data: Login times, duration of study sessions

Payment Information (via Stripe)

For subscription management:

• Billing Information: Processed securely through Stripe (we never store full payment card details)
• Subscription Status: Plan type, billing cycle, subscription status
• Transaction History: Payment confirmations and billing records

Communications and Feedback

When you contact us:

• Support Inquiries: Questions, technical issues, and our responses
• Feedback: Suggestions, bug reports, and feature requests
• Email Communications: Our responses to your inquiries

3. How We Use Your Information

We use your information solely to provide, improve, and personalize your standardized test preparation experience:

Service Delivery

• Provide access to practice questions, tests, and AI tutor
• Generate personalized performance analytics and study recommendations
• Save your progress and allow you to resume practice sessions
• Deliver adaptive practice tests based on your performance level

Account Management

• Create and maintain your user account
• Process subscription payments and manage billing
• Provide customer support and respond to inquiries
• Send important service notifications and updates

Service Improvement

• Analyze usage patterns to improve question quality and difficulty calibration
• Enhance AI tutor responses based on successful explanations
• Identify and fix technical issues
• Develop new features based on user needs

Legal and Safety

• Comply with applicable laws and educational privacy regulations
• Protect against fraud, abuse, and security threats
• Enforce our Terms of Service

We do NOT use your educational data for advertising, marketing to third parties, or any commercial purposes beyond providing you with standardized test preparation services.

4. Data Ownership and Your Rights

You own your educational data. We are simply the custodian of your information while providing our service.

Your Data Rights

You have the right to:

• Access: View all information we have about you
• Correct: Update or fix any inaccurate information
• Export: Request a Download your data in a portable format
• Delete: Request complete removal of your account and data
• Restrict Processing: Limit how we use your information
• Object: Opt out of certain data processing activities

How to Exercise Your Rights

• In-App: Use Account Settings to view, edit, or delete your information
• Email Us: Contact brillai.tutor@gmail.com for assistance

Response Time

We will respond to your requests within 30 days (or sooner as required by applicable law).

5. Information Sharing and Third Parties

We use a minimal number of carefully selected third-party service providers to operate our platform. We never sell, rent, or share your personal information for advertising or marketing purposes.

Our Current Third-Party Service Providers

Third-Party Data Use Restrictions

All our service providers must:

• Use your information only to provide services to us
• Meet or exceed our security and privacy standards
• Delete your information when services are terminated
• Notify us immediately of any data breaches

Changes to Third Parties

We will provide you with at least 15 days advance notice of any changes to our third-party service providers. You can subscribe to updates by emailing us at brillai.tutor@gmail.com

User Control Over Third-Party Sharing

You can opt out of non-essential third-party data sharing by:

• Contacting us at brillai.tutor@gmail.com for options

6. Data Security and Protection

We implement comprehensive security measures to protect your information:

Encryption

• Data in Transit: All data transmission uses TLS 1.3 encryption (minimum TLS 1.2)
• Data at Rest: All personally identifiable information is encrypted using AES-256 encryption
• Practice Content: All your questions, answers, and performance data are encrypted

Authentication Security

• Password Protection: Supabase Auth stores passwords hashed with bcrypt and a random salt
• Strong Password Requirements: Configurable min length and required characters; recommends ≥8 chars
• Multi-Factor Authentication (MFA): Available via email-based verification codes
• Session Management: Secure session tokens with automatic timeout

Infrastructure Security

• Access Controls: Restricted employee access on need-to-know basis
• Data Centers: Industry-standard, access-controlled facilities
• Monitoring: 24/7 security monitoring and intrusion detection
• Backups: Encrypted, redundant, geographically distributed backups

Regular Security Assessments

• Third-Party Audits: Independent security assessments
• Vulnerability Management: Continuous monitoring and rapid patch deployment
• Employee Training: Regular security and privacy training for all staff

Data Breach Response

In the unlikely event of a data breach:

• We will notify affected users within 72 hours as required by law
• We will provide clear information about what happened and steps we're taking
• We will offer free credit monitoring services if financial information is involved
• We will conduct a thorough investigation and implement additional safeguards

7. Data Retention and Deletion

We believe you should control how long your data is stored.

Retention Periods

• Account Data: Maintained while your account is active
• Practice Data: Retained to provide ongoing performance analytics
• Inactive Accounts: Automatically deleted after 3 years of inactivity
• Support Communications: Retained for 2 years for service improvement

Complete Data Deletion

When you request account deletion or we delete inactive accounts:

• Deletion: All your data is deleted within 60 days of the request
• Legal Holds: Data may be retained longer if required by law or legal proceedings

Partial Data Retention (Limited Cases)

We may retain anonymized, aggregated data that cannot identify you for:

• Improving question difficulty and quality
• Understanding learning pattern trends
• Meeting legal or regulatory requirements

How to Delete Your Account

1. Email: Send deletion request to brillai.tutor@gmail.com
2. Confirmation: We'll confirm deletion within 7 days

8. Cookies and Tracking Technologies

We use cookies and similar technologies to provide and improve our service.

Types of Cookies We Use

Third-Party Cookies

We do not use third-party cookies for advertising or tracking. We may use analytics services that set cookies, but:

• Data is aggregated and anonymized
• No personal information is shared
• You can opt out through your browser settings

Cookie Control

You can control cookies through:

• Browser Settings: Disable or delete cookies
• Opt-Out Links: Available in Account Settings
• Cookie Banner: Manage preferences on first visit

Do Not Track

We respect "Do Not Track" browser signals and will not track users who have enabled this setting.

9. Advertising Policy

Brill Tutor does not display advertisements.

No Advertising Commitment

• No Third-Party Ads: We do not allow third-party advertisers or data brokers to collect information from our service
• No Targeted Advertising: We do not use your information to target advertisements
• No Ad Tracking: We do not use web beacons, pixels, or other tracking technologies for advertising purposes
• No Data Broker Sharing: We never share your information with advertising networks or data brokers

Marketing Communications

We may send you information about:

• New features and service improvements
• Educational content and standardized test preparation tips
• Important account and billing notifications

You can opt out of marketing communications at any time through:

• Email unsubscribe links
• Contacting brillai.tutor@gmail.com

10. Children's Privacy (COPPA Compliance)

We are committed to protecting children's privacy and comply with the Children's Online Privacy Protection Act (COPPA).

Age Requirements

• Minimum Age: Users must be at least 13 years old
• Parental Consent: Users under 18 should have parental or school permission to use our service

Data Collection from Children Under 13

We do not knowingly collect personal information from children under 13. If we discover we have collected such information:

• We will delete it immediately
• We will not use it for any purpose
• We will implement additional safeguards to prevent future collection

Parental Rights

Parents of users under 18 have the right to:

• Review their child's information
• Request deletion of their child's account
• Opt out of certain data collection practices
• Contact us about their child's privacy

School-Authorized Use

When schools provide access to students:

• We act as a service provider to the school
• Schools maintain control over student data
• We follow school district privacy policies
• Student data is used only for educational purposes

11. Educational Records (FERPA Compliance)

When used in educational settings, Brill Tutor complies with the Family Educational Rights and Privacy Act (FERPA).

School Official Designation

When providing services to schools, we act as a "school official" with legitimate educational interests in student records.

FERPA-Protected Information

Educational records may include:

• Student practice performance and progress
• Learning analytics and recommendations
• Assignment completion and scores

Use Restrictions

FERPA-covered student information is used only for:

• Providing standardized test preparation services
• Generating progress reports for educators
• Improving educational outcomes

Data Sharing Limitations

We do not share FERPA-protected information except:

• With the authorizing school or district
• As directed by the educational institution
• As required by law or court order
• In anonymized, aggregate form for service improvement

12. International Data Transfers (GDPR Compliance)

We comply with the General Data Protection Regulation (GDPR) and other international privacy laws.

Legal Basis for Processing

We process your information based on:

• Contract: To provide you with our standardized test preparation service
• Legitimate Interest: To improve our service and prevent fraud
• Consent: For optional features like analytics cookies
• Legal Obligation: To comply with applicable laws

International Transfers

If you're located outside the United States:

• Your data may be transferred to and processed in the United States
• We use Standard Contractual Clauses (SCCs) approved by the European Commission
• We ensure equivalent protection for your information

EU Resident Rights

If you're an EU resident, you have additional rights including:

• Right to data portability
• Right to object to processing
• Right to lodge complaints with supervisory authorities
• Right to withdraw consent at any time

Data Protection Officer

For GDPR-related inquiries, contact our Data Protection Officer:

• Email: brillai.tutor@gmail.com
• Response time: Within 30 days

13. Accessibility

We are committed to making our service accessible to all users.

Accessibility Standards

• WCAG 2.1 AA Compliance: We strive to meet Web Content Accessibility Guidelines
• Screen Reader Support: Compatible with assistive technologies

Ongoing Improvements

• Regular accessibility audits and testing
• User feedback integration for accessibility improvements
• Staff training on accessibility best practices

Accessibility Support

For accessibility assistance or to report barriers:

• Email: brillai.tutor@gmail.com
• We will respond within 48 hours

14. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements.

How We Handle Changes

• Advance Notice: We will provide at least 30 days notice of material changes
• No Retroactive Changes: Changes will not apply retroactively to data collected under previous policies
• Student Data Protection: Changes affecting student data require prior notice and choice
• Clear Communication: We will explain changes in plain language

Notification Methods

We will notify you of changes through:

• Email to your registered address
• Prominent notice on our website
• In-app notification when you next log in
• Updates to this page with revision date

Policy History

• Previous versions of this policy are available by emailing brillai.tutor@gmail.com
• You can view what changed between versions
• All changes include effective dates and rationale

Your Options

If you disagree with policy changes:

• You can download your data before changes take effect
• You can delete your account if you no longer wish to use our service
• You can contact us to discuss your concerns

15. Contact Information

We're here to help with any privacy questions or concerns.

Privacy Contact

• Email: brillai.tutor@gmail.com
• Response Time: Within 48 hours for privacy inquiries

General Contact

• Support Email: brillai.tutor@gmail.com

Data Protection Officer

• Email: brillai.tutor@gmail.com
• For GDPR and international privacy matters

Emergency Contact

For urgent security or privacy issues:

• Email: brillai.tutor@gmail.com
• Available 24/7 for critical issues