Privacy Policy for TutuCards

Last Updated: October 14, 2025

1. Introduction

Welcome to TutuCards, an educational platform offering digital printable resources and learning materials. Your privacy is fundamental to us, and this Privacy Policy explains how we collect, use, store, and protect your personal information when you use our services.

This policy applies to all users of our website, mobile applications, and services. By using TutuCards, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Personal Information You Provide

• Account Information: Name, email address, password, and profile preferences
• Payment Information: Billing address and payment method details (processed securely by Stripe)
• Communication Data: Messages you send us through support channels or feedback forms
• Educational Preferences: Grade levels, subjects of interest, and content preferences

2.2 Information Automatically Collected

• Usage Data: Pages visited, time spent on site, downloads, and interaction patterns
• Device Information: IP address, browser type, operating system, and device identifiers
• Location Data: General geographic location based on IP address (country/region level)
• Cookies and Tracking: Session data, preferences, and analytics information

2.3 Information from Third Parties

• Payment Processors: Transaction confirmations and payment status from Stripe
• Analytics Services: Aggregated usage statistics and performance metrics
• Authentication Providers: Profile information if you sign in through social media

3. How We Use Your Information

3.1 Primary Purposes

• Service Delivery: Process orders, deliver digital products, and manage subscriptions
• Account Management: Create and maintain your account, authenticate access
• Customer Support: Respond to inquiries, resolve issues, and provide assistance
• Payment Processing: Handle transactions, billing, and refunds

3.2 Secondary Purposes

• Product Improvement: Analyze usage patterns to enhance our educational content
• Personalization: Recommend relevant products and customize your experience
• Communication: Send important updates, newsletters, and promotional offers (with consent)
• Legal Compliance: Meet regulatory requirements and protect our rights

4. Legal Basis for Processing (GDPR)

For users in the European Union, we process your personal data based on:

• Contract Performance: To fulfill our obligations under our Terms of Service
• Legitimate Interest: To improve our services and prevent fraud
• Consent: For marketing communications and optional features
• Legal Obligation: To comply with applicable laws and regulations

5. Information Sharing and Disclosure

5.1 Third-Party Service Providers

We share information with trusted partners who help us operate our business:

• Stripe: Payment processing and subscription management
• Supabase: Database hosting and user authentication
• Cloudflare: Content delivery and security services
• Analytics Providers: Website performance and usage analysis

5.2 Legal Requirements

We may disclose information when required by law or to:

• Comply with legal processes, court orders, or government requests
• Protect our rights, property, or safety, or that of our users
• Investigate fraud, security breaches, or terms violations
• Enforce our Terms of Service or other agreements

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to the same privacy protections.

6. Data Security and Protection

6.1 Security Measures

• Encryption: All data transmitted using SSL/TLS encryption
• Access Controls: Strict employee access policies and authentication
• Regular Audits: Ongoing security assessments and vulnerability testing
• Secure Infrastructure: Industry-standard cloud hosting with security certifications

6.2 Data Retention

We retain your information for as long as:

• Your account remains active
• Necessary to provide our services
• Required by law or for legitimate business purposes
• You have outstanding transactions or subscriptions

7. Your Privacy Rights

7.1 General Rights (All Users)

• Access: Request information about data we hold about you
• Correction: Update or correct inaccurate personal information
• Deletion: Request deletion of your personal data (subject to legal requirements)
• Opt-out: Unsubscribe from marketing communications

7.2 GDPR Rights (EU Users)

If you're in the European Union, you also have the right to:

• Data Portability: Receive your data in a structured, machine-readable format
• Restrict Processing: Limit how we use your data in certain circumstances
• Object to Processing: Opt out of data processing based on legitimate interest
• Withdraw Consent: Revoke consent for processing at any time
• Lodge Complaints: File complaints with your local data protection authority

7.3 CCPA Rights (California Users)

If you're a California resident, you have the right to:

• Know: What personal information we collect and how it's used
• Delete: Request deletion of your personal information
• Opt-Out: Opt out of the sale of personal information (we do not sell personal data)
• Non-Discrimination: Equal service regardless of exercising privacy rights

8. Cookies and Tracking Technologies

8.1 Types of Cookies We Use

• Essential Cookies: Required for basic site functionality and security
• Performance Cookies: Help us understand how visitors interact with our site
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: Used to deliver relevant advertisements (with consent)

8.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may affect site functionality. Essential cookies cannot be disabled as they're necessary for security and basic operations.

9. Children's Privacy (COPPA Compliance)

TutuCards is designed for educational use with children, but we do not knowingly collect personal information from children under 13 without parental consent. We comply with the Children's Online Privacy Protection Act (COPPA).

9.1 Parental Rights

Parents and guardians have the right to:

• Review any personal information collected from their child
• Request deletion of their child's personal information
• Refuse further collection or use of their child's information
• Contact us with privacy concerns about their child's data

10. International Data Transfers

Your information may be processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions for countries with equivalent privacy protections
• Certification schemes and codes of conduct

11. Updates to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes by:

• Posting the updated policy on our website
• Sending email notifications for significant changes
• Updating the "Last Updated" date at the top of this policy

Your continued use of our services after changes take effect constitutes acceptance of the updated policy.

12. Contact Information and Data Protection

12.1 General Privacy Inquiries

12.2 Exercising Your Rights

To exercise your privacy rights or submit data requests, please email us at privacy@tutucards.com with the subject line "Privacy Rights Request" and include:

• Your full name and email address associated with your account
• Specific right you wish to exercise
• Any additional details to help us process your request

We will respond to verified requests within 30 days (or as required by applicable law).

12.3 EU Representative

For users in the European Union, you may also contact our EU representative for data protection matters at eu-privacy@tutucards.com.

This Privacy Policy is effective as of the date listed above and supersedes all previous versions. Thank you for trusting TutuCards with your educational journey.