Privacy Policy for TutorPal
Effective Date: February 27, 2026
Last Updated: May 2, 2026
Introduction
Blue Sparrow ("we", "us", or "our") operates the TutorPal mobile application, public parent pages, public tutor profiles, family snapshot links, and supporting services. TutorPal requires Google sign-in before tutor app use. After sign-in, TutorPal is a local-first tutor admin app for students, sessions, lesson packs, invoices, templates, parent links, policy acknowledgments, family snapshots, and exports.
This Privacy Policy explains what information we collect, how we use it, how it may be shared, how long we keep it, and the choices available to you.
1. Information We Handle
- Account information: Google sign-in email, display name, profile photo, Firebase/Auth account identifiers, and account timestamps needed for app access, sync, restore, Premium recovery, parent links, and deletion.
- Tutor records: tutor profile, business/contact details, subjects, teaching preferences, students, parent contacts, lesson sessions, recurring slots, packs, policy templates, invoices, and notes.
- Parent link activity: session confirmation, cancellation, reschedule, policy-acknowledgment, and read-only family snapshot activity submitted or viewed through secure no-login links.
- Billing and entitlement information: subscription status and product identifiers needed to unlock Premium features.
- Support and diagnostics: messages you send to support, app version, device information, sync status, and error details needed to operate and improve the app.
2. How We Use Information
We use information to provide Google-authenticated local tutor workflows, cloud sync and restore when configured, parent session links, policy links, family snapshot links, push notifications, invoice and export emails, Premium entitlement checks, account deletion, support, security, fraud prevention, and service reliability.
3. Where Data Is Stored
- On your device: primary TutorPal app data is stored locally after sign-in for fast workflows.
- On TutorPal servers: sync/restore data when configured, parent links, public profile pages, family snapshot pages, event logs, and notification records may be stored for account-bound cloud features.
- Authentication and notifications: Google sign-in identity and push tokens are handled through Google/Firebase services.
- Billing: subscription records are handled by Google Play and RevenueCat.
- Email delivery: support, invoice, and export emails may be sent through BlueSparrow email services.
4. Sharing
We do not sell personal data. We share information only with service providers needed to operate TutorPal, when you direct us to share a parent link or email, when required by law, or to protect the service and users.
TutorPal does not offer local-only, anonymous, email/password, phone, Facebook, Apple, or Microsoft sign-in for normal tutor app access in this release.
5. Student and Parent Data
If you use TutorPal for your tutoring business, you are responsible for ensuring that you have the right to store student and parent information, send messages or invoices, and share parent action or family snapshot links. You should provide any notices or obtain any consent required by your local law.
6. Account Deletion and Your Choices
You can delete your TutorPal account from Settings -> Advanced settings -> Danger zone -> Delete account and app data. The in-app flow is the most complete path because it can delete account records and clear this device after deletion finishes.
If you cannot access the app, use the public deletion page: TutorPal account deletion.
Deleting your account does not cancel a Google Play subscription. Manage subscriptions in Google Play if you do not want future charges.
7. Retention
We retain data only as long as needed to provide TutorPal, meet legal or security obligations, resolve disputes, prevent abuse, or support account recovery. Deletion requests are normally handled within 30 days.
8. Security
We use reasonable safeguards such as HTTPS, authenticated access, account scoping, high-entropy parent tokens, and operational access controls. No system can be guaranteed perfectly secure.
9. Contact
- Website: https://bluesparrow.dev
- General inquiries: info@bluesparrow.dev
- Privacy inquiries: privacy@bluesparrow.dev