Legal

Privacy Policy

Last Updated: December 2025

1. Introduction

EdTech Global (“we,” “our,” or “us”) operates a multi-tenant online education platform that connects tutoring institutes and individual tutors with students for live classes and educational content delivery. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

By using EdTech Global, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information

We collect personal information that you voluntarily provide when registering or using our services:

For Students:

  • Full name
  • Phone number (used for authentication via OTP)
  • Email address (optional, used for international students)
  • Profile information

For Tutors:

  • Full name
  • Email address
  • Phone number
  • Profile information and qualifications
  • Bank account details (for payment processing)

For Support Staff:

  • Full name
  • Email address
  • Phone number

2.2 Educational Data

In the course of providing educational services, we collect:

  • Enrollment Records: Class and course enrollments, attendance records
  • Learning Progress: Course completion status, lesson progress, video watch history
  • Class Content: Class recordings, uploaded materials, course videos
  • User-Generated Content: Testimonials, feedback, and contact form submissions

2.3 Third-Party Integration Data

Zoom Integration:

When tutors connect their Zoom account, we collect and store:

  • Zoom OAuth tokens (access token, refresh token)
  • Zoom User ID, Account ID, and email address
  • Zoom display name
  • Meeting IDs, join URLs, and passcodes
  • Registration information for secured meetings
  • Meeting recordings (transferred to our storage via webhooks)

Purpose: This data enables tutors to create and manage live video classes directly through our platform.

YouTube Integration:

When tutors connect their YouTube account for live streaming, we collect:

  • YouTube OAuth tokens (access token, refresh token)
  • Channel ID and channel name
  • Stream keys and ingestion addresses
  • Live stream IDs and URLs
  • Video URLs for imported content

Purpose: This data enables tutors to live stream classes to YouTube and use YouTube videos in their courses.

2.4 Automatically Collected Information

  • Device information (browser type, operating system)
  • IP address
  • Usage data (pages visited, features used)
  • Session information
  • Error logs (via Sentry for debugging purposes)

2.5 Audit Logs

For security and compliance purposes, we maintain audit logs that record:

  • User actions (login, logout, data modifications)
  • Entity changes (before and after values)
  • IP addresses and user agent strings
  • Request identifiers for troubleshooting
  • Timestamps of all recorded actions

2.6 Payment Information

  • Payment method details
  • Transaction history and invoice records
  • Payment status and dates
  • Bank transfer references

Note: We do not store complete credit card numbers. Payment processing is handled through secure third-party providers.

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Delivery

  • Create and manage user accounts
  • Authenticate users (email/password for tutors, OTP for students)
  • Enable tutors to create and manage classes and courses
  • Allow students to enroll in and attend classes
  • Facilitate live video sessions via Zoom integration
  • Enable live streaming via YouTube integration
  • Deliver course materials and recordings
  • Track learning progress and course completion

3.2 Communication

  • Send class reminders and notifications via SMS
  • Send transactional emails (enrollment confirmations, payment receipts)
  • Deliver in-app notifications
  • Provide customer support

3.3 Platform Operations

  • Process payments and manage subscriptions
  • Monitor and improve platform performance
  • Debug and fix technical issues
  • Track usage quotas (storage, SMS)
  • Ensure platform security

3.4 Compliance

  • Comply with legal obligations
  • Enforce our terms of service
  • Respond to legal requests

4. Multi-Tenant Architecture and Data Isolation

EdTech Global operates as a multi-tenant platform where each tutoring institute (“tenant”) maintains its own isolated data environment. This architecture ensures that:

  • Each institute's data (students, classes, payments) is completely separated from other institutes
  • Students can only access classes and content from their enrolled institute
  • Tutors can only view and manage students within their own institute
  • Administrative actions are scoped to the relevant tenant

4.1 Custom Domains and Websites

Institutes may configure custom domains or subdomains for their student portals. When using custom domains:

  • Student data is associated with the specific tenant domain
  • Website settings (branding, SEO, content) are stored per tenant
  • Domain ownership is verified before activation
  • Contact form submissions are routed to the appropriate institute

5. Data Storage and Security

5.1 Data Storage

Your data is stored in:

  • PostgreSQL Database (Supabase): User accounts, class data, enrollments, progress
  • Cloudflare R2: Course videos, class recordings, large media files
  • Supabase Storage: Documents, profile images, course thumbnails
  • Integration Configurations: Third-party OAuth tokens (Zoom, YouTube)

5.2 Data Location

Our primary data infrastructure is hosted on:

  • Supabase (cloud database)
  • Vercel (application hosting, edge network)
  • Cloudflare R2 (content storage)

5.3 Security Measures

We implement the following security measures:

  • TLS 1.2+ encryption for all data in transit
  • Encryption at rest for stored data
  • Row-Level Security (RLS) for multi-tenant data isolation
  • JWT-based authentication with secure token handling
  • HttpOnly cookies for session management
  • Signed URLs for secure file access
  • Regular security monitoring via Sentry

6. Data Sharing and Disclosure

6.1 Third-Party Service Providers

We share data with service providers who assist in operating our platform. These providers are contractually obligated to protect your data.

6.2 Legal Requirements

We may disclose your information if required to:

  • Comply with applicable laws or regulations
  • Respond to valid legal processes (subpoenas, court orders)
  • Protect our rights, privacy, safety, or property
  • Enforce our terms of service

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, user data may be transferred to the acquiring entity.

6.4 No Sale of Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

7. Zoom Data Handling

7.1 What We Access

When tutors authorize our Zoom integration, we access:

  • User profile information (name, email)
  • Ability to create and manage meetings
  • Meeting participant information (for attendance tracking)
  • Registration management for secured meetings

7.2 How We Use Zoom Data

  • Create scheduled and recurring meetings for classes
  • Generate join links for students
  • Manage meeting registrations for secured classes
  • Track attendance from past meeting data

7.3 Zoom Recordings and Webhooks

When cloud recording is enabled:

  • Zoom sends webhook notifications when recordings are ready
  • Recordings are downloaded and transferred to our storage (Cloudflare R2)
  • Access to recordings is controlled by payment status
  • Recordings may be used in courses as lesson content

7.4 Zoom Data Storage and Deletion

  • OAuth tokens are stored encrypted in our database
  • Tokens are automatically refreshed before expiration
  • Tokens can be revoked by disconnecting Zoom from settings
  • Meeting data is stored for class management purposes

When a tutor disconnects their Zoom account, OAuth tokens are deleted from our database and revocation is requested from Zoom. Historical meeting references remain for record-keeping.

8. YouTube Data Handling

8.1 What We Access

When tutors authorize our YouTube integration, we access:

  • Channel information (ID, name)
  • Ability to create and manage live streams
  • Stream keys for broadcasting
  • Video URLs for importing content into courses

8.2 How We Use YouTube Data

  • Create live streams for classes that are broadcast on YouTube
  • Import YouTube video URLs as course lesson content
  • Use YouTube stream recordings as an alternative to Zoom cloud recordings
  • Monitor stream status during live broadcasts

8.3 YouTube Data Deletion

When a tutor disconnects their YouTube account, OAuth tokens are deleted. Video URL references in courses remain but will no longer be playable if the original videos are removed from YouTube.

Privacy Note: YouTube data is subject to Google's Privacy Policy. Public streams are visible to anyone on YouTube.

9. Data Retention

9.1 Active Accounts

We retain your data for as long as your account is active and as needed to provide services.

9.2 Soft Deletion

When data is deleted, it is initially “soft deleted” (marked as deleted but retained for a grace period). This allows for recovery in case of accidental deletion. After the grace period, data is permanently removed or anonymized.

9.3 Retention Periods

Different types of data have different retention periods based on legal requirements and operational needs. Contact us for specific information about retention periods for your data.

9.4 Deletion Requests

Upon account deletion request:

  • Personal identifiable information is removed or anonymized
  • Transaction records may be retained for legal/tax purposes
  • Zoom and YouTube OAuth tokens are immediately revoked and deleted

10. Your Rights

Depending on your jurisdiction, you may have the following rights:

10.1 Access

Request a copy of the personal data we hold about you.

10.2 Correction

Request correction of inaccurate personal data.

10.3 Deletion

Request deletion of your personal data (subject to legal retention requirements).

10.4 Data Portability

Request a copy of your data in a portable format.

10.5 Withdraw Consent

Withdraw consent for data processing (where consent is the legal basis).

10.6 Object

Object to processing of your personal data for certain purposes.

To exercise these rights, contact us at the email address provided below.

11. Children's Privacy

Our platform may be used by students of various ages. For users under 18:

  • Parental/guardian consent is required for account creation
  • Parents can manage their children's accounts
  • We collect only information necessary for educational services
  • Parents can request access to or deletion of their child's data

12. Cookies and Tracking

12.1 Essential Cookies

We use essential cookies for:

  • User authentication and session management
  • Security features
  • Platform functionality

12.2 Analytics

We use Sentry for error tracking and performance monitoring. This collects:

  • Anonymous usage patterns
  • Error reports with tenant context for debugging
  • Performance metrics

12.3 Cookie Management

Essential cookies cannot be disabled as they are required for platform functionality. You can manage other cookies through your browser settings.

13. International Data Transfers

Your data may be processed in countries outside your residence. We ensure appropriate safeguards are in place for international transfers through:

  • Service provider agreements
  • Standard contractual clauses
  • Compliance with applicable data protection laws

14. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be:

  • Posted on this page with an updated “Last Updated” date
  • Communicated via email for significant changes
  • Effective immediately upon posting unless otherwise stated

15. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

EdTech Global

Email: privacy@edtechglobal.io

Address: No. 76/A, Sri Hemananda Mw, Bataganvila, Galle

For data protection inquiries or to exercise your rights, please email: privacy@edtechglobal.io

Have questions about our privacy practices?

Visit Help CenterContact Us