GalileoAcademics
Sign In
Data Protection & Privacy

Privacy Policy

We are committed to protecting your privacy and the privacy of our students. This policy explains how we collect, use, and safeguard your personal information.

COPPA Compliant
FERPA Aligned
Last Updated: May 22, 2025

1. Information We Collect

Google OAuth Information

  • • Email address
  • • Name
  • • Google account ID (sub claim)
  • • Profile picture URL

User-Provided Information

  • • Academic level and course preferences
  • • Learning goals and objectives
  • • Scheduling preferences
  • • Contact information for communications

For Users Under 18:

We only collect information necessary for educational services and require verifiable parental consent before collecting any personal information from children under 13, in compliance with COPPA regulations.

Educational Data We Collect

  • • Session attendance and participation
  • • Assignment completion and progress
  • • Assessment scores and performance metrics
  • • Learning preferences and study habits
  • • Communication records with tutors

2. How We Use Your Information

We use collected information solely for educational purposes and service delivery:

Educational Services

  • • Personalized tutoring sessions
  • • Progress tracking and reporting
  • • Curriculum customization
  • • Learning outcome assessments

Communication

  • • Session scheduling and reminders
  • • Educational updates and announcements
  • • Parent/guardian communications
  • • Technical support assistance

Service Improvement

  • • Analyzing learning effectiveness
  • • Improving educational content
  • • Enhancing user experience
  • • Developing new features

Account Management

  • • User authentication via Google OAuth
  • • Session management and security
  • • Billing and payment processing
  • • Account preferences and settings

3. Data Storage & Security

Database Security

  • • Secure PostgreSQL database with encryption
  • • Regular automated backups
  • • Access controls and authentication
  • • Data integrity monitoring
  • • SOC 2 compliant hosting infrastructure

Google OAuth Security

  • • OAuth 2.0 secure authentication
  • • No password storage on our servers
  • • Limited scope access to Google data
  • • JWT-based session management with secure HTTP-only cookies or database sessions via Prisma ORM
  • • Automatic token refresh and validation

Additional Security Measures

  • • TLS/SSL encryption for all data transmission
  • • Regular security audits and penetration testing
  • • Employee background checks and training
  • • Multi-factor authentication for admin access
  • • Intrusion detection and monitoring systems
  • • Incident response and breach notification procedures

4. Student Privacy & COPPA Compliance

Children Under 13 (COPPA Compliance)

We are committed to protecting children's privacy online and comply with the Children's Online Privacy Protection Act (COPPA):

  • Parental Consent Required: We obtain verifiable parental consent before collecting personal information from children under 13
  • Limited Data Collection: We collect only information necessary for educational services
  • No Behavioral Advertising: We do not use children's data for behavioral advertising or marketing
  • Parental Rights: Parents can review, delete, or refuse further collection of their child's information
  • Secure Processing: All data is processed securely and shared only with authorized educational personnel

FERPA Alignment

Our practices align with the Family Educational Rights and Privacy Act (FERPA) principles:

  • • Educational record confidentiality
  • • Parent/student access rights
  • • Consent for disclosure
  • • Directory information protections

Teen Privacy (13-17 years)

For students aged 13-17:

  • • Enhanced privacy protections
  • • Parental notification requirements
  • • Educational purpose limitations
  • • Secure communication channels

Parental Control Options

Parents and guardians have the right to:

  • • Review all information collected about their child
  • • Request corrections to inaccurate information
  • • Delete their child's account and associated data
  • • Receive progress reports and educational communications
  • • Control data sharing preferences
  • • Contact our privacy team with concerns

5. Data Sharing & Third Parties

Our Commitment: We Do NOT Sell Your Data

We never sell, rent, or trade personal information to third parties for commercial purposes. Your privacy is not for sale.

Limited Sharing with Service Providers

We may share data only with trusted service providers who help us deliver educational services:

  • Google: For OAuth authentication only
  • Payment Processors: For secure transaction processing
  • Cloud Hosting: For secure data storage and platform operation
  • Communication Tools: For video conferencing and messaging

All service providers are contractually bound to protect your data and use it only for specified educational purposes.

When We May Disclose Information

We may disclose personal information only in these limited circumstances:

  • Legal Requirements: When required by law or legal process
  • Safety Concerns: To protect student safety or prevent harm
  • Parental Requests: To parents/guardians regarding their child's education
  • Business Transfers: In case of company merger (with continued privacy protection)

All disclosures follow strict legal and ethical guidelines for student data protection.

6. Your Rights & Choices

You have significant control over your personal information and privacy settings:

Access & Review

  • • View all personal information we have
  • • Download your educational progress data
  • • Review data sharing preferences
  • • Access session recordings and communications

Correct & Update

  • • Update profile information anytime
  • • Correct inaccurate educational records
  • • Modify communication preferences
  • • Change privacy settings

Delete & Remove

  • • Delete your account completely
  • • Remove specific data points
  • • Opt out of data collection
  • • Request data portability

Control & Restrict

  • • Limit data processing activities
  • • Opt out of communications
  • • Restrict data sharing
  • • Pause data collection temporarily

How to Exercise Your Rights

To exercise any of these rights, contact us at:

Email: privacy@stemtutoring.com

Response Time: We will respond within 30 days

Identity Verification: We may require identity verification to protect your privacy

7. Contact Us About Privacy

We are committed to protecting your privacy and are here to help with any questions or concerns about how we handle your personal information.

Policy Updates

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify users of significant changes via email and prominently display the updated policy on our website. Continued use of our services after policy updates constitutes acceptance of the revised terms.

ContactTerms of Service

Your Privacy is Our Priority

Join the students and families who trust us to protect their privacy while delivering exceptional STEM education.

Start Learning SafelyAsk About Privacy
COPPA & FERPA Compliant
Stripe Payment Security
No Data Sales Ever