Privacy Policy for Stoodle Inc.

1. Scope of This Policy

This Privacy Policy applies to personal information collected through the Website and Services, whether provided directly by users, collected automatically, or obtained from third parties. For the purposes of this policy, “personal information” refers to any information that can identify an individual, such as names, email addresses, or IP addresses, and includes sensitive data as defined by applicable laws.

This policy is incorporated into our Terms of Service and applies to all online activities on the Website.

2. Information We Collect

2.1 Information You Provide Directly

• Account Registration: When you create a Stoodle account (as a student, parent, or tutor), we collect:
  • Name (first and last)
  • Email address
  • Password
  • Phone number (optional)
  • Address (optional, for billing or verification purposes)
  • For tutors: professional credentials, educational background, and availability
  • For students: grade level, school name (optional), and parent/guardian contact information (if under 19)
• Payment Information: For paid tutoring sessions or premium features, we collect:
  • Credit card details (processed securely via third-party payment processors)
  • Billing address
• User-Generated Content: Information you provide when using our Services, such as:
  • Flashcards and quiz content
  • Notes created via speech-to-text or manual input
  • Messages or communications with tutors or support staff
• Correspondence: Information provided when you contact us via forms, email, or customer support, including feedback, inquiries, or complaints.

2.2 Information Collected Automatically

• Website Usage Data: IP address, browser type/version, device type/OS, date/time of visits, pages viewed, time spent, referring/exit pages, clickstream data.
• Service Providers: We engage trusted third parties (Stripe, PayPal, AWS, Google Analytics, email delivery, support) under confidentiality obligations.
• Tutors: Student info may be shared with tutors (with parental consent for minors).
• Schools/Educational Institutions: Student data may be shared with schools for account setup or educational purposes.
• Legal/Compliance: We may disclose info to comply with law, protect rights/safety, or investigate fraud/illegal activity.
• Business Transfers: In case of merger/acquisition/sale, personal info may be transferred to a successor entity with equivalent protections.

We do not sell personal information or share it with third parties for their marketing purposes.

3. Legal Basis for Processing (GDPR)

• Consent : For optional features, marketing, or data collection from minors (with parental consent).
• Contract : To fulfill our Terms of Service, such as providing tutoring or study tools
• Legitimate Interests : For analytics, fraud prevention, or improving Services, provided your rights are not overridden.
• Legal Obligation : To comply with applicable laws or protect safety

4. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes outlined in this policy or as required by law:

• Account information is retained while your account is active and for up to one year after account deletion, unless otherwise requested.
• Payment data is retained only as needed to process transactions and comply with tax laws.
• Usage data (e.g., analytics) is retained in aggregated or de-identified form for up to three years.
• User-generated content (e.g., flashcards, notes) is retained until deleted by the user or upon account closure.

You may request deletion of your data by contacting privacy@stoodle.ai. We will honor such requests, subject to legal retention obligations.

5. Data Security

We implement reasonable administrative, technical, and physical measures to protect personal information, including:

• Encryption of data in transit (e.g., TLS/SSL) and at rest.
• Secure authentication methods (e.g., password hashing).
• Regular security audits and employee training on data protection.
• Non-disclosure agreements with employees and contractors.

Despite these measures, no system is completely secure. We cannot guarantee abso- lute protection against data breaches or malicious attacks, but we will notify users promptly in case of a breach, as required by law.

6. Cookies and Tracking Technologies

We use cookies and similar technologies (e.g., web beacons, local storage) to enhance user experience, analyze usage, and deliver Services. Cookies may include:

• Essential Cookies: Necessary for Website functionality (e.g., session manage- ment).
• Analytics Cookies: Track usage patterns (e.g., Google Analytics).
• Preference Cookies: Store user settings (e.g., language or display preferences).

You can manage cookie preferences via your browser settings or our cookie consent tool (available on the Website). Disabling cookies may limit certain features. For details, see our Cookie Policy.

7. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of your personal data.
• Rectification: Correct inaccurate or incomplete data.
• Deletion: Request deletion of your data, subject to legal obligations.
• Restriction: Limit how we process your data in certain circumstances.
• Portability: Receive your data in a structured, machine-readable format.
• Objection: Object to processing for marketing or legitimate interests.
• Opt-Out: Opt out of marketing communications or the sale/sharing of data (note: we do not sell data).

To exercise these rights, contact privacy@stoodle.ai. We will respond within 30 days (or as required by law). California residents may request information about disclosures to third parties for marketing purposes under the “Shine the Light” law by emailing us.

8. Children’s Privacy (COPPA Compliance)

Stoodle complies with COPPA for users under 13 and PIPEDA for users under 19 in Canada. We:

• Obtain verifiable parental consent before collecting personal information from children under 13 (or 19, where applicable).
• Allow parents/guardians to review, modify, or delete their child’s data.
• Do not use children’s data for advertising or non-educational purposes.
• Provide clear notice to parents about our data practices.

Parents can contact privacy@stoodle.ai to manage their child’s data or withdraw consent, which may limit access to certain Services.

9. International Data Transfers

As a Canadian company, we primarily store data in Canada. However, some Service providers (e.g., cloud hosting) may process data in other countries, including the U.S. or EU. We ensure:

• Adequate safeguards, such as Standard Contractual Clauses, for cross-border transfers.
• Compliance with GDPR and PIPEDA for international users.
• Users can request details about safeguards by contacting us.

10. Third-Party Services

We use third-party services (e.g., Stripe for payments, Google Analytics for usage data) that may collect or access personal information. These providers have their own privacy policies, which we encourage you to review:

• Stripe Privacy Policy
• Google Analytics Privacy Policy

We disclose the use of these services in our Services and ensure they comply with our privacy standards.

11. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal require- ments. We will notify users of material changes via email or a Website notice at least 30 days before they take effect. The updated policy will be posted here with a revised “Last Updated” date. Previous versions will be archived and available upon request.

12. Contact Us

For questions, concerns, or to exercise your privacy rights, contact our Data Protection Officer:

• Email: privacy@stoodle.ai

We aim to respond to inquiries within 30 days. If you are unsatisfied with our response, you may contact the Office of the Privacy Commissioner of Canada or your local data protection authority.

13. Accessibility

This Privacy Policy is available in the footer of www.stoodle.ai and within our mobile app under the “Legal” section. For accessibility assistance, contact us at privacy@stoodle.ai.

By using our Website or Services, you acknowledge that you have read and understood this Privacy Policy. Thank you for trusting Stoodle Inc. with your personal information.