Privacy Policy Statement

Last Revised: March 23, 2022

At TutorOcean Inc. (“TutorOcean”), your privacy is important to us. The purpose of this privacy statement is to let you know how we collect, use and disclose Personal Information, and to inform you of your rights with respect to such Personal Information. This Privacy Statement is effective as of the effective date of your subscription or when you accessed the Service.

About TutorOcean

TutorOcean is an online service that enables its Customers the ability to easily connect with the resources they need for modern educational learning (the “Service”).

1.0 Applicability of Privacy Statement

This Privacy Statement relates to “Personal Information”, meaning information about an identifiable individual, whether, for example, that individual is our Customer, or our Customer’s provisioned user or an individual whose information is part of Processed Data, as these terms are defined below. Whether a person is “identifiable” means that they can be identified by the information itself or by that information combined with other information reasonably available.

This Privacy Statement applies to Personal Information collected or managed by TutorOcean through the use of the Service, third-party integrations, and our websites. This Privacy Statement is also intended to explain how we use information that is not identifiable (and thus not Personal Information) that is collected via our websites and the Service.

“Customer” refers to the customers of TutorOcean and their provisioned users which also includes hosts, tutors, parents, student users, and all others that connect to the service.

“Customer Information” refers to information about our Customers and their provisioned users.

“Processed Data” refers to information that is processed by TutorOcean on behalf of our Customers through their use of the Service.

“Service” refers to both the TutorOcean Marketplace and Software as a Service platform.

TutorOcean does not have a direct relationship with many of the individuals whose Personal Information is included in Processed Data. This privacy statement is intended to provide information about how all Personal Information is collected, used, disclosed, processed and protected by TutorOcean.

1.1 Classification of Information

When the Service is used by our Customers, we classify the Personal Information we collect, use and disclose into two main categories: The first is Personal Information included in Customer Information, and the second is Personal Information that is included in Processed Data. It is important to note that not all Customer Information or Processed Data is Personal Information, either because it relates to a company or a business, or it is not identifiable.

1.2 Processes Data

TutorOcean does not control what information a Customer chooses to include in Processed Data. Because we are unable to determine whether it is Personal Information or other information, we treat it as though it may be Personal Information but our Customers are entirely responsible for any Personal Information they choose to include in Processed Data. All Customers and their provisioned users should understand that data in TutorOcean can be exported, shared or displayed by a Customer or provisioned user. Customers and provisioned users are solely responsible for the use of such exported, shared or displayed data and for protecting it appropriately.

2.0 WHAT INFORMATION WE COLLECT

From our Customers, we only collect Customer Information that is necessary to establish and maintain the provision of the Service to them, as well as to understand and improve the usage and performance of the Service. When our Customers are corporations, as opposed to individuals, this information is not “Personal Information”. This Customer Information can include:

Customer name
Contact information, including postal, phone and email addresses
Billing address
Billing details (as necessary for our internal accounting purposes and for processing payments through our contracted processing service)
Login information for provisioned users, such as usernames and encrypted passwords
Information about how the Customer and its provisioned users use the Service, including information about the Customer, location information, usage patterns and intended use of the Service.
Information provided by the Customer and its provisioned users in connection with any support given by the TutorOcean team related to the Service.
Login information for third party integrations to TutorOcean, such as usernames and encrypted passwords

In connection with our marketing, sales and Customer support functions, we may collect publicly-available information about our Customers and provisioned users, which is used for the purposes set out in this Privacy Statement.

This additional Customer Information can include profile data for tutors, students, professors and other including:

Name
Contact information, including bio description, photo, phone and email addresses
Academic performance details including courses, grades and more
Notes, comments, files and more
Login information for provisioned users, such as usernames and encrypted passwords

2.1 Purposes for Collection

As stated in more detail in our Marketplace Terms of Service and SaaS Terms of Service, TutorOcean does not use any identifiable Processed Data for its own purposes. Processed Data is only processed by TutorOcean on behalf of our Customers to provide them with the Service. Individual provisioned users whose Personal Information is contained in Processed Data should refer to the Customer’s privacy policy for an understanding of how Personal Information is collected, used, disclosed and otherwise processed by the Customer by use of the Service.

2.2 Disclosure of Personal Information

TutorOcean may share Personal Information with people within the company who have a “need to know” the information for business, misconduct or legal reasons, for example, in order to carry out an administrative function, such as processing an invoice or supporting questions that you have submitted to TutorOcean.

We may share Personal Information with third parties, including:

government and regulatory authorities, for example to respond to a legal request or comply with a legal obligation, in which case we will make reasonable efforts to give the relevant individual notice of the disclosure, provided we are able to identify the individual and are lawfully able to do so;
for the purposes of seeking legal or other professional advice;
suppliers of IT services and third party service providers engaged by TutorOcean as further detailed in this Privacy Statement and our our Marketplace Terms of Service and SaaS Terms of Service; and
in the event that we sell, buy or merge any business or assets, including to the prospective seller or buyer of such business or assets and their respective professional advisers.

We may also share anonymous or de-identified information with other third parties in connection with the purposes outlined in this Privacy Statement.

2.3 Third-Party Integrations

The Service provides Customers and their provisioned users the ability to easily connect to help deliver educational and learning services. TutorOcean extends its Service to make it easier and connect to other third-party providers to help push and pull data as required who have terms and conditions particular to their own data privacy and, by making use of the service and third-party integrations offered by TutorOcean, you acknowledge and agree that your use of the Service may be subject to terms and conditions of those third-party providers.

2.4 Right of Access

Pursuant to applicable law, you may have certain rights in relation to your Personal Information, including a right of access. If your Personal Information is a part of our Customer’s Processed Data, you should seek this access from the relevant Customer. If we control the Personal Information, we may require additional information to confirm your identity, which will only be used for that purpose.

2.5 Data Location

Unless a Customer is using a Custom Data Store and therefore storing their Processed Data on their site, TutorOcean uses Amazon Web Services to store and manage Customer Information and Processed Data in and from Canada and the USA. As indicated in the following section, TutorOcean uses service providers outside of Canada and USA to store and manage the certain data and analytics associated with use of the Service.

2.6 Information collected via our website, service, and app

When you visit our websites, app and TutorOcean.com, we may use cookies, pixel tags, analytics tools, and other similar technologies to help provide and improve our services to you, and as detailed below:

Cookies: Cookies are pieces of information stored directly on the computer that you are using. Cookies allow us to collect information such as browser type, time spent on the website, pages visited, language preferences, and other web traffic data. We use the information for security purposes, to facilitate online navigation, to display information more effectively, to personalize your experience while using the website, and to otherwise analyze user activity. We can recognize your computer to assist your use of the website.
We also gather statistical information about the usage of the website and application in order to continually improve their design and functionality, understand how they are used, and assist us with resolving questions regarding the website and application. Cookies may further allow us to select which of our advertisements, features or offers are most likely to appeal to you and to display them to you. We may also use cookies in online advertising, features or offers to see how you interact with such advertisements, features or offers and we may use cookies or other files to understand your use of other websites.
If you do not want information to be collected through the use of cookies when using our website or application, there is a simple procedure in most browsers that allows you to automatically decline cookies or gives you the choice of declining or accepting the transfer to your computer of a particular cookie (or cookies) from a particular site. You may also wish to refer to http://www.allaboutcookies.org/manage-cookies/index.html. However, if you do not accept these cookies, you may experience some inconvenience in your use of the website or application. For example, we may not be able to recognize your computer, and you may need to log in every time you visit the website or application.
Pixel tags and other similar technologies: Pixel tags (also known as web beacons and clear GIFs) may be used in connection with our website to, among other things, track the actions of users of the website and other means of communication with you (including e-mail recipients), measure the success of our marketing campaigns, and compile statistics about usage of the website and response rates.
Analytics tools: We use website and application analytics services provided by third parties that use cookies, JavaScript and other similar technologies to collect information about website or application use, perform data enrichment and to report patterns or trends. The third parties that provide us with these services may also collect information about your use of third-party websites. These analytics providers may store this analytics data in the United States and other locations.

2.7 Safeguarding Personal Information

We are required by law to safeguard the Personal Information in our custody or control. We use industry-standard measures to protect Personal Information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification. We protect Personal Information regardless of the format in which it is held.

Our methods of protection include: (a) physical measures, such as restricted physical access to the systems delivering our Service; (b) organizational measures, including employee training and limiting access on a “need-to-know” basis; and, (c) technological measures, including the use of passwords and encryption.

We use service providers, including our data hosting provider, to facilitate providing the Service. We use contractual means to make sure that our service providers only deal with Personal Information on our behalf to provide the Service and not for any other purposes. We also undertake diligence to satisfy ourselves that our service providers will implement adequate safeguards to protect Personal Information.

If we have reason to believe that there has been a breach of security safeguards that has resulted in the inappropriate loss or disclosure of Personal Information, we will take reasonable measures to notify the affected Customers, as applicable, promptly and with sufficient detail to enable them to evaluate the breach and understand the likely consequences.

2.8 Managing Your Information

You can access and update some of your personal information through your Account settings. If you connected your TutorOcean Account to a third-party service, like Facebook or Google, you can change your settings and unlink from that service in your Account settings. You are responsible for keeping your personal information up to date.

2.9 Data Access and Portability

In some jurisdictions, applicable law may entitle you to request certain copies of your personal information or information about how we handle your personal information, request copies of personal information that you have provided to us in a structured, commonly used, and machine-readable format, and/or request that we transmit this information to another service provider (where technically feasible).

2.10 Data Erasure

In some jurisdictions, you can request that your personal information be deleted. Please note that if you request deletion of your personal information, or if your account is suspended, terminated, or voluntarily closed:

We may retain your personal information as necessary for our legitimate business interests, such as prevention of money laundering, fraud detection and prevention, and enhancing safety. For example, if we suspend a TutorOcean Account for fraud or safety reasons, we may retain information from that TutorOcean Account to prevent that Member from opening a new TutorOcean Account in the future.
We may retain and use your personal information to the extent necessary to comply with our legal obligations. For example, TutorOcean and TutorOcean Payments may keep information for tax, legal reporting, and auditing obligations.
Information you have shared with others (e.g., Reviews, forum postings) will continue to be publicly visible on TutorOcean, even after your TutorOcean Account is canceled. However, attribution of such information to you will be removed. Some copies of your information (e.g., log records) will remain in our database, but are disassociated from personal identifiers.
Because we take measures to protect data from accidental or malicious loss and destruction, residual copies of your personal information may not be removed from our backup systems for a limited period of time.

You can submit your request to have your data erased anytime by submitting your request on our contact us form.

3.0 Anonymous Information

As stated in more detail in our Marketplace Terms of Service and SaaS Terms of Service, TutorOcean may use de-identified and/or aggregate information derived from Personal Information, for any purposes, including:

Analytics to understand how our Customers and, their provisioned users make use of the Service and our website and to make targeted offerings of certain Services to our Customers and provisioned users;
Information used to determine how to make improvements to the Service and to develop new features, capabilities and ways of presenting data; and
For commercial purposes, either for TutorOcean or for others.

We will take industry standard steps so that this de-identified and/or aggregate information cannot be connected to any particular individual.

4.0 Confidential Student Information

The privacy of student information is protected by the Family Education Rights Privacy Act (FERPA), regardless of whether the information is provided to the Company by Customer or Customer Users including but not limited to tutors, advisors and students. Customer agrees to abide by the limitations on use and re-disclosure of student information set forth in FERPA. See Exhibit A.

5.0 EU Personal Information

This section shall apply only in respect of Personal Information relating to individuals located in the EU (“EU Personal Information”).

For the purposes of applicable EU data protection and privacy laws, TutorOcean, with its registered offices at 535 Legget Dr, Suite 100, Kanata, ON K2K 3B8, Canada is considered the Data Controller in respect of all EU Personal Information that it collects, uses and otherwise processes for its own purposes as set out in this Privacy Statement.

If you are a Customer, website user or other individual with whom we communicate and / or do business and you are located in the EU, you should read this Privacy Statement in full and particularly this section, before you provide us with any Personal Information or browse our website, and make sure that you are comfortable with our privacy practices.

Please note that for the purposes of EU data protection and privacy laws, personally identifiable information collected in a business context (for example an individual’s business email address or job title) will be Personal Information. All provisions in this Privacy Statement relating to Personal Information will therefore apply to Customer Information, to the extent that this is considered to contain Personal Information under EU laws.

5.1 Purpose of Processing

The purposes for which we process EU Personal Information are as set out in this Privacy Statement. In most cases, we will be processing EU Personal Information on behalf of a Customer as a Data Processor, but in certain circumstances we will process EU Personal Information as a Data Controller, including for the purposes of communicating with you, administering your account and for carrying out data analytics and enrichment.

5.2 Legal Basis for Processing

In accordance with the purposes for which we collect and use EU Personal Information, as set out above, the legal basis for TutorOcean processing EU Personal Information will typically be one of the following:

your consent;
the performance of a contract that we have in place with you or other individuals;
TutorOcean or our third parties’ legitimate business interests; or
compliance with our legal obligations.

5.3 Sharing of EU Personal Information

TutorOcean may share EU Personal Information with people within the company who have a “need to know” the information for business or legal reasons, for example, in order to carry out an administrative function, such as processing an invoice or to direct a question that you have submitted to the relevant department at TutorOcean.

We may share EU Personal Information with third parties, including:

government and regulatory authorities, for example to respond to a legal request or comply with a legal obligation, in which case we will make reasonable efforts to give the relevant individual notice of the disclosure, provided we are able to identify the individual and are lawfully able to do so;
for the purposes of seeking legal or other professional advice;
suppliers of IT services and third service providers engaged by TutorOcean as further detailed earlier in this Privacy Statement and our Marketplace Terms of Service and SaaS Terms of Service; and
in the event that we sell, buy or merge any business or assets, including to the prospective seller or buyer of such business or assets and their respective professional advisers.

We may also share anonymous or de-identified information with other third parties in connection with the purposes outlined in this Privacy Statement.

6.0 Information Transfers

In order to provide the Service and our website and as further detailed in the ‘Data Location’ section above, any EU Personal Information that we obtain may be transferred to and stored in a country outside the EEA, including Canada. This may include transferring EU Personal Information to countries where the law provides less protection for Personal Information. If we transfer EU Personal Information to a country outside of the EEA, we will, as required by applicable law, ensure that your privacy rights are protected by appropriate safeguards. Please contact us if you would like more information about these safeguards.

7.0 Analyzing your Communications

We may review, scan, or analyze your communications on the TutorOcean Platform for reasons outlined in the “How We Use Information We Collect” section of this policy, including fraud prevention, risk assessment, regulatory compliance, investigation, product development, research, analytics, enforcing our Terms of Service, and customer support purposes. For example, as part of our fraud prevention efforts, we scan and analyze messages to mask contact information and references to other sites. In some cases, we may also scan, review, or analyze messages to debug, improve, and expand product offerings. We use automated methods where reasonably possible. Occasionally we may need to manually review communications, such as for fraud investigations and customer support, or to assess and improve the functionality of these automated tools. We will not review, scan, or analyze your messaging communications to send third-party marketing messages to you and we will not sell reviews or analyses of these communications.

8.0 Business Transfers

If TutorOcean undertakes or is involved in any merger, acquisition, reorganization, sale of assets, bankruptcy, or insolvency event, then we may sell, transfer, or share some or all of our assets, including your information in connection with such transaction or in contemplation of such transaction (e.g., due diligence). In this event, we will notify you before your personal information is transferred and becomes subject to a different privacy policy.

9.0 Revisions to this Privacy Statement

TutorOcean may update this Privacy Statement from time to time. If it is updated, the effective date of the revision will be shown at the top of the Privacy Statement as the Last Revised date. In the event of a significant revision, Customers may receive notification by email or through the Service itself. All Personal Information collected after that revision date will be subject to the revised Privacy Statement.

10.0 Glossary

For the purposes of this section relating to EU Personal Information, the following terms will have the following meanings:

“Data Controller” an entity which determines the purposes and means of the processing of Personal Information.

“Data Processor” an entity which processes Personal Information on behalf of a Data Controller.

“EEA” European Economic Area.

“Process” any operation that can be performed on Personal Information, including collecting it, storing it, accessing it, combining it with other data, sharing it with a third party, and deleting it.

If you have any questions or concerns about our privacy practices, or if you wish to access your Personal Information, please contact our privacy officer at privacy@tutorocean.com.

Exhibit A: FERPA Addendum

Performance of the Services may involve disclosure of confidential student information to TutorOcean, Inc. (the “Company”). The privacy of student information is protected by the Family Education Rights Privacy Act (FERPA), regardless of whether the information is provided to the Company by Customer or Customer Users including but not limited to tutors, advisors and students. Customer agrees to abide by the limitations on use and re-disclosure of student information set forth in FERPA.

Definition: “Confidential Student Information” means information that is personally identifiable to a student, who is or was enrolled at University, by any of the following means: the student’s name, the name of the student’s parent or other family members; the address or email address of the student or student’s family; a personal identifier such as an number or biometric record; other indirect identifiers including but not limited to the student’s date of birth, place of birth, and mother’s maiden name; or any other information that, alone or in combination, is linked or linkable to a specific student that would allow a reasonable person in the school community to identify the student with reasonable certainty. Confidential Student Information includes paper and electronic student information, whether supplied to the Company by University or University’s students.
Acknowledgment of Access and Control: Company acknowledges it will have access to Confidential Student Information for the performance of this Agreement, and that access to and disclosure of Confidential Student Information is restricted by University policy and federal law (FERPA – the Family Educational Rights and Privacy Act). Company acknowledges that it is under the direct control of University with respect to the use and maintenance of Confidential Student Information.
Protection of Student Education Records: Company agrees to hold Confidential Student Information in strict confidence. Company shall not use or disclose Confidential Student Information received from or on behalf of University (including Confidential Student Information received directly from University’s students) except as permitted or required by this Agreement, as required by law, or as otherwise authorized in writing by University. Company agrees not to use Confidential Student Information for any purpose other than the purpose for which the disclosure was made. Company agrees that only Company’s employees who have a legitimate business need in connection with their performance of this Agreement will have access to the Confidential Student Information. Company shall not seek to enlarge the scope of use of Confidential Student Information beyond that necessary to perform this Agreement, and the terms of any end user license agreement seeking such expanded use shall be void.
Security and Maintenance of Confidential Student Information: Company shall develop, implement, maintain and use appropriate administrative, technical and physical security measures to preserve the confidentiality, integrity and availability of all Confidential Student Information received from or on behalf of University or from University students. These measures will be extended by contract to all subcontractors used by Company.
Prohibition on Unauthorized Use or Disclosure of Confidential Student Information: Company agrees to hold Confidential Student Information in strict confidence. Company shall not use or disclose Confidential Student Information received from Customer or from Customer students, tutors, advisors and other Users, except as required in performance of the Services or as required by law.
Controlling Terms: To the extent of any inconsistency between these terms and those in any Company EULA, PO, or policy then these terms shall control. Further, Company agrees it shall not seek to require (State Name) State students (via a EULA or otherwise) to consent to a scope of Confidential Student Information use that exceeds that necessary for the performance of this Agreement. To the extent that any Company EULA or other terms contradict or seek to enlarge Company’s permitted scope of Confidential Student Information use hereunder, such terms are void.
Reporting of Unauthorized Disclosures or Misuse of Covered Data and Information: Company shall, within one day of discovery, report to Customer any use or disclosure of Confidential Student Information not authorized by this agreement or in writing by Customer. Company’s report shall identify: (i) the nature of the unauthorized use or disclosure, (ii) the Confidential Student Information used or disclosed, (iii) who made the unauthorized use or received the unauthorized disclosure, (iv) what Company has done or shall do to mitigate any deleterious effect of the unauthorized use or disclosure, and (v) what corrective action Company has taken or shall take to prevent future similar unauthorized use or disclosure. Company shall provide such other information, including a written report, as reasonably requested by Customer.
Remedies: If Customer reasonably determines in good faith that Company has materially breached any of its obligations under this contract, Customer, in its sole discretion, shall have the right to require Company to submit to a plan of monitoring and reporting; provide Company with a fifteen (15) day period to cure the breach; or terminate the Agreement immediately if cure is not possible. Before exercising any of these options, Customer shall provide written notice to Company describing the violation and the action it intends to take. If the Family Policy Compliance Office of the U.S. Department of Education determines that the Company improperly disclosed personally identifiable information obtained from Customer’s education records, Customer may not allow the Company access to education records for at least five years.
Return or Destruction of Confidential Student Information: Upon termination, cancellation, expiration or other conclusion of the Agreement, Company shall return all Confidential Student Information to Customer or, if return is not feasible, destroy any and all Confidential Student Information. If the Company destroys the information, the Company shall provide Customer with a certificate confirming the date of destruction of the data.
Indemnity: Company shall defend and hold Customer harmless from all claims, liabilities, damages, or judgments involving a third party, including Customer ’s costs and attorney fees, which arise as a result of Company’s failure to meet any of its obligations under this addendum.