Privacy Policy

This policy explains what data The Everything Tutor (“the Service”, operated by Jonathan May, sole trader, UK) collects about you, how we use it, and what rights you have. We comply with UK GDPR.

1. What we collect

• Account info: the username and password you set when signing up. Email is optional and only used for receipts and important account notices.
• Lesson content: the topics, sources, and prompts you submit; the lessons we generate for you; your interactions with lessons (questions, exercise responses, scores).
• Profile preferences: the “interests” you optionally write to tailor topic suggestions.
• Billing data: handled by Stripe — we never see or store full card numbers. We store a Stripe customer ID and subscription state.
• Operational logs: standard server logs (IP address, request paths, timestamps) for debugging and abuse prevention. Kept for up to 30 days.
• Cookies: a session cookie to keep you logged in, and a CSRF token cookie. We don't set advertising or analytics cookies.

2. How we use it

• To provide the Service: generate lessons, save them to your account, render the app.
• To process payments and manage subscriptions (via Stripe).
• To enforce rate limits and detect abuse.
• To send essential service emails (e.g. billing receipts, security notices). We don't send marketing email.
• To improve the Service. We do not sell your data or share it with advertisers.

3. Third parties we share data with

• Anthropic — your topic, sources, and prompts are sent to Claude (Anthropic's API) to generate lessons. See Anthropic's privacy notice. Anthropic does not train models on API content by default.
• OpenAI — narration text is sent to OpenAI's text-to-speech API to produce audio. See OpenAI's privacy notice. OpenAI does not train models on API content.
• Stripe — billing details. See Stripe's policy.
• Fly.io — our hosting provider; data is stored on Fly's infrastructure in Europe. See Fly's policy.

We use these providers as data processors under written contracts; they may transfer data outside the UK/EEA under appropriate safeguards (e.g. Standard Contractual Clauses).

4. Public lessons

By default, lessons you generate are marked public and the topic may appear, anonymously, in the “Others are learning” feed. We do not show your username, email, or any other identifier alongside public topics. You can flip any lesson to private from its detail page; this removes it from the public feed.

5. Retention

• Account, lesson, and billing data: kept while your account is active. If you delete your account we will delete this data within 30 days, except where we must keep records for legal reasons (e.g. tax records — up to 7 years for invoices).
• Server logs: up to 30 days.

6. Your rights

Under UK GDPR you have the right to:

• access the personal data we hold about you;
• have inaccurate data corrected;
• have your data deleted (subject to legal retention obligations);
• restrict or object to processing;
• port your data to another service;
• complain to the UK ICO (ico.org.uk).

To exercise any of these rights, email may.jon@gmail.com.

7. Security

We use industry-standard practices: HTTPS everywhere, hashed passwords, encrypted database storage, and limited admin access. No system is perfectly secure; please use a strong unique password.

8. Children

The Service isn't directed at children under 13. We don't knowingly collect data from children. Users between 13 and 16 should have parental consent.

9. Changes

We may update this policy as the Service evolves. Material changes will be flagged in the app or by email.

10. Contact

Privacy questions? Email may.jon@gmail.com.