Digital Security and Privacy Matter

How do we manage the Security and Privacy of Your Information?

Carefully Selected Services we Use to Work with You

Aside from our personal computers and servers, we regularly make use of 4 carefully chosen external companies that interact with some of your information and each has its own privacy policies:

TutorBird hosts our general tutoring database and Portal Site.

Test Innovators is a test-prep materials platform we use to provide practice exams and question sets for student practice.

Stripe provides Payment processing and stores your Payment methods in an encrypted form; no one else has access to them. Not even us.

ProtonMail hosts our Email communications, and is one of the most intentionally private and secure services available in the world today.

The word "No" in Lights

We do not Give Your Information to Anyone. Period.

We strongly believe that Privacy Matters. We have no interest in selling information; it goes against what we believe is needed to make our world better. Your information is only used by us and only for actually working with you.

Your Data is Encrypted.

Encryption is one of the most important techniques to maintain security and privacy in the world today.

And it is effective.

Emails on our side are encrypted as soon as we receive them on ProtonMail servers. Please note that emails on your side probably are not stored encrypted in your own inbox.

Stripe has a great deal of security in place for storage of your payment information, including encrypting all data at rest.

Backups of our Database are encrypted using AES-256 encryption for our own storage. This ensures that even if someone manages to gain access to the data, it cannot be read.

Colorful Leaves

Policies that make sense, to keep your data secure.

Our policies have had security at the forefront since the beginning, courtesy of one of our founders being an experienced IT professional. We choose to partner only with services that we can vet and who take security seriously. Our Security Infrastructure is robust and our employees are each trained to resist the most common and dangerous form of “hacking” today —Phishing Attacks.

We also delete from Stripe systems any payment data 3 months after it is last used to further limit any chance of data breaches exposing it.

We believe in a world where privacy should be the default. It’s one of our Core Values.

If you want to dig beneath the surface, keep reading!

How we choose Our Data Services

Proton Mail - When you email with us, you are contacting our servers hosted at Proton. The best explanation of Proton’s value over traditional Email services such as Gmail is laid out on their Blog, but we will lay out a few points here.

  • Proton Mail stores all data and messages encrypted at rest; only we have the key. Traditional Services such as Yahoo and Gmail have permanent access to everything in your mailbox, and they make use of it to sell things to you or to sell your data. Unlike traditional services, even if Proton Mail’s servers are breached, the data is encrypted so it cannot even be read.

  • All our data is secured with 2FA, which means that even if someone manages to get our password, they still cannot access your emails on our side.

  • Proton is based in Switzerland, and is subject to stronger and better European Union Privacy Laws, instead of US privacy laws which are, as of today, still very concerning and dangerous. We are fighting to improve laws in the US, but your data is stored safely in the meantime.

Stripe - When you add a Payment Method for our services, you are storing that data and processing it through Stripe. They are a very large and well secured International Payment Processor, and here are some of the reasons we use them.

  • Unlike Paypal or Venmo (owned by Paypal), Stripe has a high level of transparency about exactly how they manage security. This is very important in the modern world, as open standards and transparency consistently prove to be more effective than obfuscation (often called “Security through Obscurity”).

  • Unlike Personal Checks or swiping your credit card at the store, your data is stored encrypted on their servers and only a hashed version is sent to process payments after initial verification. This means the data cannot be easily stolen or used.

  • Competing services such as Paypal and Venmo have had to settle several lawsuits recently over poor security practices and dishonest treatment of customers. Working with companies that show that sort of disrespectful behavior is unacceptable to us.

TutorBird - Our Parent and Students Portals, as well as our scheduling and invoicing systems are built through TutorBird. This is a smaller company, but one that has a very clear and well considered privacy and security policy. We dug for more information, and some of the measures that they take to safeguard your data are here.

  • Network security - Their web servers sit behind a pair of "Intrusion Prevention" (IPS) firewalls that perform "Deep Packet Inspection" (DPI) of all incoming network traffic for unusual or malicious patterns. If suspicious activity is detected, it's automatically blocked before it even reaches the servers.

  • Application security - The Portal site and scheduling site are developed using industry best practices to protect against common types of hacking attempts: including cross-site scripting, SQL injection attacks, replay attacks, and more. If malicious activity is not detected by our firewalls, our Tutorbird application is hardened against it to prevent hackers from extracting or tampering with data in the database.

  • Data security - All sensitive data (such as passwords, credit card numbers, etc.) is encrypted. That means that even in the unlikely event that the first two security layers fail, your data is encrypted and cannot be read by a 3rd party (i.e. hackers).

Test Innovators - One of our key resources for excellent test preparation materials, Test Innovators is also relatively small company, and they collect relatively little personal data. Their privacy policy explains their uses, but we asked for more technical information, and they let us know the following:

  • They utilize Google Analytics and HotJar, which both track IP Addresses and login information. They also collect student names, school, and results of practice on their platform, but they do not collect any other personal information.

  • Where it is stored - Their servers are not directly owned by them, but are actually hosted at Amazon Web Services (AWS), which is one of the largest server farms in the world and, concordantly, employs very high security standards for data.

  • Data Access - All student data (such as names, schools, and activity) is only accessible by active Test Innovators employees, unless data is specifically requested by the family to be shared with a tutoring company.