This Privacy Policy explains how Websink Tutoring collects, uses, and protects personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who We Are
Websink Tutoring is the data controller for the personal data collected through our website and platform. You can contact us at hello@websink.online.
2. What Data We Collect
| Data Category |
Examples |
How Collected |
| Account data |
Name, email address, password (hashed) |
Registration form |
| Student data |
Child's first name, year group, subject |
Enrolment form |
| Contact data |
Phone number (optional), preferred time slot |
Enquiry form |
| Payment data |
Billing name, last 4 digits of card, transaction ID |
Paddle (our payment processor) |
| Session data |
Video recordings, attendance logs, homework, progress reports |
Automatically during sessions |
| Usage data |
Pages visited, browser type, IP address |
Automatically via cookies |
We do not collect full payment card details. All card processing is handled by Paddle and is subject to their privacy policy.
3. How We Use Your Data
We use personal data to:
- Create and manage your account and subscription.
- Match students with suitable tutors.
- Deliver, schedule, and record tutoring sessions.
- Send weekly progress reports and homework to parents and students.
- Process monthly subscription payments.
- Respond to enquiries and provide customer support.
- Monitor and improve the quality of our tutoring services.
- Comply with our legal and safeguarding obligations.
We will not use your data for automated decision-making or profiling that has a legal or significant impact on you.
4. Children's Data
Many of our students are under 18. We take the protection of children's data very seriously:
- A parent or legal guardian must register on behalf of any student under 18.
- We collect only the minimum data needed to provide the tutoring service (first name, year group, subject).
- Children's data is never shared with third parties for marketing purposes.
- Session recordings involving minors are stored securely and accessible only to the student, their registered parent/guardian, and authorised Websink Tutoring staff.
- We do not create profiles of children beyond what is necessary to deliver and improve their tutoring.
If you believe a child's data has been submitted without parental consent, please contact us immediately at hello@websink.online and we will delete it promptly.
5. Session Recordings
All tutoring sessions are recorded automatically for safeguarding, quality assurance, and educational review purposes. Recordings are:
- Stored securely using Supabase (data stored within the EU/UK).
- Accessible only to the student, their registered parent/guardian, and authorised staff.
- Retained for up to 12 months after the subscription ends.
- Available for deletion on request (subject to any legal obligations).
By using our service, you consent to sessions being recorded. If you do not wish sessions to be recorded, please contact us before enrolment โ note that recording is a core part of our safety and quality framework.
6. Legal Basis for Processing
We process your personal data on the following legal bases:
- Contract performance โ to deliver the tutoring services you have subscribed to.
- Legitimate interests โ to improve our services, prevent fraud, and ensure security.
- Legal obligation โ to comply with safeguarding and financial regulations.
- Consent โ for optional communications such as newsletters (where applicable).
7. Data Sharing
We do not sell your personal data. We share data only with:
- Tutors โ who receive student first name, year group, subject, and session access necessary to deliver tutoring.
- Paddle โ our payment processor (paddle.com), who handles billing and subscription management.
- Supabase โ our database and file storage provider, used to store session data, recordings, and account information securely.
- Law enforcement or regulators โ if required by law or to protect the safety of any person.
All third-party providers are selected for their security standards and GDPR compliance.
8. Data Retention
- Account data: Retained while your account is active and for 2 years after closure, unless you request earlier deletion.
- Session recordings: Retained for up to 12 months after the subscription ends.
- Payment records: Retained for 7 years in compliance with UK financial regulations.
- Enquiry data: Retained for 12 months if no subscription is taken out.
9. Your Rights
Under UK GDPR, you have the following rights regarding your personal data:
Right of Access
Request a copy of all personal data we hold about you.
Right to Rectification
Ask us to correct inaccurate or incomplete data.
Right to Erasure
Request deletion of your data (subject to legal obligations).
Right to Restriction
Ask us to pause processing your data in certain circumstances.
Right to Portability
Receive your data in a portable, machine-readable format.
Right to Object
Object to processing based on legitimate interests.
To exercise any of these rights, contact us at hello@websink.online. We will respond within 30 days.
10. Cookies
Our website uses essential cookies required for the site to function (such as session authentication). We do not use advertising or tracking cookies.
You can control cookies through your browser settings. Disabling essential cookies may affect your ability to log in or use the platform.
11. Security
We take reasonable technical and organisational measures to protect your personal data, including:
- HTTPS encryption on all pages and data transfers.
- Password hashing โ we never store passwords in plain text.
- Access controls ensuring staff see only the data they need.
- Secure cloud storage with Supabase.
No method of data transmission over the internet is 100% secure. In the unlikely event of a data breach that affects your rights or freedoms, we will notify you and the ICO as required by UK GDPR.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be notified to registered users by email at least 14 days before they take effect. The current version will always be available at websink.online/privacy.
13. Contact & Complaints
For any privacy-related questions or to exercise your rights, contact us:
If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.