Data Privacy Policy

1.1 Data Controller

TexTutor (hereinafter referred to as "TexTutor", "we", "us", or "our") is the data controller responsible for the processing of personal data collected through our website https://www.textutor.ai and our application https://app.textutor.ai.

If you have questions or suggestions regarding this privacy policy or wish to exercise your rights, please contact us at:

TexTutor
Email: hello@textutor.ai
Address: Bireggstrasse 36, 6003 Lucerne
Country: Switzerland

1.2 Commitment to Privacy and Applicable Law

We are committed to protecting your privacy and handling your data in an open and transparent manner. This privacy policy explains how we collect, use, share, and protect your personal data in accordance with the Swiss Federal Act on Data Protection (FADP/DSG), the Swiss Ordinance to the Federal Act on Data Protection (OFADP/VDSG), and where applicable, the EU General Data Protection Regulation (GDPR).

As a company based in Switzerland, we primarily operate under Swiss data protection law. However, we also respect and comply with the GDPR where it applies to our processing activities involving EU residents.

1.3 Educational Institution Usage

When our application is used in educational institutions, we process data about teachers and students during registration and use of the application as a data processor. In this case, the educational institution or school authority is the data controller. Please also refer to the privacy policy provided by your school or school authority.

2.1 Information You Provide to Us

We collect personal data that you voluntarily provide to us when you:

• Register for an account
• Use our services
• Subscribe to our newsletter
• Contact our customer support
• Participate in surveys or promotions

This information may include:

• Contact information (name, email address, phone number)
• Professional information (school, position, subject taught)
• Account credentials
• Payment information
• Content you upload to our platform

2.2 Information We Collect Automatically

When you visit our website or use our application, we may automatically collect certain information about your device and usage, including:

• IP address
• Device type and operating system
• Browser type and version
• Usage data (pages visited, features used, time spent)
• Cookies and similar technologies

3.1 Providing and Improving Our Services

We use your personal data to:

• Create and manage your account
• Provide the services you request
• Process payments
• Improve and develop our services
• Personalize your experience
• Provide customer support

3.2 Communication

We may use your contact information to:

• Send administrative messages about your account or our services
• Respond to your inquiries
• Send marketing communications (with your consent)
• Invite you to participate in surveys or provide feedback

We process your personal data on the following legal bases:

• Contract (Art. 6(1)(b) GDPR): Processing necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
• Consent (Art. 6(1)(a) GDPR): Processing based on your specific, informed, and unambiguous consent. You may withdraw your consent at any time, which will not affect the lawfulness of processing based on consent before its withdrawal.
• Legitimate Interests (Art. 6(1)(f) GDPR): Processing necessary for our legitimate interests or those of a third party, provided these interests do not override your fundamental rights and freedoms that require protection of personal data.
• Legal Obligation (Art. 6(1)(c) GDPR): Processing necessary to comply with a legal obligation to which we are subject.

5.1 Service Providers

We may share your personal data with third-party service providers who perform services on our behalf, such as:

• Cloud hosting providers
• Payment processors
• Customer support services
• Analytics providers

5.2 Educational Institutions

If you access our services through an educational institution, we may share certain information with that institution, such as usage data and performance metrics.

6.1 Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include:

• Encryption of sensitive data
• Regular security assessments
• Access controls and authentication mechanisms
• Staff training on data protection
• Incident response procedures

6.2 Retention Period

Unless otherwise specified in this privacy policy, we store your data only as long as necessary to achieve the processing purpose or to fulfill our contractual or legal obligations. Such legal retention obligations may arise in particular from commercial or tax law regulations.

From the end of the calendar year in which the data was collected, we will retain:

• Personal data contained in our accounting records for ten years
• Personal data contained in business correspondence and contracts for six years
• Data related to verifiable consents and to complaint and claim cases for the duration of the statutory limitation periods

7.1 Rights under Swiss Data Protection Law

Under the Swiss Federal Act on Data Protection (FADP/DSG), you have the following rights:

• Right to Information: You have the right to request information about whether we process personal data about you and what data is being processed.
• Right to Correction: You have the right to request the correction of inaccurate personal data.
• Right to Deletion: You have the right to request the deletion of your personal data under certain conditions.
• Right to Object: You have the right to object to the processing of your data in certain circumstances.
• Right to Data Portability: Under the revised FADP, you have the right to receive your personal data in a commonly used format.

If you believe that our processing of your personal data violates Swiss data protection law, you can file a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC).

7.2 Rights under GDPR (if applicable)

If the GDPR applies to our processing of your personal data, you have the following rights:

• Right to Access (Art. 15 GDPR): You have the right to request information about whether and to what extent we process personal data about you.
• Right to Rectification (Art. 16 GDPR): You have the right to request the correction of your data.
• Right to Erasure (Art. 17 GDPR): You have the right to request the deletion of your personal data.
• Right to Restriction of Processing (Art. 18 GDPR): You have the right to restrict the processing of your personal data.
• Right to Data Portability (Art. 20 GDPR): You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format, and to transmit this data to another controller.
• Right to Withdraw Consent (Art. 7(3) GDPR): If you have given us separate consent for data processing, you can revoke this consent at any time. Such revocation does not affect the lawfulness of processing based on consent before its withdrawal.
• Right to Lodge a Complaint (Art. 77 GDPR): If you believe that the processing of your personal data violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in the EU.

7.3 Exercising Your Rights

To exercise any of these rights, please contact us at hello@textutor.ai. We will respond to your request within 30 days. In certain cases, we may ask you to verify your identity before processing your request.

Right to Object

According to Art. 21(1) GDPR, you have the right to object to processing based on Art. 6(1)(e) or (f) GDPR for reasons arising from your particular situation. If we process personal data about you for direct marketing purposes, you can object to this processing in accordance with Art. 21(2) and (3) GDPR.

8.1 Server Log Files

When using our web application, general information that your browser transmits to our server is automatically stored. This typically includes: browser type/version, operating system used, page accessed, previously visited page (referrer URL), IP address, date and time of server request, and HTTP status code.

This processing is carried out to protect our legitimate interests and is based on Art. 6(1)(f) GDPR. This processing serves the technical administration and security of the application. The data is stored only for a few seconds and not longer than the web application is open in the browser.

8.2 Registration for the Web Application

Teachers can use the web application after registration. An email address must be provided for this purpose. A login link is then sent to this email address. Alternatively, registration can be done via one of the offered login services.

The processing is based on Art. 6(1)(b) GDPR. This does not apply if the web application is used in schools. In this case, please also refer to the privacy policy provided by the school or school authority.

8.3 Payment Processing

For payment processing when purchasing TexTutor services, we work with payment service providers. The payment data you provide during the ordering process is transmitted by us to the payment service provider to the extent necessary to process the payment.

The legal basis for this transmission is Art. 6(1)(b) GDPR.

Please note that your payment information is otherwise processed independently by the respective payment service provider.

9.1 Cookies

We use cookies and similar technologies to enhance your experience on our website and application. Cookies are small text files that are stored on your device when you visit a website. We use the following types of cookies:

• Essential Cookies: Necessary for the website to function properly
• Functional Cookies: Enable personalized features and remember your preferences
• Analytical Cookies: Help us understand how visitors interact with our website

You can manage your cookie preferences through your browser settings. However, disabling certain cookies may affect the functionality of our website.

9.2 Analytics

We use analytics tools to understand how our services are used. These tools collect information sent by your device or our service, including the web pages you visit, add-ons, and other information that assists us in improving our services.

We take measures to ensure that the data collected is anonymized or pseudonymized to the extent possible.

10.1 Swiss and EU Regulations on International Transfers

Our data processing may involve the transfer of certain personal data to third countries, i.e., countries outside Switzerland and the European Economic Area (EEA) where the FADP or GDPR are not applicable law.

Under Swiss law, we may transfer personal data abroad if the legislation of the destination country ensures an adequate level of protection as recognized by the Swiss Federal Council. The list of countries with adequate protection can be found on the website of the Swiss Federal Data Protection and Information Commissioner (FDPIC).

For transfers to countries without adequate protection under Swiss law, we implement appropriate safeguards such as standard contractual clauses approved by the FDPIC or binding corporate rules.

10.2 GDPR Compliance for International Transfers

Where the GDPR applies, such transfer is permissible if the European Commission has determined that an adequate level of data protection is offered in such a third country.

If such an adequacy decision by the European Commission does not exist, personal data will only be transferred to a third country if appropriate safeguards are in place in accordance with Art. 46 GDPR or if one of the conditions of Art. 49 GDPR is met.

If no adequacy decision exists and nothing else is indicated below, we use EU standard data protection clauses as appropriate safeguards for the transfer of personal data to third countries. You have the option to receive a copy of these EU standard data protection clauses or to view them. Please contact us using the contact details provided above.

If you consent to the transfer of personal data to third countries, the transfer takes place on the legal basis of Art. 49(1)(a) GDPR.

We may update this privacy policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new privacy policy on this page and updating the "Last updated" date at the top of this policy.

We encourage you to review this privacy policy periodically to stay informed about how we are protecting your personal data.

12.1 Swiss Data Protection Authority

The competent supervisory authority for data protection matters in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC):

Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1
CH-3003 Bern
Website: www.edoeb.admin.ch

12.2 Contact Us

If you have any questions, concerns, or requests regarding this privacy policy or our data practices, please contact us at:

TexTutor
Email: hello@textutor.ai
Address: Bireggstrasse 36, 6003 Lucerne
Country: Switzerland