Privacy Policy

1. Introduction

FindGrinds Limited ("we", "our", or "us") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use our platform at findgrinds.ie (the "Service").

We are the data controller responsible for your personal data and are registered in Ireland. For any privacy-related queries, contact us at: privacy@findgrinds.ie

2. Data We Collect

2.1 Information You Provide

• Account Information: Name, email address, password (encrypted), user type (student/parent/tutor)
• Profile Information: Profile photo, bio, qualifications (tutors), subjects, location
• Payment Information: Processed securely by Stripe. We do not store full card numbers.
• Communications: Messages between students and tutors, support inquiries
• Session Data: Booking details, reviews, ratings

2.2 Automatically Collected Data

• Device Information: IP address, browser type, operating system
• Usage Data: Pages visited, time spent, clicks, search queries
• Cookies: See our Cookie section below

3. How We Use Your Data

We use your personal data for the following purposes:

• Service Delivery: To operate the platform, process bookings, and facilitate payments
• Communication: To send booking confirmations, reminders, and respond to inquiries
• Improvement: To analyze usage and improve our services
• Safety: To detect fraud, enforce our terms, and ensure platform safety
• Legal Compliance: To comply with legal obligations
• Marketing: With your consent, to send promotional materials (you can opt out anytime)

4. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your data based on:

• Contract: Processing necessary to provide our services to you
• Legitimate Interests: To improve our services and ensure platform security
• Consent: For marketing communications and optional cookies
• Legal Obligation: To comply with applicable laws

5. Your Rights (GDPR)

Under GDPR, you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate personal data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Portability: Receive your data in a machine-readable format
• Right to Restrict Processing: Limit how we use your data
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time for consent-based processing

To exercise these rights, visit your Account Settings or email us at privacy@findgrinds.ie. We will respond within 30 days.

6. Data Retention

We retain your personal data for as long as necessary to:

• Provide our services to you
• Comply with legal obligations (e.g., tax records for 7 years)
• Resolve disputes and enforce agreements

When you delete your account, we anonymize or delete your personal data within 30 days, except where retention is required by law.

7. Data Security

We implement appropriate security measures including:

• Encryption of data in transit (HTTPS/TLS)
• Encryption of sensitive data at rest (AES-256)
• Secure password hashing (bcrypt)
• Regular security audits and penetration testing
• Access controls and employee training

8. Cookies

We use the following types of cookies:

• Necessary: Required for the website to function (authentication, security)
• Analytics: Help us understand how visitors use our site (with your consent)
• Marketing: Used to deliver relevant ads (with your consent)

You can manage your cookie preferences at any time through our cookie banner or browser settings.

9. Third-Party Services

We share data with the following third parties:

• Stripe: Payment processing (PCI-DSS compliant)
• Zoom: Video session hosting
• SendGrid: Transactional emails
• AWS: Cloud hosting (data stored in EU)

All third parties are contractually bound to protect your data and comply with GDPR.

10. International Transfers

Your data is primarily stored within the European Economic Area (EEA). Where transfers outside the EEA are necessary, we ensure appropriate safeguards such as Standard Contractual Clauses (SCCs) are in place.

11. Children's Privacy

Our service is intended for users aged 14 and older. Users under 18 should have parental consent. We do not knowingly collect data from children under 14. If you believe we have collected such data, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or a prominent notice on our website. Continued use of the Service after changes constitutes acceptance.

13. Contact Us

For privacy-related inquiries or to exercise your rights: