Privacy Policy

1. Information We Collect

Account information: name, email, date of birth, and password (securely hashed). Optional: avatar, bio, timezone, language preference.

Authentication/security: login events (IP, user agent, success/failure), approximate location derived from IP, and active sessions for security.

Educational data: for teachers: classes, schedules, attendance, scores, exercises, submissions, grading, curriculum programs, session notes. For students: enrollment, attendance, scores, submissions, study activity.

Session data: real-time audio/video is transmitted via our video infrastructure and not stored unless recording is enabled by the teacher. We store session metadata (start/end times, join/leave times, duration).

Files/content: uploaded files and metadata (name, type, size, upload date).

Communication data: notification preferences, push subscription details, and the content of notifications we send.

Billing data: payments are handled by Paddle (Merchant of Record). We do not store card/bank details. We store Paddle customer IDs/subscription IDs/transaction IDs needed to manage subscription status.

Device/usage data: IP, user agent, timestamps to secure the service and prevent fraud. We do not use third-party analytics or advertising trackers.

2. How We Use Your Information

We use data to operate the Platform, manage accounts/subscriptions, facilitate live sessions and learning workflows, send transactional emails and notifications, enforce plan limits, secure accounts, respond to support, and improve reliability.

3. Platform Roles (Tutors Are Independent)

TeamLilit provides software tools. Independent tutors/teachers may use TeamLilit to manage their own classes and students. Tutors/teachers are responsible for how they use the Platform and for obtaining any required permissions/consents (especially when teaching minors).

4. Data Sharing and Third Parties

We share data only with:

Paddle (billing, taxes, invoicing) — MoR; Paddle's privacy policy applies to payment data.

LiveKit (real-time audio/video infrastructure) — media is transmitted live and not stored by LiveKit unless recording is enabled.

Resend (transactional email delivery).

Hosting/storage infrastructure (application data + file storage).

We do not sell, rent, or trade your personal data. No third-party analytics/ads/tracking.

5. Google Account Connection (OAuth) — Google Sign-In & Google Calendar

TeamLilit offers optional Google integrations. If you choose to connect your Google account, we use Google OAuth to access limited Google user data only to provide the features you explicitly enable.

Google Sign-In (email and basic profile): When you sign in with Google, we may access your email address (userinfo.email) and basic profile information (such as display name and profile picture), if granted. We use this to create and authenticate your TeamLilit account, identify your account and prevent duplicates, and send essential service communications (security notices, account-related emails). We store your email address as an account identifier, your display name and profile image (if provided) for your profile, and authentication metadata needed to maintain the session (e.g., login timestamps). We do not use Google account data for advertising, and we do not sell it.

Google Calendar access (scheduling & sync): If you enable calendar features, TeamLilit may request access to your Google Calendar to support scheduling workflows (for example: syncing lessons, avoiding conflicts, and keeping sessions consistent across your app and calendar). Depending on the feature you enable, TeamLilit may: read calendar events to detect scheduling conflicts and show availability; create calendar events that represent lessons scheduled in TeamLilit; update those events when a lesson is rescheduled or details change; delete or cancel those events when a lesson is canceled (where applicable). We only access calendar data necessary for these scheduling features.

What we store for calendar sync: To keep calendar sync working, we store the minimum necessary information, such as OAuth access/refresh tokens (stored securely and encrypted where applicable), the selected calendar identifier (if needed), and synced event identifiers and basic metadata related to lessons (event ID, start/end time, sync status). We do not store your full calendar history.

Sharing of Google user data: We do not sell Google user data and we do not share it with third parties for advertising. We may share limited data with service providers strictly required to operate the service (e.g., hosting, security, logging) under confidentiality obligations.

Your control, revocation, and deletion: You can disconnect Google integrations at any time from your TeamLilit account settings. You can also revoke TeamLilit's access from your Google Account settings (Security → Third-party access). When you disconnect Google: we stop accessing your Google data going forward; we invalidate and/or delete stored OAuth tokens and calendar identifiers within 30 days; events previously created in your Google Calendar may remain in your calendar unless you delete them. If you delete your TeamLilit account, we delete associated Google connection data as part of account deletion, subject to legal and compliance obligations.

TeamLilit's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

6. Session Recording

Teachers may enable session recording. When active, participants are notified. Recordings are stored on the Platform and accessible only to the teacher who created them. The teacher is responsible for consent/legal compliance, especially for minors. TeamLilit does not review recordings except where required by law or for technical support at the teacher's request.

7. Children's Privacy

TeamLilit is intended for users aged 13+. Users under 18 require parent/guardian consent. If a teacher enrolls minors, the teacher represents they have obtained required parental/institutional consent. If we learn we collected data from a child under 13 without appropriate consent, we will delete it promptly.

8. Data Retention

We retain data while your account is active. If you cancel, we retain data for 90 days for reactivation; after that, it may be deleted. If you request deletion, we delete within 30 days except where legal retention applies (e.g., billing records). Security and delivery logs may be kept for up to 12 months.

9. Your Rights

Depending on jurisdiction: access, correction, deletion, portability, and withdrawing consent where applicable. Contact contact@teamlilit.com and we respond within 30 days.

10. Security

We use industry-standard measures (password hashing, HTTPS/TLS, session management, role-based access, secure reset/verification tokens). No system is 100% secure.

11. Cookies and Local Storage

We use essential cookies/local storage for authentication and session management. No third-party tracking/analytics cookies.

12. International Transfers

Data may be processed/stored in countries outside your residence country with appropriate safeguards. Paddle may process data in multiple jurisdictions for global payments.

13. Changes

We may update this policy and will notify you of material changes at least 30 days before they take effect.

14. Contact

Privacy questions: contact@teamlilit.com