PhysicsTeacher
Login

Privacy Policy

Last updated: 26 June 2026

1. Introduction

Physics Teacher ("we", "our", "us") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website and use our services.

We comply with the Personal Data Protection Act No. 9 of 2022 of Sri Lanka and, where applicable, the General Data Protection Regulation (GDPR) of the European Union.

If you have any questions, contact us at: phys@teach.com

2. Data We Collect

We collect the following categories of personal data:

  • Identity Data: full name, email address, phone number
  • Academic Data: grade/board, curriculum, subject
  • Account Data: hashed password, role, access status, fee payment status
  • Usage Data: pages visited, time spent, interactions with the site
  • Technical Data: IP address, browser type, device type, operating system

3. How We Collect Data

  • Directly from you: when you fill in the sign-up form or contact us
  • Automatically: through cookies and analytics (Cloudflare Web Analytics)
  • From third parties: authentication data from Supabase Auth

4. Legal Basis for Processing (GDPR)

If you are in the European Economic Area, we process your data under these legal bases:

  • Consent: you have given clear consent (e.g., cookie consent)
  • Contractual necessity: processing is necessary to provide our tutoring services to you
  • Legitimate interest: improving our teaching platform and ensuring security

5. How We Use Your Data

  • To create and manage your student account
  • To grant or deny access to live classes and course materials
  • To communicate class schedules, changes, and administrative notices
  • To process fee payments and manage records
  • To improve our teaching platform and user experience
  • To comply with legal obligations

6. Data Sharing and Third Parties

We share your data only with essential service providers:

  • Supabase (database, authentication, storage) — United States servers
  • Cloudflare (CDN, DNS, Workers hosting) — global edge network
  • GitHub (source code repository) — does not receive user data

We do not sell your personal data to third parties.

International transfers: Your data is stored on Supabase servers in the United States. By using our service, you consent to this transfer.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with services. After account deletion or upon request, we delete your data within 30 days, except where we are legally required to retain it longer (e.g., for tax records of payments).

8. Data Subject Rights

Under the Sri Lanka PDPA and GDPR, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data (right to erasure)
  • Restrict processing of your data
  • Port your data to another service
  • Object to processing based on legitimate interests
  • Withdraw consent at any time

To exercise any of these rights, email us at phys@teach.com. We will respond within 30 days.

9. Children's Privacy

Our services are directed at students, including minors under 18. If you are a parent or guardian and your child has provided us with personal data without your consent, please contact us. We will delete their data promptly. We require parental consent for students under 18 where required by applicable law.

10. Cookies

We use only strictly necessary cookies for authentication (Supabase Auth session tokens) and Cloudflare Web Analytics for anonymous usage statistics. No advertising or tracking cookies are used.

See our Cookie Policy for full details.

11. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • End-to-end encrypted connections (HTTPS/TLS)
  • Row-Level Security (RLS) policies on all database tables
  • Password hashing via Supabase Auth (bcrypt)
  • Access control restricting admin functions to authorized users only

12. Data Breach Notification

In the event of a data breach that affects your personal data, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by applicable law.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. We encourage you to review this policy periodically.

14. Contact

For privacy-related inquiries or to exercise your rights:

Email: phys@teach.com