Privacy Policy

StudyRoster is a tutoring management service operated by Tabb Labs LLC (operating StudyRoster) at studyroster.com. This policy explains what personal information we collect from you, how we use it, and your rights with respect to that information.

• Account data — email address, name, and timezone you provide at signup.
• Payment information — handled entirely by Stripe. We never see or store your card numbers; we store only a Stripe customer identifier.
• Student and session data — information you enter about your students, sessions, and notes.
• Parent contact information — parent names, emails, and phone numbers you enter so that we can send session reminders.

We use the information you provide to:

• Operate the service (calendar, students, invoices, notes)
• Send session reminders to the parent contacts you enter
• Generate and deliver invoices
• Communicate with you about your account and the service

We never sell your data to anyone. We use a small set of trusted service providers strictly to run StudyRoster, and we share data with them only as needed to operate the service. Your data is never sent to any advertising network, data broker, or AI service.

• Stripe: payment processing
• Resend: transactional email (session reminders, invoice delivery)
• Cloudflare: invoice PDF storage (R2), plus the secure tunnel and TLS that front the application
• Google: sign-in (we receive your email and profile only when you sign in with Google)
• Web push services (Apple, Google, Mozilla): deliver the session-reminder notifications you opt into, to your device
• Self-managed infrastructure: the application and its database run on our own self-managed servers (a self-hosted database and application server), reached securely through Cloudflare. We do not use a third-party cloud database or compute host.

Subject to applicable law, you have the right to access, correct, and request portability of your personal data, and to request erasure. To exercise any of these rights, email [email protected]. Because we retain certain records to meet legal, tax, and accounting obligations, erasure requests are reviewed and fulfilled by our team on a case by case basis rather than automatically.

If you are the account owner, you can delete the account at any time from Settings → Danger Zone, or by emailing [email protected].

What happens: your account is closed. You immediately lose access, your data is removed from view, and your subscription is canceled. For your protection and ours, we do not erase the underlying records from our systems when you close your account.

What we retain: your account data, including students, sessions, notes, and invoices, is preserved on our servers for legal, tax, accounting, and dispute resolution purposes (permitted by GDPR Art. 17(3)(b) and (e)).

Full erasure: if you want your retained data permanently deleted, email [email protected] and we will review the request against our legal retention obligations.

We use only essential authentication and CSRF cookies. We do not use advertising or tracking cookies.

For privacy questions, email [email protected].

If we make material changes to this policy, we will notify you by email at least 30 days before they take effect.

This policy is effective [EFFECTIVE DATE TBD].