Privacy Policy
Effective date: March 15, 2026
Honors Prep, LLC (“we,” “us,” or “our”) provides private tutoring services in New York City. This Privacy Policy explains what information we collect, how we use it, and what choices you have. It applies to:
- Our website (honorsprep.com) — used for marketing, information, and contact inquiries
- Our web application (app.honorsprep.com) — used by admins, tutors, and families for session tracking, billing, onboarding, and communication
In this policy, “Services” refers to the website and the app collectively. “Client” or “Family” refers to a family account. “Tutor” refers to independent contractors who provide tutoring through the platform. “Student” refers to the individual receiving tutoring, who may be a minor.
1. Information We Collect
A. Information You Provide Directly
- Tutors: Name and email (via Google OAuth or invite)
- Parents/Guardians: Name, email, phone number, mailing address, parent relationship type (e.g., “Parent,” “Guardian”)
- Students: Name, grade level, school, subjects (provided by parents/guardians or admin)
- Session data: Session notes and academic notes (entered by tutors and admins)
- Family notes: Administrative notes on family and parent records
- Billing information: Billing address and payment method preference. Card data is handled entirely by Stripe and is never stored by Honors Prep.
- Invoice CC emails: Additional recipients for invoice communications
- Expense reports: Amount, description, and date (submitted by tutors)
- Contract signatures: Typed signature on service agreements
- Contact form submissions: Name, email, phone number, and message (from honorsprep.com)
B. Information Collected Automatically
- App: IP address and browser/device information during contract signing and onboarding form access (for legal record of contract execution)
- App: Authentication cookies (JWT) for session management
- Website: Google Analytics data (site usage analytics)
C. Information from Third Parties
- Google OAuth: Name, email, and Google account ID (when you choose to sign in with Google)
2. How We Use Your Information
- Providing tutoring services — matching students with tutors, scheduling sessions, tracking attendance and session history
- Billing and payments — generating invoices, processing payments through Stripe, tracking payment status, managing deposits and referral credits
- Communication — sending invoice reminders, timesheet reminders, onboarding invitations, and tutor assignment notifications via email
- Payroll and accounting — tracking tutor hours, managing timesheets and expenses, syncing with QuickBooks for contractor payments
- Family onboarding — facilitating intake forms, collecting contract signatures, processing initial deposits
- Platform administration — managing user accounts, maintaining data integrity, performing database backups, administrative data exports
- Legal and compliance — recording contract signatures (with IP and device info) for legal validity, maintaining audit trails, retaining records per tax and regulatory obligations
- Improving our services — understanding how the website and app are used via analytics
3. How We Share Your Information
We do not sell or share personal information for advertising or cross-context behavioral advertising purposes.
Data is shared with the following third-party service providers only as necessary to operate our business:
| Provider | What’s Shared | Purpose |
|---|---|---|
| Stripe | Name, email, billing address, payment amounts, invoice/deposit descriptions, family metadata. Payment methods may be stored by Stripe for future use. | Payment processing |
| SendGrid (Twilio) | Recipient email addresses, email content | Email delivery |
| QuickBooks Online (Intuit) | Tutor names, emails, session hours, pay amounts, session dates, student names (in line item descriptions), expense descriptions | Accounting and contractor payments |
| Authentication credentials (OAuth flow) | Sign-in | |
| Google Maps API | Address keystrokes, IP address, browser info (sent directly from your browser to Google — does not pass through Honors Prep servers) | Address autocomplete during onboarding |
| Cloudflare (R2) | Encrypted database backups | Secure backup storage (cannot read encrypted contents) |
Legal disclosures: We may disclose information if required by law, court order, or to protect the rights and safety of Honors Prep, our users, or others.
4. Children’s Privacy (COPPA Compliance)
Honors Prep may collect information about children under 13 in the course of providing tutoring services.
- Student data (name, grade level, school, subjects, session notes) may pertain to children under 13
- This data is provided by parents/guardians, not collected directly from children
- Children do not have accounts and do not interact with the platform directly
- Parents/guardians provide consent for data collection through the onboarding process and service agreement
- Student data is used solely for providing tutoring services — it is not used for advertising or shared with third parties for marketing purposes. Student names may appear in line item descriptions shared with our accounting provider (QuickBooks Online) for billing and payroll purposes only.
Parental Rights Under COPPA
Parents and guardians have the right to:
- Review their child’s personal information
- Request corrections to inaccurate information
- Request deletion of their child’s data
- Refuse further collection of their child’s data (understanding this may affect service delivery)
To exercise these rights, contact info@honorsprep.com.
5. Cookies and Tracking
The App (Tutoring Platform)
| Cookie | Purpose | Type | Duration |
|---|---|---|---|
token (JWT) | Authentication — keeps you logged in | Essential (HttpOnly, Secure, SameSite=Strict) | 24 hours |
oauth_state | CSRF protection during Google sign-in | Essential | 10 minutes |
invite_token | Backup token during tutor invite OAuth flow | Essential | 10 minutes |
No advertising, retargeting, or third-party tracking cookies are used in the app.
The Public Website (honorsprep.com)
The public website uses Google Analytics for site usage analytics. Visitors can manage cookie preferences through their browser settings.
6. Data Security
We implement the following technical safeguards to protect your information:
- Encryption at rest — database encrypted using SQLCipher (AES-256)
- Backup encryption — all backups encrypted with AES-256-GCM before off-site storage
- Password hashing — bcrypt for any non-OAuth accounts
- Secure authentication — HttpOnly cookies with Secure flag and SameSite=Strict policy
- Rate limiting — all API endpoints protected against abuse
- PII redaction — personal data scrubbed from server logs
- Access controls — role-based permissions (admin vs. tutor) enforced server-side
- Transport security — all data transmitted over HTTPS
- Payment isolation — credit card data handled entirely by Stripe and never touches Honors Prep servers
No method of electronic transmission or storage is 100% secure. If you suspect unauthorized access to your account or data, contact info@honorsprep.com immediately.
Data breach notification: In the event of a data breach involving personal information, Honors Prep will notify affected users in the most expedient time possible and without unreasonable delay, consistent with the requirements of the New York SHIELD Act (General Business Law § 899-aa) and any other applicable laws.
7. Data Retention
- Active relationship — data is retained for as long as the client, tutor, or student relationship is active
- Post-relationship — billing, invoice, and tax-related records retained for 3 years after the relationship ends, per IRS guidelines
- Deletion requests — users may request earlier deletion of their data, subject to legal retention obligations (e.g., tax records)
- Inactive records — when a client, tutor, or student is deactivated, their records are marked inactive but retained per the above schedule
8. Your Rights
Users of the Services have the right to:
- Access — request a copy of your personal data held by Honors Prep
- Correction — request updates to inaccurate or incomplete information
- Deletion — request deletion of your data (subject to legal retention requirements)
- Data portability — request your data in a portable, machine-readable format
- Withdraw consent — for any processing based on consent (including COPPA parental consent), understanding this may affect service delivery
- Opt out of non-essential communications — transactional emails (invoices, payment confirmations) remain necessary for the service
For parents/guardians: You have the right to review, correct, and request deletion of your child’s data at any time per COPPA (see Section 4).
How to exercise your rights: Contact info@honorsprep.com. We will respond within 30 days.
9. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on our website. The effective date at the top of this policy will be updated accordingly.
10. Contact Us
If you have questions about this Privacy Policy, contact us at:
Honors Prep, LLC422 State St, Brooklyn, NY 11217
(718) 635-2954
info@honorsprep.com