Bespoke Learning logo

    Privacy Policy

    At Bespoke Learning, we are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, services, or interact with us.

    Effective Date: January 26, 2025
    Last Updated: January 26, 2025

    1. About This Policy

    Bespoke Learning operates from Ontario, Canada, and provides educational services globally. We comply with applicable privacy laws including:

    • Personal Information Protection and Electronic Documents Act (PIPEDA) - Canada
    • General Data Protection Regulation (GDPR) - European Union
    • California Consumer Privacy Act (CCPA) - United States
    • Other applicable international privacy laws where we operate

    2. Information We Collect

    Personal Information

    • Contact Information: Name, email address, phone number, mailing address
    • Account Information: Username, password, profile preferences
    • Educational Information: Academic history, learning objectives, assessment results, progress reports
    • Payment Information: Billing address, payment method details (processed securely by Stripe)
    • Communication Records: Messages, support tickets, consultation notes
    • AI Tool Usage Data: Interactions with AI-enhanced learning tools, feedback responses, and learning pattern analysis

    Technical Information

    • Usage Data: Pages visited, time spent, click patterns, session recordings
    • Device Information: IP address, browser type, operating system, device identifiers
    • Cookies and Tracking: As described in our Cookie Policy below

    3. How We Use Your Information

    We use your personal information for the following purposes:

    • Service Delivery: Providing tutoring, educational content, and customer support
    • Account Management: Creating and managing your account, authentication
    • Communication: Sending updates, newsletters, educational content, and service notifications
    • Payment Processing: Processing payments, invoicing, and financial record-keeping
    • Personalization: Customizing learning experiences and AI-enhanced recommendations
    • Analytics: Improving our services, understanding user behavior, and business analysis
    • Legal Compliance: Meeting regulatory requirements and protecting our legal interests
    • Security: Preventing fraud, unauthorized access, and ensuring platform security

    4. Legal Basis for Processing (GDPR)

    For users in the European Union, we process your personal data based on:

    • Contract Performance: To provide our tutoring services
    • Legitimate Interests: To improve our services and communicate with you
    • Consent: For marketing communications and optional features
    • Legal Obligation: To comply with applicable laws and regulations

    5. Information Sharing and Disclosure

    We may share your information with:

    • Tutors: Educational information necessary for providing tutoring services
    • Service Providers: Payment processors (Stripe), email services, analytics tools, cloud hosting
    • AI Service Providers: Third-party AI platforms and tools used to enhance learning experiences (data is anonymized and aggregated where possible)
    • Educational Partners: Schools and institutions you've authorized us to work with
    • Legal Requirements: When required by law, court order, or to protect rights and safety
    • Business Transfers: In connection with a merger, acquisition, or sale of assets

    We do not sell personal information to third parties for commercial purposes.

    6. International Data Transfers

    As we serve students globally, your information may be transferred to and processed in countries other than your residence. We ensure appropriate safeguards are in place, including:

    • Standard Contractual Clauses approved by the European Commission
    • Adequacy decisions for data transfers to approved countries
    • Additional security measures for sensitive educational data

    7. Data Security

    We implement industry-standard security measures including:

    • Encryption of data in transit and at rest
    • Regular security audits and vulnerability assessments
    • Access controls and staff training on data protection
    • Secure payment processing through PCI-compliant providers
    • Regular backups and disaster recovery procedures

    8. Data Retention

    We retain your personal information for as long as necessary to fulfil the purposes outlined in this policy:

    • Account Data: Until account deletion or 7 years after last activity
    • Educational Records: 7 years for academic progress tracking
    • Financial Records: 7 years as required by Canadian tax law
    • Marketing Data: Until consent is withdrawn

    9. Your Rights

    Depending on your location, you may have the following rights:

    • Access: Request a copy of your personal information
    • Rectification: Correct inaccurate or incomplete information
    • Erasure: Request deletion of your personal information
    • Portability: Receive your data in a structured, machine-readable format
    • Restriction: Limit how we process your information
    • Objection: Object to processing based on legitimate interests
    • Withdraw Consent: Withdraw consent for processing at any time

    To exercise these rights, contact us at privacy@bespokelearning.ca

    10. Children's Privacy

    Our services are primarily designed for students under 18. When we collect information from minors:

    • We obtain verifiable parental consent where required by law
    • We limit collection to information necessary for educational services
    • Parents can review, modify, or delete their child's information
    • We comply with COPPA, PIPEDA, and other applicable children's privacy laws
    • Parents have the right to request information about data collected from their children
    • We provide clear contact information for parents to exercise their rights regarding their child's data

    11. Cookie Policy

    We use cookies and similar tracking technologies to enhance your experience on our website. This section explains what cookies are, how we use them, and your choices regarding cookies.

    What Are Cookies?

    Cookies are small text files stored on your device when you visit our website. They help us remember your preferences, understand how you use our site, and provide personalized experiences.

    Types of Cookies We Use

    Essential Cookies (Always Active)

    These cookies are necessary for the website to function properly and cannot be disabled:

    • Authentication and security cookies
    • Language preference cookies
    • Cookie consent status cookies
    • Session management cookies

    Analytics Cookies

    Help us understand how visitors interact with our website:

    • Google Analytics for traffic analysis
    • Page view and user behavior tracking
    • Performance measurement cookies

    Advertising Cookies

    Used for delivering personalized advertisements:

    • Google Ads and remarketing cookies
    • Social media advertising pixels
    • Cross-site tracking for ad personalization

    Personalization Cookies

    Remember your preferences and provide customized content:

    • User interface preferences
    • Content personalization based on interests
    • Learning path recommendations

    Managing Your Cookie Preferences

    You can control cookies through:

    • Our Cookie Banner: Customize preferences when you first visit our site
    • Browser Settings: Most browsers allow you to block or delete cookies
    • Opt-out Tools: Use industry opt-out tools for advertising cookies

    Third-Party Cookies

    We use third-party services that may set cookies on your device:

    • Google Analytics: Website analytics and performance measurement
    • Google Ads: Advertising and remarketing campaigns
    • Social Media Platforms: LinkedIn, Facebook, Instagram integration
    • Payment Processors: Stripe for secure payment processing

    12. Do Not Sell My Personal Information (CCPA Rights)

    Under the California Consumer Privacy Act (CCPA) and other applicable privacy laws, you have specific rights regarding the sale of your personal information.

    Our Commitment

    Bespoke Learning does not sell personal information. We do not exchange personal information for monetary compensation or other valuable consideration with third parties.

    What Constitutes "Sale" Under CCPA

    Under CCPA, "sale" includes sharing personal information with third parties for cross-context behavioral advertising, even without monetary exchange. While we don't sell data, we may share information for:

    • Analytics and website optimization (Google Analytics)
    • Advertising and marketing (Google Ads, social media pixels)
    • Educational service delivery (authorized tutors and educational partners)

    Your Rights

    If you are a California resident, you have the right to:

    • Know: What personal information we collect, use, disclose, and share
    • Delete: Request deletion of your personal information
    • Opt-Out: Opt-out of any data sharing that constitutes a "sale"
    • Non-Discrimination: Receive equal service regardless of exercising your rights
    • Correct: Request correction of inaccurate personal information
    • Limit: Limit use and disclosure of sensitive personal information

    How to Exercise Your Rights

    To exercise your CCPA rights or opt-out of data sharing:

    • Email: privacy@bespokelearning.ca
    • Subject Line: "CCPA Rights Request" or "Do Not Sell Request"
    • Cookie Settings: Use our cookie preference center to opt-out of advertising cookies
    • Phone: +1 (647) 770-2074

    Verification Process

    To protect your privacy, we may need to verify your identity before processing requests. This may include:

    • Matching information you provide with information in our records
    • Requesting additional documentation for sensitive requests
    • Using a secure verification process for account holders

    Response Timeline

    We will respond to your request within 45 days, or notify you if we need additional time (up to 90 days total for complex requests).

    13. Changes to This Policy

    We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes via email or prominent website notice at least 30 days before the changes take effect.

    14. Contact Us

    For privacy-related questions or to exercise your rights, contact us:

    Bespoke Learning

    83 Redpath Avenue, Toronto, ON, Canada

    Email: privacy@bespokelearning.ca

    General Contact: info@bespokelearning.ca

    Phone: +1 (647) 770-2074

    15. Supervisory Authority

    If you are not satisfied with our response to your privacy concerns, you may lodge a complaint with:

    • Canada: Office of the Privacy Commissioner of Canada
    • EU: Your local data protection authority
    • UK: Information Commissioner's Office (ICO)
    • California: California Attorney General's Office
    • Singapore: Personal Data Protection Commission (PDPC)
    • Hong Kong: Privacy Commissioner for Personal Data
    • UAE: UAE Data Office
    • China: Cyberspace Administration of China (CAC)
    • Japan: Personal Information Protection Commission (PPC)
    • South Korea: Personal Information Protection Commission (PIPC)
    • Australia: Office of the Australian Information Commissioner (OAIC)
    • Other jurisdictions: Your local privacy regulator

    16. Regional Privacy Compliance

    We comply with privacy laws in all jurisdictions where we operate. Below are specific details for key regions:

    Singapore (PDPA)

    We comply with Singapore's Personal Data Protection Act (PDPA) and are subject to the Personal Data Protection Commission (PDPC). Under PDPA, you have rights to access, correct, and request deletion of your personal data. We retain personal data for 7 years as required by Singapore law. For PDPA-related inquiries, contact us at privacy@bespokelearning.ca.

    Hong Kong (PDPO)

    We comply with Hong Kong's Personal Data (Privacy) Ordinance (PDPO) and are subject to the Privacy Commissioner for Personal Data. Under PDPO, you have rights to access and correct your personal data. We retain personal data for 7 years as required by Hong Kong law. For PDPO-related inquiries, contact us at privacy@bespokelearning.ca.

    United Arab Emirates (UAE PDPL)

    We comply with the UAE Personal Data Protection Law (UAE PDPL) and are subject to the UAE Data Office. Under UAE PDPL, you have rights to access, rectify, erase, and object to processing of your personal data. We retain personal data for 7 years as required by UAE law. Cross-border data transfers are subject to specific requirements under UAE PDPL. For UAE PDPL-related inquiries, contact us at privacy@bespokelearning.ca.

    China (PIPL)

    We comply with China's Personal Information Protection Law (PIPL) and are subject to the Cyberspace Administration of China (CAC). Under PIPL, you have rights to access, correct, delete, and port your personal information. We retain personal information for the minimum necessary period as required by PIPL. Data localization requirements apply under PIPL. For PIPL-related inquiries, contact us at privacy@bespokelearning.ca.

    Japan (APPI)

    We comply with Japan's Act on the Protection of Personal Information (APPI) and are subject to the Personal Information Protection Commission (PPC). Under APPI, you have rights to disclosure, correction, deletion, and suspension of use of your personal information. We retain personal information for 7 years as required by Japanese law. For APPI-related inquiries, contact us at privacy@bespokelearning.ca.

    South Korea (PIPA)

    We comply with South Korea's Personal Information Protection Act (PIPA) and are subject to the Personal Information Protection Commission (PIPC). Under PIPA, you have rights to access, correct, delete, and suspend processing of your personal information. We retain personal information for 3 years for marketing purposes and 5 years for contracts as required by Korean law. For PIPA-related inquiries, contact us at privacy@bespokelearning.ca.

    17. Data Localization and Cross-Border Transfers

    As we serve students globally, your information may be transferred to and processed in countries other than your residence. We ensure appropriate safeguards are in place for all international data transfers.

    China (PIPL)

    Under China's Personal Information Protection Law (PIPL), we ensure that personal information of Chinese residents is processed in accordance with PIPL requirements. Cross-border transfers of personal information are subject to specific requirements including adequacy decisions, standard contractual clauses, or other approved mechanisms.

    UAE (UAE PDPL)

    Under the UAE Personal Data Protection Law (UAE PDPL), cross-border data transfers are subject to specific requirements. We ensure that any international transfers comply with UAE PDPL requirements including adequacy decisions, binding corporate rules, or standard contractual clauses.

    General Safeguards

    For all international data transfers, we implement appropriate safeguards including:

    • Standard Contractual Clauses approved by relevant authorities
    • Adequacy decisions for data transfers to approved countries
    • Binding Corporate Rules where applicable
    • Additional security measures for sensitive educational data
    • Regular audits of data transfer practices