Privacy Policy

1.Data Controller

UniSwipe Ltd ("UniSwipe", "we", "us") is the data controller responsible for your personal data collected through the UniSwipe website and application (uniswipe.nl).

For all data-related enquiries, contact: legal@uniswipe.nl

2.Data We Collect

We collect the following categories of personal data:

• Account data: name, email address, profile photo, university, study programme, role (student/tutor).
• Tutor-specific data: hourly rate, academic transcripts and verification documents, teaching availability, courses taught, bio/introduction.
• Booking data: session dates/times, hours booked, selected courses, booking status.
• Payment data: transaction amounts, subscription plan, payout details (processed by Stripe — we do not store full card details).
• Communication data: messages exchanged through our in-platform messaging system.
• Review data: ratings and written reviews submitted for tutors.
• Usage data: pages visited, search queries, IP address, browser type, device type, and referral source (collected via cookies and server logs).

3.How We Use Your Data

• To create and manage your account and profile.
• To match students with tutors and facilitate bookings.
• To process payments and subscriptions through Stripe.
• To send transactional emails (booking confirmations, payment receipts).
• To send service communications (policy changes, security alerts).
• To verify tutor academic credentials.
• To detect and prevent fraud, off-platform activity, and policy violations.
• To improve our Platform through aggregated analytics.
• To comply with legal obligations.

We will only send you marketing communications if you have opted in. You may opt out at any time via the unsubscribe link in any email or through your account settings.

4.Legal Basis (GDPR)

We process your personal data on the following legal bases under GDPR Article 6:

• Contractual necessity — to provide the service you have signed up for.
• Legitimate interests — fraud prevention, platform security, improving our services.
• Legal obligation — compliance with applicable laws and regulations.
• Consent — for optional marketing communications and non-essential cookies.

5.Data Sharing

We share your data only with trusted service providers who process it on our behalf:

• Stripe — payment processing and subscription management.
• Supabase — cloud database and authentication infrastructure.
• Vercel — hosting and content delivery.
• Email service providers — transactional and marketing emails.

We do not sell, rent, or trade your personal data to third parties for their own marketing purposes. All data processors are bound by data processing agreements compliant with GDPR.

We may disclose your data if required by law, court order, or to protect the rights and safety of UniSwipe or its users.

6.Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations:

• Active account data: retained for the duration of your account, plus 2 years.
• Payment and transaction records: 7 years (tax and accounting obligations).
• Message history: 2 years after session completion.
• Verification documents: 3 years after verification, then securely deleted.
• Usage logs: up to 12 months.

Upon account deletion, we will erase or anonymise personal data within 30 days, except where retention is required by law.

7.Your Rights

Under GDPR, you have the following rights:

• Right of access — request a copy of the personal data we hold about you.
• Right to rectification — request correction of inaccurate data.
• Right to erasure — request deletion of your data ("right to be forgotten").
• Right to restriction — request we limit how we process your data.
• Right to data portability — receive your data in a structured, machine-readable format.
• Right to object — object to processing based on legitimate interests.
• Right to withdraw consent — where processing is based on consent, withdraw it at any time.

To exercise any of these rights, email legal@uniswipe.nl. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority.

8.Security

We implement appropriate technical and organisational measures to protect your personal data, including TLS encryption in transit, encrypted storage, access controls, and regular security reviews. However, no internet transmission is 100% secure.

9.Cookies

We use cookies and similar technologies. For detailed information, please read our Cookie Notice.

10.Children's Privacy

UniSwipe is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will delete it.

11.Policy Changes

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or a prominent in-app notice at least 14 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.

12.Contact / DPO

For any privacy enquiries, or to exercise your rights, please contact our Data Protection Officer:

• Email: legal@uniswipe.nl
• Post: UniSwipe Ltd, Data Protection Officer, Enschede, the Netherlands