Also available in Greek.

Privacy Policy

1. Introduction

UniLearnIt (unilearnit.com) provides online tutoring support for university students (live and recorded lessons, enrollments, course materials, communication with tutors). We respect your privacy and process personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Greek law.

2. Data controller

The data controller for the data described in this policy is UniLearnIt, website www.unilearnit.com.

For privacy-related matters, you can contact us at info@unilearnit.com or through the contact form on our website.

3. Data we collect

Depending on how you use the platform, we may process:

  • Account data (Google sign-in): first name, last name, email address, and Google identifier. We may also receive a phone number from Google if you have added one to your Google account. We do not permanently store your Google profile photo in our database.
  • Student registration: first name, selected department (and related university), optional last 3 digits of phone number (as requested in the registration form), study year, course list, and enrollment status.
  • Course enrollment: contact details (first name, last name, email, phone - full number as submitted), study year, course selections, enrollment notes, request and revision history, and billing/installment details where applicable.
  • Tutor applications: contact details, LinkedIn/website, CV, and academic/professional information submitted in the form.
  • Secretariat requests: request text, related course, and your account details to process the request.
  • Devices and security: device identifier, device type, browser/operating system, IP address (from the connection request), login and access logs, device login history (email, IP, browser/OS, approximate city/country, login/logout times) to prevent misuse and enforce device limits.
  • Platform usage (page tracking): page URL, page title, visit duration, IP address, approximate city/country (not precise device location).
  • Communication (chat): message text, timestamps, participants, related course/chat room; stored to provide the service.
  • Platform notifications: email, name, notification text, and related course or link.
  • Course announcements: sending and read status of announcements (sender email/name, subject, body).
  • Files and notes (PDF): upload metadata (uploader email, file name, course); files are hosted in cloud storage.
  • Access security logs: records of denied access to protected content (e.g. PDF, video), including email, IP, and reason for denial.
  • Payments: via Stripe Checkout; we do not store payment card details on our website. We receive payment status, amounts, and related transaction details from Stripe.
  • Video: playback data through a third-party video provider; technical content-protection measures such as watermarks with identifying information may be used according to platform settings.
  • Zoom (lesson recordings): meeting identifier to match a course and process recordings via third parties; we do not store live call content on our own server.
  • Contact (landing form): name, email, message - when you use the contact form on the website (sent via Web3Forms).
  • Local preferences: settings stored in your browser (e.g. theme, selected department, local read status for notifications/announcements), where you store them locally.
  • Sign-in cookies: cookies necessary for the platform to work after Google sign-in (see Cookies section).

We do not request access to your device location (GPS/geolocation) through the browser.

4. Purposes and legal bases

We process your data for the following purposes:

  • Providing our services (registration, course access, chat, materials, announcements) - performance of a contract (GDPR Art. 6(1)(b)).
  • Authentication and security (Google login, device limits, login logs) - legitimate interest and/or contract performance.
  • Managing debts and installments - contract performance / legitimate interest.
  • Payment processing - contract performance and legal obligation (accounting/tax, where applicable).
  • Evaluating tutor applications - legitimate interest / pre-contractual steps.
  • Sending announcements and notifications - contract performance.
  • Protecting intellectual content (video watermarks, access logs) - legitimate interest.
  • Platform operation and improvement (page tracking, technical logs) - legitimate interest.
  • Anti-bot on the tutor application form (Cloudflare Turnstile, where enabled) - legitimate interest.
  • Communicating with you - contract performance or consent, as applicable.

5. Cookies

The UniLearnIt platform uses cookies and similar browser storage for the operation, security, and improvement of the user experience. We do not currently use third-party analytics or marketing/advertising cookies (e.g. Google Analytics, Meta Pixel).

Strictly necessary cookies (backend)

Sign-in and session cookies are set mainly by our server. They are typically HttpOnly (not accessible to page JavaScript) and are used to:

  • sign you in and identify your account
  • keep you signed in
  • protect the platform
  • manage devices and sessions

This may include mechanisms such as an access token cookie, a refresh token, a session identifier, a device token, and a role-related cookie for basic interface behaviour. Exact names and lifetimes may vary depending on security configuration.

Some security cookies or similar mechanisms may be kept for longer. In particular, the device identification cookie may be kept for up to approximately 1 year for security, device recognition, device limits, and abuse prevention.

Local storage (localStorage / sessionStorage)

We also use local browser storage for functional and UX purposes, such as:

  • display theme
  • selected department / school
  • read state for notifications or announcements
  • interface preferences (e.g. table layout, page state)
  • temporary technical state of the application

Interface preference cookie

We set the sidebar_state cookie (sidebar open/collapsed) for approximately 7 days.

First-party page usage logging

The platform may log page visits and time on page through our own API (first-party page tracking) for operation, security, and service improvement. This is not done through third-party marketing or advertising cookies.

Third-party providers - only when the related feature is used

Third-party services may load only when you use the related feature:

  • Google - when signing in with Google
  • Stripe - when making an online payment (redirect to Stripe checkout)
  • Cloudflare Turnstile - on the tutor application form, where enabled
  • Third-party video provider - when playing course video
  • Web3Forms - when the website contact form is used

Consent for non-essential cookies

Strictly necessary cookies do not require consent. If we introduce non-essential analytics or marketing cookies in the future, we will ask for your prior consent before enabling them.

Your choices

You can delete cookies and local storage in your browser settings. Signing out clears or deactivates sign-in cookies controlled by our server, where technically possible. Some strictly necessary security or device identification cookies may remain for longer so that security rules and device limits can still apply.

6. Recipients / third parties

We share data with trusted providers that help us operate the platform, such as:

  • Google - sign-in (OAuth).
  • Stripe - payment processing (we receive status/amounts; not card details).
  • Third-party video provider - video hosting and playback, and content-protection measures where enabled.
  • Google Cloud - file storage (e.g. tutor application CVs, PDFs, testimonials) and backend infrastructure hosting.
  • Google Cloud / Firebase Hosting - website hosting.
  • MongoDB (hosted database) - application data storage.
  • Redis - temporary session storage and rate limiting.
  • Zoom - webhooks when a live session recording completes (no Zoom video stored on our server).
  • ip-api.com - approximate geographic location (city/country) from IP for analytics and security.
  • Cloudflare Turnstile - anti-bot on the tutor application form (where enabled).
  • Web3Forms - landing contact form message delivery.
  • SMTP / email provider - sending course announcements and emails.

These providers process data as processors or independent controllers, according to their own privacy policies. We do not sell your personal data to third parties.

7. International transfers

Some providers (e.g. Google, Stripe, third-party video provider, Google Cloud, ip-api.com) may process data outside the European Economic Area. Where required, transfers are made with appropriate safeguards (e.g. EU Standard Contractual Clauses).

8. Retention

We retain personal data for as long as necessary for the purposes described above, unless law requires or permits a longer period.

For example:

  • Account data and enrollments: for the duration of your relationship with the platform.
  • Tutor applications: as long as needed for evaluation and legal/administrative obligations; application and CV deletion is possible on request or by an admin.
  • Security logs (access denial): can be deleted by an administrator by date.
  • Page tracking and device login history: stored without automatic expiry; manual cleanup may occur in the future.
  • Chat messages: stored to provide history; “deletion” may be logical (soft delete) without immediate physical removal from all systems.
  • Sessions (Redis): temporary, with automatic expiry (TTL) per role.
  • Financial records: according to applicable tax and accounting obligations.

9. Your rights

Under the GDPR, you have the right to:

  • access your data;
  • rectify inaccurate data;
  • erasure (“right to be forgotten”), where applicable;
  • restrict processing;
  • data portability;
  • object to processing based on legitimate interest;
  • withdraw consent where processing is based on consent (without affecting the lawfulness of prior processing).

Requests for account deletion or data export should be submitted to info@unilearnit.com or through the contact form and are handled in accordance with the GDPR.

To exercise your other rights, contact us as described in section 14. You may also lodge a complaint with the Hellenic Data Protection Authority (Greece): www.dpa.gr.

10. Staff access

Administrators can access user data to operate the platform, provide support, handle billing, and maintain security.

Tutors can access student data only for courses they teach or courses in which students are enrolled (e.g. student lists, course chat, announcements).

Access is restricted through authentication and role checks in the system.

11. Security

We implement technical and organizational measures to protect your data (e.g. HTTPS, access controls, device limits). No system is completely secure; we encourage strong security on your Google account and devices.

12. Children

The platform is primarily intended for university students. We do not knowingly collect data from children under 16 without required parental consent, where applicable. If you believe we collected a minor’s data, please contact us.

13. Changes to this policy

We may update this Privacy Policy. For material changes, we may notify you through the platform or by other appropriate means.

14. Contact

For questions about your personal data or to exercise your rights, contact UniLearnIt at info@unilearnit.com or through the contact form on our website (unilearnit.com).