Privacy Policy
Tuoora — Coaching Institute Management App
Effective Date: 5 June 2026 · Last updated: 5 June 2026
This Privacy Policy explains how Tuoora(“we”, “us”, “our”) collects, uses, stores, shares, and protects information when you use the Tuoora mobile application and related services (the “Service”). The Service is operated from India and is provided to coaching institutes (“Institute Users”) and their enrolled students (“Student Users”).
By creating an account or using the Service, you agree to the practices described below. If you do not agree, please do not use the Service.
1. Information We Collect
1.1 Account & Profile Information
- Institute Users: institute name, owner name, email, phone number, postal address, profile logo, and the UPI ID / QR code you choose to upload for fee collection.
- Student Users: name, date of birth, email, phone number, parent name & phone, profile photo, enrollment ID, and the batch you are enrolled in by your institute.
- Authentication credentials: hashed password and one-time passwords (OTP) sent to your email or phone during signup, login, or password reset.
1.2 Operational Data
- Fee records (paid, pending, overdue amounts and history) and auto-generated PDF receipts.
- Attendance entries marked by your institute (present, absent, leave, holiday).
- Homework assignments, submissions, scores, and remarks.
- Study materials and resources (PDF, image, video, audio) uploaded by your institute.
- Expense entries, staff records, salary logs, and lead/CRM notes (Institute Users only).
- In-app chat messages exchanged between Institute Users and Student Users, including text, voice notes, images, and document attachments.
1.3 Device & Technical Information
- Firebase Cloud Messaging (FCM) device token, used solely to deliver push notifications.
- App version, operating system version, and crash diagnostic data necessary to fix bugs.
- Authentication tokens (access & refresh tokens) stored locally on your device to keep you signed in.
1.4 Camera, Microphone & File Access
With your explicit, in-the-moment consent, the app accesses:
- Camera & Gallery — to upload profile photos, institute logos, UPI QR images, student photos, and homework attachments.
- Microphone — to record optional voice notes for in-app chat.
- Files & Documents — to attach PDFs and other documents you select using the system file picker.
We never scan or read files in the background. The app only accesses the specific file(s) you choose at the moment you tap the upload control.
1.5 Information We Do Not Collect
- We do not collect your precise GPS or network-based location.
- We do not access your contacts, calendar, SMS, or call logs.
- We do not use the Android Advertising ID.
- We do not collect biometric data.
2. How We Use Your Information
| Purpose | Data used |
|---|---|
| Account creation, login, OTP verification | Email, phone, password hash, OTP |
| Showing students their batches, fees, attendance, homework, and resources | Operational data, profile data |
| Letting institutes manage students, fees, batches, staff, leads, and reports | Operational data, profile data |
| Displaying the institute’s UPI ID and QR code so students can pay fees through their own UPI app | UPI ID, QR image |
| Sending push notifications about fees, homework, attendance, and announcements | FCM token, account ID |
| Securing accounts and preventing fraud | Phone, password hash, OTP, device token |
| Diagnosing crashes and improving app stability | App version, OS version, crash logs |
UPI payments note. Tuoora does notprocess fee payments. We only display the institute’s UPI ID and QR code. The actual money transfer happens outside Tuoora, inside the student’s chosen UPI app (Google Pay, PhonePe, Paytm, BHIM, etc.). We do not see, store, or have access to your bank account, card details, UPI PIN, or transaction PINs at any time.
3. How We Share Your Information
We do not sell your personal data. We do not share it with advertisers or data brokers. Limited sharing occurs only in these cases:
- Between Institute and Student: data you provide is shared with the institute you are enrolled in (for students) or the students enrolled in your institute (for institutes). This is the core function of the Service.
- Google Firebase Cloud Messaging: we send your FCM device token and notification content to Google’s push delivery infrastructure so notifications reach your device. See Firebase Privacy.
- Cloud hosting provider: Service data is stored on commercial cloud servers under our control, with industry-standard encryption at rest and in transit.
- Legal compliance: if required by valid Indian legal process (court order, statutory notice, etc.), we will disclose only the specific data legally required, after verifying authenticity.
4. Data Security
All communication between the Tuoora app and our servers is encrypted in transit using HTTPS / TLS. Passwords are stored only as one-way cryptographic hashes — we never see your plain-text password. Authentication tokens stored on your device expire automatically and are refreshed using a separate refresh token.
While we apply commercially reasonable security measures, no system on the internet is 100% secure. If you suspect unauthorised access to your account, please contact us immediately at support@tuoora.com.
5. Data Retention
- Account and profile data is retained for as long as your account is active.
- Fee records and receipts may be retained for up to 7 years after account deletion to comply with Indian tax, audit, and financial-record-keeping regulations.
- Chat messages are retained until you or your institute deletes them, or until the account is deleted.
- Authentication tokens and FCM tokens are deleted immediately when you sign out or uninstall the app.
- Crash logs and diagnostics are retained for up to 90 days for engineering use, then purged.
6. Your Rights & Choices
6.1 Access, correction and download
You can view and update your profile data inside the app at any time under Profile → Edit. To request a copy of all data we hold about you, email support@tuoora.com from your registered email address.
6.2 Account deletion
You may request deletion of your Tuoora account and associated personal data at any time:
- Via the web: visit https://tuoora.com/account-deletion and follow the instructions.
- Via email: write to support@tuoora.com from your registered email address with the subject “Delete Account Request” and include your registered phone number and role (Institute or Student).
We will action verified requests within 30 days. Fee and payment records may be retained for the period stated in Section 5 above, in line with applicable financial law.
6.3 Notification controls
You can turn push notifications on or off at any time from your device’s system settings, or from inside the app under Profile → Notification preferences.
6.4 Indian DPDP Act 2023 rights
If you are a Data Principal in India, the Digital Personal Data Protection Act, 2023, grants you rights including the right to access, correct, erase, withdraw consent, and grieve. To exercise any of these rights or to file a grievance, contact our Grievance Officer (Section 11).
7. Children’s Privacy
Tuoora is intended for use by coaching institutes and their enrolled students. The app is not designed for use by children under 13. Where students between the ages of 13 and 18 use the app, accounts are created by their institute on the basis of the parent or guardian’s enrolment consent. Parents and guardians who wish to review or request deletion of a student account may write to support@tuoora.com from the registered parent or guardian email.
8. International Transfers
Tuoora servers are located in India. If you access the Service from outside India, your information will be transferred to and processed in India. By using the Service, you consent to this transfer.
9. Cookies & Tracking
The Tuoora mobile app does not use cookies. We do not use third-party advertising SDKs, analytics SDKs, or behavioural tracking technologies. We do not use the Android Advertising ID.
10. Changes to this Policy
We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. For material changes, we will notify you inside the app or by email before the change takes effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.
11. Contact Us & Grievance Officer
For any privacy-related question, request, or complaint, please contact:
| support@tuoora.com | |
| Website | https://tuoora.com |
In accordance with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023, our Grievance Officer can be reached at the email above. We will acknowledge grievances within 48 hours and resolve them within 30 days.