Privacy Policy
Effective date: May 25, 2026
OnNetwork (“OnNetwork,” “we,” “us,” or “our”) operates a tutoring marketplace that connects students with independent mentors. This Privacy Policy explains what personal information we collect, how we use and share it, and the rights you have under U.S. state privacy laws and the EU / UK GDPR.
If you have questions, contact us at privacy@onnetwork.com.
1. Information We Collect
- Account information. Name, email address, password (stored as a one-way hash), role (student / mentor / referral partner), and account preferences (for example, newsletter opt-in).
- Profile information. Profile photo, biography, subjects, grade level, languages, time zone, and other details you choose to add to your profile.
- Lesson and booking data. Lessons booked, scheduled, completed, or cancelled; messages exchanged with mentors or students through the platform; reviews and ratings.
- Payment information. Payments are processed by Stripe. We do not store full card numbers on our servers. We receive limited transaction metadata from Stripe (for example, the last 4 digits of the card, billing zip, transaction status, payout records).
- Communications. Messages you send through the platform, customer support inquiries, and survey responses.
- Technical and device information. IP address, browser type and version, operating system, device identifiers, referring URL, pages viewed, and timestamps.
- Cookies and similar technologies. See Section 4 below.
- Information from third parties. If you sign in via a third-party provider (for example, Facebook or Google), we receive the limited profile information you authorize that provider to share. We may also receive information from referral partners and ambassadors.
2. How We Use Information
- Provide the service: create your account, match students with mentors, schedule and host lessons, process bookings, and deliver core platform features.
- Process payments and payouts through Stripe and our payment partners.
- Communicate with you: send transactional emails, respond to inquiries, and (with your consent) send newsletters.
- Maintain trust and safety: detect, investigate, and prevent fraud, abuse, harassment, and violations of our Terms of Use.
- Comply with legal obligations and respond to lawful requests.
- Improve and develop the service.
We do not sell your personal information for money. We do not engage in cross-context behavioral advertising. We do not use minors’ personal information for targeted advertising.
3. How We Share Information
- With mentors and students you book with. When you book a lesson, the other party sees the information needed to deliver the lesson.
- Payment processors. Stripe processes payments and payouts under Stripe’s own privacy policy.
- Service providers. Hosting, email delivery, analytics, and customer support vendors operate under contractual confidentiality and data-protection obligations.
- Legal and safety. We may disclose information when we believe in good faith that disclosure is required by law, legal process, or to protect rights, property, or safety. We respond to lawful requests from law enforcement and other government authorities.
- Business transfers. If OnNetwork is involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred as part of that transaction.
4. Cookies and Tracking
- Strictly necessary. Required for sign-in, security, payments, and other core functionality. Always on.
- Analytics. With your consent, we measure how the site is used so we can improve it.
- Marketing. With your consent, we measure marketing campaigns. We do not engage in cross-context behavioral advertising.
Manage your preferences at any time at /legal/cookies/. We honor Global Privacy Control (GPC) signals as opt-out requests under the CCPA / CPRA.
5. Your Privacy Rights
California (CCPA / CPRA)
- Know what personal information we collect, use, disclose, and (if applicable) sell or share.
- Delete personal information we collect from you, subject to certain exceptions.
- Correct inaccurate personal information.
- Opt out of the “sale” or “sharing” of personal information. As noted above, we do not sell or share personal information.
- Limit the use of sensitive personal information.
- Non-discrimination for exercising your privacy rights.
You may submit an authorized agent request on your behalf.
Other U.S. state privacy rights
If you reside in one of the following states, you have rights under your state’s comprehensive privacy law. These rights generally include access, correction, deletion, portability, and the ability to opt out of the sale of personal data, targeted advertising, and certain forms of profiling. Specific rights, exemptions, and request procedures vary by state. To exercise any of these rights, submit a request at /legal/privacy-request/.
- Virginia — Consumer Data Protection Act (Va. Code §59.1-575 et seq.)
- Colorado — Colorado Privacy Act (Colo. Rev. Stat. §6-1-1301 et seq.)
- Connecticut — Connecticut Data Privacy Act (Conn. Gen. Stat. §42-515 et seq.)
- Utah — Utah Consumer Privacy Act (Utah Code §13-61-101 et seq.)
- Texas — Texas Data Privacy and Security Act (Tex. Bus. & Com. Code §541.001 et seq.)
- Oregon — Oregon Consumer Privacy Act (Or. Rev. Stat. §646A.570 et seq.)
- Montana — Montana Consumer Data Privacy Act (Mont. Code Ann. §30-14-2801 et seq.)
- Iowa — Iowa Consumer Data Protection Act (Iowa Code §715D.1 et seq.)
- Delaware — Delaware Personal Data Privacy Act (Del. Code tit. 6, §12D-101 et seq.)
- New Jersey — New Jersey Data Privacy Act (N.J. Stat. §56:8-166.4 et seq.)
- New Hampshire — New Hampshire Privacy Act (RSA 507-H)
- Nebraska — Nebraska Data Privacy Act (Neb. Rev. Stat. §87-1101 et seq.)
- Maryland — Maryland Online Data Privacy Act (Md. Code Com. Law §14-4601 et seq.)
- Minnesota — Minnesota Consumer Data Privacy Act (Minn. Stat. §325O.01 et seq.)
- Rhode Island — Rhode Island Data Transparency and Privacy Protection Act (R.I. Gen. Laws §6-48.1)
- Indiana — Indiana Consumer Data Protection Act (Ind. Code §24-15)
- Tennessee — Tennessee Information Protection Act (Tenn. Code §47-18-3201 et seq.)
- Kentucky — Kentucky Consumer Data Protection Act (KRS §367.3611 et seq.)
If your state is not listed but has enacted a comprehensive privacy law, you may have similar rights — please contact us using the channels below and we will treat your request consistently with applicable law.
EU and UK (GDPR / UK GDPR)
- Access your personal data and obtain a copy.
- Rectification of inaccurate or incomplete data.
- Erasure (“right to be forgotten”) in certain circumstances.
- Restriction of processing in certain circumstances.
- Data portability — receive your data in a structured, commonly used, machine-readable format.
- Object to processing based on our legitimate interests, including direct marketing.
- Withdraw consent at any time where processing is based on consent.
- Lodge a complaint with your local supervisory authority.
How to Exercise Your Rights
Submit a request at /legal/privacy-request/ or email privacy@onnetwork.com. We may need to verify your identity before fulfilling certain requests. We will respond within the time required by applicable law (generally 45 days for CCPA / CPRA, 30 days for GDPR).
6. Children and Minors
OnNetwork’s service is intended for users 13 and older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information to us, please contact privacy@onnetwork.com and we will delete the information promptly.
For users aged 13 to 17, we require verifiable parental or legal-guardian consent before the account can be used. Parents and legal guardians may exercise privacy rights on behalf of their minor child via the privacy request form.
We do not use minors’ personal information for targeted advertising or profiling that produces legal or similarly significant effects.
7. Data Retention
We retain personal information for as long as your account is active and for 24 months after account closure, except when a longer retention period is required by law, by legitimate business need (for example, tax records, dispute resolution, or fraud prevention), or when subject to a legal hold or active dispute. You may request earlier deletion via the privacy request form, subject to legal exceptions.
8. Data Security
- TLS / HTTPS encryption in transit.
- One-way password hashing.
- Role-based access controls and audit logging on production systems.
- Regular review of vendor security practices.
No method of transmission or storage is completely secure. We cannot guarantee absolute security, but we work to protect your information consistent with industry standards.
9. International Transfers
OnNetwork is based in the United States. For transfers from the European Economic Area, the United Kingdom, or Switzerland, we rely on appropriate safeguards including Standard Contractual Clauses and, where applicable, the EU-U.S. Data Privacy Framework (DPF) / UK Extension / Swiss-U.S. DPF.
10. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice on the site before the changes take effect. The “Effective date” above will always reflect the latest version.
11. Contact Us
Privacy questions and requests:
- Email: privacy@onnetwork.com
- Submit a request: /legal/privacy-request/
- Postal address: To be provided.