Template — pending legal review. This document is a drafting template prepared for launch (governing law: New Mexico). It must be reviewed and approved by qualified legal counsel before it is relied upon.
Privacy Policy
Last updated: 2026-06-27
This Privacy Policy explains how InstructorOps ("InstructorOps," "we," "us," or "our") collects, uses, shares, and protects personal information when you use our platform, websites, and mobile apps (the "Platform"). It applies to the instructors and ranges who subscribe to InstructorOps ("Instructors") and to their students and customers ("Students").
1. Our role: controller vs. processor
For information about Instructor accounts (the people who sign up to run their business on InstructorOps) and visitors to our marketing site, InstructorOps is the controller and this Policy describes how we use that information directly.
For Student information that an Instructor collects through its InstructorOps-powered site — bookings, waivers, payment records, and similar data — the Instructor is the controller and InstructorOps acts as a service provider / processor handling that information on the Instructor's behalf and under its instructions. Students with questions about how a particular Instructor uses their information, or who want to exercise rights over it, should generally contact that Instructor; we will support the Instructor in responding.
2. Information we collect
We collect the following categories of information:
- Account and contact information — name, email address, phone number, business name, and login credentials for Instructors and their team members.
- Student information (on behalf of Instructors) — names, email addresses, phone numbers, emergency contacts, class enrollments, attendance, certificates, and the contents and metadata of signed liability waivers (including signer identity and timestamp).
- Payment information — transaction records, amounts, and status. Card details and bank account numbers are collected and stored by Stripe, not by us; we receive tokens and limited transaction metadata, not full card numbers.
- Messaging data — the content and delivery status of SMS and email sent through the Platform, and consent and opt-out (STOP / unsubscribe) records.
- Calendar data — when an Instructor connects Google Calendar, the availability, event, and authorization data needed to create and sync bookings.
- Usage and device data — IP address, browser and device type, pages viewed, and similar log data collected automatically, plus diagnostic and error data used to keep the Platform reliable.
3. How we use information
We use personal information to:
- provide, operate, secure, and improve the Platform;
- process payments through Stripe Connect and deliver booking, waiver, and certificate functionality;
- send transactional and (with consent) marketing communications by email and SMS, and honor opt-outs;
- provide customer support and respond to requests;
- detect, prevent, and investigate fraud, abuse, and security incidents, and enforce our Terms; and
- comply with legal, tax, and accounting obligations.
We do not sell personal information. We process Student information only as needed to provide the Platform to the relevant Instructor and as that Instructor instructs.
4. Sub-processors and service providers
We rely on a small set of trusted third parties to operate the Platform. Each receives only the information needed to perform its function and is bound by contractual confidentiality and data-protection obligations:
| Provider | Purpose |
|---|---|
| Stripe | Payment processing (Stripe Connect) and payouts |
| Resend | Transactional and marketing email delivery |
| TextGrid | SMS / text message delivery |
| Google Calendar scheduling and availability sync | |
| Neon | Managed PostgreSQL database hosting |
| Vercel | Application hosting and content delivery |
| Upstash | Caching and rate limiting (Redis) |
| Sentry | Error monitoring and performance diagnostics |
We may update this list as our providers change; we will reflect changes here and update the "Last updated" date. Some of these providers may process data in countries other than yours; where required, we put appropriate safeguards in place for such transfers.
5. Data retention
We keep personal information for as long as needed to provide the Platform and for the legitimate and lawful purposes described in this Policy. In general:
- Account and Student records are retained while the related account or Instructor relationship is active.
- Signed waivers and certificates are retained for the period the controlling Instructor requires, which may extend beyond the end of the relationship for evidentiary and liability reasons.
- Payment and transaction records are retained as required for tax, accounting, audit, and fraud-prevention purposes.
- Logs and diagnostic data are retained for a limited period for security and reliability.
When information is no longer needed, we delete or de-identify it. Deletion requests are honored subject to records we are legally required to keep (see Section 8).
7. Security
We use commercially reasonable administrative, technical, and physical safeguards designed to protect personal information, including tenant isolation between Instructors, encryption of data in transit, access controls, and monitoring. No system is perfectly secure, and we cannot guarantee absolute security; we encourage you to use a strong, unique password and to report suspected incidents promptly.
8. Your privacy rights — access and deletion
Depending on where you live, you may have rights to access, correct, port, or delete your personal information, to object to or restrict certain processing, and to withdraw consent.
- Instructors may exercise these rights for their own account information by contacting us (Section 11). Instructors can also export their data and request account deletion, subject to records we must retain for legal, tax, or fraud-prevention purposes.
- Students should direct access and deletion requests to the relevant Instructor, who controls their information; we will assist the Instructor in fulfilling valid requests as their processor.
We do not discriminate against you for exercising these rights. We may need to verify your identity before acting on a request.
9. Children's data
The Platform is not directed to children under 13 (or the equivalent minimum age in your jurisdiction), and we do not knowingly collect personal information from them through our own account and marketing features. Instructors who offer youth programs are responsible for obtaining any required parental or guardian consent and for complying with laws governing minors' data (such as COPPA in the United States). If you believe a child has provided personal information improperly, contact us and we will take appropriate steps to delete it.
10. Email and SMS preferences
You can unsubscribe from marketing email using the link in those messages, and you can opt out of SMS by replying STOP (reply HELP for help). You may still receive transactional messages — such as receipts, booking confirmations, and account notices — that are necessary to provide the service. See our Terms of Service for more on messaging consent.
11. Changes and how to contact us
We may update this Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, provide additional notice. This Policy is governed by the laws of the State of New Mexico.
To exercise a privacy right or ask a question, reach us through our contact page or at [PRIVACY CONTACT EMAIL].