How long does setup take?

Less than 5 minutes. Sign up, add your students, and schedule your first lesson. No complex setup or technical skills required.

Is there a free plan?

Yes! The Free plan includes everything — unlimited students, unlimited lessons, recurring schedules, SMS reminders, exports, team features, and 5GB storage. The only paid product is the AI Assistant ($9.99/mo) which gives you higher AI limits instead of 10 messages/day.

How does recurring lessons work?

Set a lesson to repeat weekly and it automatically appears on your calendar every week. Need to skip a holiday? Just delete that one occurrence. No need to re-enter 52 lessons per year.

Can I manage group lessons?

Yes. Create a group, add students, and schedule lessons for the whole group at once. Each student's attendance and payments are tracked individually.

How does the AI assistant work?

Ask it anything in plain language — your earnings this week, which students haven't paid, your schedule for tomorrow. It knows your data and gives you instant answers. Included in every plan.

Do I need to install an app?

No app needed. Tamlito works in any mobile browser on iPhone or Android. Open it, bookmark it, and manage your teaching business from anywhere.

Privacy Policy | Tamlito

Introduction

Tamlito CRM ("we", "our", or "us") operates the website tamlito.com and provides a cloud-based CRM platform for private tutors. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. By using Tamlito, you consent to the data practices described in this policy. If you do not agree, please discontinue use of the service.

Information We Collect

We collect the following categories of information: Account Data: Your name, email address, and profile picture when you create an account or sign in via Google OAuth. Student Data: Names, contact details, lesson history, notes, and payment records that you enter about your students. You are the data controller for this information. Lesson & Schedule Data: Lesson dates, times, durations, statuses, recurrence rules, and calendar entries you create. Payment & Billing Data: Subscription plan, billing history, and transaction records. Payment card details are processed and stored solely by our payment processor, Paddle. We do not store your credit card numbers. Usage Data: Pages visited, features used, session duration, clicks, and interactions within the application, collected via PostHog analytics. Technical Data: IP address, browser type and version, operating system, device type, timezone, and referring URL, collected automatically when you access the service.

How We Use Your Information

We use the information we collect for the following purposes: Service Delivery: To create and manage your account, provide core CRM features (student management, lesson scheduling, payment tracking), and process your subscription. Communications: To send transactional emails (account verification, password resets, subscription confirmations), lesson reminders, and important service announcements. Service Improvement: To analyze usage patterns, identify bugs, and improve features based on how teachers actually use the platform. Security: To detect and prevent unauthorized access, fraud, and other security threats. Legal Compliance: To comply with applicable laws, regulations, and legal processes.

Lawful Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds: Contract Performance: Processing your account and student data is necessary to deliver the service you signed up for. Legitimate Interest: We analyze usage data to improve the platform, ensure security, and prevent abuse. We balance these interests against your privacy rights. Consent: Where required, we obtain your explicit consent before processing — for example, for marketing communications or non-essential cookies. You can withdraw consent at any time. Legal Obligation: We retain certain financial records as required by tax and accounting laws.

Data Controller and Processor Roles

Tamlito acts as a data controller for your account information (name, email, subscription details) and usage data. For student data that you enter into the platform (student names, contact details, lesson records, payment records), you — the teacher — are the data controller. Tamlito acts as a data processor, processing this data solely on your behalf and according to your instructions. We do not use your student data for our own purposes, and we do not share it with third parties for marketing.

Information Sharing and Third-Party Services

We do not sell, rent, or trade your personal information. We share data only with the following categories of service providers who are necessary to operate the platform: Supabase: Database hosting, authentication, and data storage. Data is stored in Supabase's cloud infrastructure. Paddle: Payment processing for subscriptions. Paddle receives your billing information to process payments. Paddle acts as the Merchant of Record. PostHog: Product analytics to understand feature usage and improve the service. PostHog receives anonymized usage and session data. Google: OAuth authentication when you choose to sign in with Google. Google receives only the authentication request. Railway: Application hosting. Our servers run on Railway's infrastructure. We may also disclose your information if required by law, court order, or governmental authority, or to protect our rights, safety, or property.

Data Retention

We retain your data for the following periods: Account Data: Retained while your account is active. After account deletion, your personal data is permanently removed as quickly as possible, except where retention is required by law. Student Data: Retained while your account is active. Permanently deleted upon account deletion or upon your earlier request. Usage and Analytics Data: Retained for up to 24 months, then automatically deleted or anonymized. Payment and Billing Records: Retained for up to 7 years after the transaction to comply with tax and accounting obligations. To request deletion of your account and data, email us at [email protected]. There is no self-service account deletion — all deletion requests are handled by our team to ensure your data is fully and permanently removed.

International Data Transfers

Tamlito's infrastructure providers (Supabase, Railway, PostHog, Paddle) may process data in the United States and other countries outside the European Economic Area (EEA). When we transfer data outside the EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognized transfer mechanisms, to ensure your data receives an adequate level of protection. By using the service, you acknowledge that your data may be transferred to and processed in countries with different data protection laws than your country of residence.

Cookies and Tracking Technologies

We use the following types of cookies: Essential Cookies: Required for authentication, session management, and core functionality. These cannot be disabled without breaking the service. Analytics Cookies: Used by PostHog to collect usage data such as pages visited, features used, and session duration. This helps us understand how the platform is used and improve it. We do not use advertising or third-party marketing cookies. You can control non-essential cookies through your browser settings. Disabling analytics cookies will not affect your ability to use Tamlito.

Data Security

We implement industry-standard security measures to protect your data, including: encryption of data in transit (TLS/HTTPS) and at rest, secure authentication via magic links and Google OAuth (no passwords stored), Row Level Security (RLS) policies in our database to ensure teachers can only access their own data, regular security reviews and dependency updates, and access controls limiting employee access to production data. While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

Your Rights

Depending on your location, you may have the following rights regarding your personal data: Right of Access: Request a copy of the personal data we hold about you. Right to Rectification: Request correction of inaccurate or incomplete data. Right to Erasure: Request deletion of your personal data ("right to be forgotten"). To delete your account, email us at [email protected]. Your account and all associated data will be permanently deleted as quickly as possible. Right to Restriction: Request that we limit how we process your data. Right to Data Portability: Request your data in a structured, machine-readable format. Right to Object: Object to processing based on legitimate interests or for direct marketing. Right to Withdraw Consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing. Right to Lodge a Complaint: File a complaint with your local data protection supervisory authority if you believe your rights have been violated. To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

Children's Privacy

Tamlito is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If you are a teacher who tutors minors, you are responsible for obtaining any required parental consent before entering student information into the platform. If we learn that we have inadvertently collected data from a child under 16, we will delete it promptly.

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by the GDPR. If the breach is likely to result in a high risk to you, we will also notify you directly via email without undue delay.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will post the updated policy on this page and update the "Last updated" date. Your continued use of the service after changes become effective constitutes acceptance of the revised policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: Email: [email protected] Website: https://tamlito.com