Privacy Policy

Last updated: January 2025

Introduction

SandGlass ("we," "our," or "us"), operated by a company based in Romania within the European Union, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our CRM service for independent tutors at sandglass.me.

Information We Collect

Information You Provide

• Account information: Email address, name, password, country, and preferred currency when you create an account
• Student data: Names, contact information, timezones, lesson notes, and payment records that you enter into the app
• Payment information: When you subscribe to a paid plan, payment is processed by our third-party payment processor. We do not store your full credit card details.

Information Collected Automatically

• Usage data: How you interact with the app, features used, and session duration
• Device information: Browser type, operating system, and device type
• Log data: IP address, access times, and pages viewed

How We Use Your Information

We use your information to:

• Provide and maintain the SandGlass service
• Process your subscription payments
• Send you service-related communications (account verification, payment confirmations, important updates)
• Improve and develop new features
• Respond to your support requests
• Detect and prevent fraud or abuse

We do not sell your personal information to third parties.

Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), we process your personal data under the following legal bases:

• Contract: To provide the service you signed up for
• Legitimate interests: To improve our service, prevent fraud, and ensure security
• Consent: Where you have given explicit consent for specific processing activities
• Legal obligation: Where required by law

Your Student Data

The student information you enter into SandGlass (names, contact details, lesson notes, payment records) is your data. We:

• Store it securely to provide the service to you
• Do not access it except to provide technical support when you request it
• Do not share it with third parties
• Will delete it upon your request or account deletion

Important: As a tutor using SandGlass to store information about your students, you act as a data controller for that student data. You are responsible for ensuring you have the appropriate legal basis to collect and store your students' information.

Data Storage and Security

Your data is stored on secure servers within the European Union. We use industry-standard encryption for data in transit (HTTPS) and at rest. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

International Data Transfers

Our service is operated from the European Union. If you access SandGlass from outside the EU, your information will be transferred to and processed in the EU, which has strong data protection laws under the GDPR.

Third-Party Services

We use third-party services to operate SandGlass:

• Payment processing: To handle subscription payments
• Email delivery: To send transactional emails
• Hosting and infrastructure: To store and serve the application

These services have access only to the information necessary to perform their functions and are obligated to protect your data. Where these services are located outside the EU, we ensure appropriate safeguards are in place.

Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal information and student data within 30 days, except where we are required to retain it for legal or accounting purposes.

Your Rights

Under the GDPR and applicable data protection laws, you have the right to:

• Access: Request a copy of the personal information we hold about you
• Rectification: Correct inaccurate or incomplete information
• Erasure: Request deletion of your personal data ("right to be forgotten")
• Portability: Export your data in a machine-readable format
• Restriction: Request that we limit how we use your data
• Objection: Object to certain types of processing
• Withdraw consent: Where processing is based on consent, withdraw it at any time

To exercise these rights, contact us at hello@sandglass.me. We will respond within 30 days.

If you believe we have not handled your data properly, you have the right to lodge a complaint with your local data protection authority. In Romania, this is the National Supervisory Authority for Personal Data Processing (ANSPDCP).

Cookies

We use essential cookies to keep you logged in and maintain your session. We do not use tracking cookies for advertising purposes.

Analytics

We use Umami, a privacy-friendly analytics tool, to understand which pages are visited and what countries our visitors are from. This data is aggregated and anonymous—no personal information is collected or stored by our analytics.

Children's Privacy

SandGlass is not intended for users under 16 years of age. We do not knowingly collect information from children under 16.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the app. Your continued use of SandGlass after changes take effect constitutes acceptance of the revised policy.

Contact Us

If you have questions about this Privacy Policy or your data, contact us at:

Email: hello@sandglass.me