Privacy Policy

Welcome to English with John (“we”, “us”, “our”). This policy explains what personal data we collect when you use our website and teaching tools, how we use it, and your rights.

Who we are

Controller: English with John (hello@johnclass.org).

What we collect

• Account & sign‑in data: email address and session information when you sign in (via email link or Google).
• Calendar data (if you connect Google Calendar): free/busy information, calendar and event metadata necessary to show availability and create/update lesson events you choose. We never read your email contents.
• Class materials & uploads: lesson HTML/ZIP you upload, and any deck data parsed to your local browser storage.
• Audio recordings (only when you choose to record): voice messages you record for your teacher are stored to deliver the service.
• Device & log data: basic logs (e.g., IP, browser type) for security and troubleshooting.
• Local storage: we use localStorage to persist your Supabase session and lesson data on your device. We do not use advertising cookies.

How we use your data

• Authenticate you and keep you signed in.
• Show availability and prevent double‑booking.
• Create or update lesson events on the calendar you choose.
• Provide learning features (flashcards, classes, recordings).
• Secure and maintain our service; prevent abuse.
• Respond to support requests.

Lawful bases (GDPR)

• Contract: to provide lessons, scheduling, and your account.
• Consent: microphone/camera access and sending email sign‑in links.
• Legitimate interests: security, service improvement, basic analytics from logs.

Google API Services

If you connect Google Calendar, we only use the scopes you approve to read free/busy information and to create/update your lesson events on the calendar you select.

Use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Recordings & camera/mic

Recording is always initiated by you. We only access your microphone/camera when you click to record or join a live class, and you can stop at any time. Recordings you submit are stored to deliver feedback and for your own review.

Storage & processors

• Hosting: Netlify (website hosting).
• Database & file storage: Supabase (user accounts, lesson files, recordings).
• Calendar integration: Google Calendar APIs (free/busy and events).
• Live classes (when used): Zoho/Zoho Meeting redirection.

These providers may process data in the EU or other countries. Where data is transferred internationally, we rely on appropriate safeguards (such as Standard Contractual Clauses) provided by those processors.

Retention

• Account/session: as long as your account is active.
• Bookings & events: as needed for scheduling and records.
• Recordings: kept until you delete them or ask us to delete them.
• Server logs: typically retained for a short period for security and troubleshooting.

Sharing

We share data with service providers listed above to operate the service, and if required by law. We do not sell your data.

Your rights

If you are in the EEA/UK, you have the right to access, correct, delete, or export your data, and to object or restrict certain processing. You can also withdraw consent at any time. To exercise your rights, email hello@johnclass.org.

Children

Our service is not intended for children under 13. If you’re in the EEA/UK, additional consent may be required for users under 16.

Security

We apply reasonable technical and organizational measures, including access controls, encryption in transit, and principle of least privilege for tokens and storage.

Changes

We may update this policy. We will post the new effective date above and, if changes are material, we’ll provide additional notice where appropriate.

Contact

Questions? Email hello@johnclass.org.