Acceptable Use Policy

TutorLab is built for honest, professional private tutors in the UK. This policy sets out what you may and may not do when using the service. It protects you, other users, the students and parents who interact with the platform, and the integrity of the service itself.

This policy is not exhaustive. We reserve the right to take action against behaviour that, in our reasonable judgement, harms users, TutorLab, or the public — even if it is not explicitly listed here.

You may use TutorLab to:

• Manage your own private tutoring students, sessions, and invoices
• Generate lesson plans, parent reports, homework tasks and exam-style questions for your own teaching use
• Publish and maintain a professional public profile to attract students
• Communicate with parents who enquire through your profile
• Run a legitimate tutoring agency or multi-tutor business using an Agency account
• Export your own data for your own record-keeping purposes

You must not use TutorLab to:

• Violate any UK law, EU law applicable to you, or the law of any jurisdiction in which you operate
• Commit or facilitate fraud, including identity fraud, financial fraud, or misrepresentation to parents or students
• Transmit or store content that is defamatory, obscene, threatening, harassing, or incites violence or hatred
• Generate, store, or distribute content that sexualises, exploits, or endangers minors — this includes using AI features to produce such content
• Engage in or facilitate money laundering or tax evasion
• Violate any data protection law, including UK GDPR, in your handling of student or parent data

We will report credible evidence of criminal activity — particularly anything involving the exploitation of minors — to the relevant authorities without notice.

You must not:

• Attack or probe the service:Conduct penetration testing, port scanning, denial-of-service attacks, or any attempt to identify or exploit vulnerabilities in TutorLab's infrastructure without our express prior written authorisation.
• Attempt unauthorised access:Try to access accounts, data, systems or areas of the service that you are not authorised to access, including other tutors' accounts or data.
• Interfere with the service:Transmit malware, viruses, or any code designed to damage, disable, or disrupt TutorLab's systems or other users' devices.
• Bypass security controls: Circumvent rate limits, authentication mechanisms, plan restrictions, or any other technical control.
• Scrape or harvest data: Use automated tools (bots, scripts, scrapers) to extract data from TutorLab — including tutor profiles, contact details, or directories — for any purpose.
• Reverse engineer:Decompile, disassemble, or attempt to derive source code, algorithms, or trade secrets from TutorLab's software.

If you discover a security vulnerability, please report it responsibly to harry@trytutorlab.uk before disclosing it publicly. We commit to investigating all reports promptly and will not take legal action against good-faith security researchers who follow responsible disclosure.

Content you enter into TutorLab (profile text, session notes, AI prompts, messages to parents) must not:

• Be false, misleading, or deliberately inaccurate — particularly on your public profile (claimed qualifications, experience, verification status)
• Infringe the copyright, trademark, or other intellectual property rights of any third party
• Include defamatory statements about any person or organisation
• Be sexually explicit or include nudity
• Harass, threaten, or intimidate any person
• Include personal data about individuals who have not consented to their data being stored in TutorLab
• Advertise or promote third-party products or services without our written consent

Testimonials on your public profile must be genuine. Fabricating or paying for fake testimonials is a breach of the Consumer Protection from Unfair Trading Regulations 2008 (UK) and these terms.

When using TutorLab's AI features you must not:

• Academic dishonesty:Use AI features to write or complete assessed coursework, exams, or assignments on behalf of a student in a way that violates their school's or exam board's academic integrity policy.
• Harmful content generation:Attempt to use prompt injection, jailbreaking, or other techniques to generate content that TutorLab's AI features are designed not to produce — including content that endangers children or promotes illegal activity.
• Overclaiming AI outputs: Present AI-generated lesson plans, parent reports, or other outputs as if they were independently verified professional assessments without reviewing and taking responsibility for the content.
• Excessive sensitive data in prompts: Include medical records, special educational needs diagnoses, home addresses, or other highly sensitive personal data in AI prompts unless strictly necessary and you have the appropriate consent to do so.
• Abuse of free-tier limits: Use multiple accounts, browser profiles, or other methods to circumvent the weekly AI credit limits on the free plan.

As a data controller for student and parent data you enter into TutorLab, you are responsible for:

• Obtaining and recording the lawful basis (typically parental consent) before adding a student's personal details
• Informing parents that their data and their child's data is stored in TutorLab, a cloud-based software service
• Entering only the minimum data necessary for the tutoring relationship
• Keeping student data accurate and up to date
• Deleting student records when they are no longer your student and there is no ongoing legal requirement to retain them
• Responding promptly to data subject access requests from parents or students (you are the controller; we can assist as processor)
• Checking whether you need to register with the ICO as a data controller

Misuse of student or parent data — including sharing it with third parties without consent, using it for commercial purposes beyond tutoring, or failing to delete it when required — is a serious breach of this policy and UK GDPR.

You must not:

• Resell, sublicence, or white-label TutorLab to third parties without our written consent
• Build a competing product using data, designs, or ideas obtained from TutorLab
• Share your account login with other tutors who have not paid for their own subscription (unless you hold an Agency account with sufficient seats)
• Use TutorLab to run bulk, automated outreach or marketing operations that consume disproportionate server resources

If you believe another user is violating this policy — for example, a tutor profile contains false qualifications or abusive content — please report it to harry@trytutorlab.uk with as much detail as possible. We take all reports seriously and will investigate within a reasonable timeframe.

Questions about this policy: harry@trytutorlab.uk