Privacy Policy
Effective date: June 7, 2026
Last updated: June 7, 2026
This Privacy Policy describes how Zenkclass ("we", "the Company") collects, uses, and protects your personal information when you use the Zenkclass application — software for class schedule and fee management for individual tutors and tutoring centers in Vietnam — via website https://zenkclass.com or mobile app. By using our services, you agree to the terms of this policy. See also Terms of Service.
1. Information We Collect
1.1 Information You Provide During Registration
- Full name
- Email address
- Phone number
- Password (bcrypt hashed — we never see the plain password)
- Profile picture (if uploaded)
1.2 Tutor Profile Information
- Subjects taught, grades taught, teaching areas
- Province / district / detailed address
- Education level (school, major, graduation year)
- CV / experience profile
- Bank account (to receive payment from parents) — we only store BIN, account number, account holder name
1.3 System Permissions for Specific Features
Some features require OS-level permissions. The app prompts you at first use; you can deny or revoke them at any time in device Settings — affected features may be limited but the app still functions.
- Camera: capture session check-in photos (Locket-style — shared with parents), upload profile picture, CV photos.
- Photo Library: pick profile picture / CV; save VietQR receipts to device.
- Location (precise / GPS): only when you capture a session check-in photo. The app fetches current GPS coordinates + reverse-geocodes them to an address, then burns in metadata directly into the captured image(overlay) as evidence for parents. Raw coordinates (lat/lng) are stored with the session so admins can review them when disputes arise. We do not continuously track location, nor share it with third parties for marketing.
- Push Notifications: receive alerts about new matching classes, session reminders, admin messages.
- Face ID / Touch ID: fast app unlock. Biometric data is processed locally on-device (Secure Enclave / Trusted Execution Environment) — we never receive biometric templates.
1.4 Automatically Collected Information
- Device info: model, OS, language, timezone
- Push notification token (FCM token / APNs token / Web Push subscription)
- Internal user ID (linked with crash logs + analytics events)
- App version, install date
- System logs upon crash (via Firebase Crashlytics)
- Anonymous usage events (via Firebase Analytics — only if you allow via ATT, see 1.5)
- IP address (only for security + anti-spam)
1.5 App Tracking Transparency (ATT — iOS only)
Per Apple's requirements, on first launch on iOS we display the prompt "Allow Zenkclass to track your activity across other companies' apps and websites?". Tracking here applies only to Firebase Analytics for feature measurement + anonymous user segmentation.
- If you choose "Allow": Firebase Analytics receives a user ID + anonymous events (e.g. which screen opened, which button tapped).
- If you choose "Ask App Not to Track": we do not send user ID to Firebase Analytics. The app continues to work fully — Crashlytics + push notifications + data sync are unaffected (these are not tracking per ATT definition).
You can change this at any time: iOS Settings → Privacy & Security → Tracking → Zenkclass.
1.6 In-App Purchase / Pro Subscription
When you purchase the Pro plan (monthly/yearly subscription) via Apple In-App Purchase:
- Apple handles 100% of the payment processing. We do NOT receive credit card information, Apple ID password, or your payment methods.
- We receive Apple's receipt (transaction ID + expiry date + plan ID) to verify + activate Pro on your account.
- Pro transaction history is stored on your account to handle refunds / restore.
1.7 Information We DO NOT Collect
- Phone contacts
- SMS messages
- Call history
- Browsing history outside the app
- Background or continuous GPS location (we only sample GPS at the exact moment you tap capture-checkin)
- Microphone / audio
- Biometric data (FaceID/TouchID is local unlock only, never sent to server)
- Health / Fitness data
2. How We Use Your Information
| Data | Purpose |
|---|---|
| Email, password, OTP | Login authentication, password recovery |
| Name, profile picture | Display profile to parents when applying for classes |
| Subjects / grades / areas | Match with lead postings |
| Bank account | Display VietQR for parent payments |
| FCM / APNs token | Send notifications for new classes, upcoming sessions |
| Check-in photo + GPS at capture time | Burn-in metadata (time + date + address) into the image as evidence for parents; admins review to resolve disputes. |
| Crash logs + app events | Fix bugs (Firebase Crashlytics) + improve UX (Firebase Analytics) |
| Apple IAP receipt | Verify + activate Pro plan |
3. Third-Party Data Sharing
We DO NOT sell personal information to third parties. We only share in these cases:
| Third Party | Data Shared | Purpose |
|---|---|---|
| Google Firebase (FCM, Crashlytics, Analytics) | FCM token, device ID, crash logs, user ID (only if you allow ATT), anonymous events | Push notifications, error tracking, UX measurement |
| Apple Push Notification Service | APNs token | iOS push notifications |
| Apple In-App Purchase / StoreKit | IAP transaction receipt (no card data) | Verify + activate Pro plan |
| Google OAuth | Email, name, photo on Google login | Authentication |
| Apple Sign In | Email, name on Apple login | Authentication |
| AWS S3 | Profile picture, CV files | Media storage |
| Parents / students (via marketplace) | Name, profile picture, subjects, areas, public CV (if enabled) | Allow parents to choose tutors |
We may share information with government authorities upon legal request (Vietnam Cybersecurity Law 2018, Decree 13/2023/ND-CP on Personal Data Protection).
4. Data Storage and Retention
- Data stored on servers in Singapore (Vultr Cloud) + MongoDB.
- Active accounts: stored throughout usage period.
- When you delete your account (in-app: Profile → Settings → Delete Account):
- Within 24h: full PII anonymization (email, name, phone → null + random string)
- After 90 days: hard-delete of identity fields
- Financial transactions retained 5 years per Vietnam Accounting Law
5. Your Rights
Under Vietnam Decree 13/2023/ND-CP on Personal Data Protection, you have the following rights:
- Right to access: view your data at Profile → View Personal Data
- Right to correct: update anytime in app
- Right to delete: permanent account deletion at account deletion page or in-app
- Right to withdraw consent: uninstall + delete account
- Right to complain: email support@zenkclass.com
We respond to requests within 72 business hours.
6. Security
- Passwords hashed with bcrypt (10 rounds salt).
- JWT tokens signed with HS256, 256-bit secret, refresh token rotation.
- HTTPS enforced (TLS 1.2+).
- Mobile tokens stored in Keychain (iOS) / Keystore (Android).
- Server firewall + rate limiting + 24/7 monitoring.
However, no system is 100% secure. You are responsible for protecting your password.
7. Children Under 13
Zenkclass is for users 13 years and older. We do not knowingly collect data from children under 13. If you discover such data, please email support@zenkclass.com and we will delete it immediately.
8. Policy Changes
We may update this policy. For significant changes, we will:
- Show in-app popup on next open
- Send email notification
- Update "Last updated" date at top
9. Contact
- Email: support@zenkclass.com
- Website: https://zenkclass.com
- Operator: Zenkclass — Vietnam