Account & security

Defence in depth: anyone trying to break into your account would need to defeat all of these, not just one. We strongly recommend turning on at least the first three.

In Settings → Security, scan the QR code with any TOTP app (Authy, 1Password, Google Authenticator) and enter the six-digit code to confirm. From then on, every sign-in asks for a fresh code on top of your password.

Passkeys are the modern alternative to passwords — a touch on your phone or laptop, no codes to type, phishing-resistant by design. From the same Security page, click Add a passkey and follow your device's prompts.

If you own a hardware key (YubiKey, Solo, Titan), it works the same way — register it once and tap it on each sign-in.

We require a strong password and reject ones that have shown up in known breaches — you'll see real-time feedback as you type. Your password is stored in a form that even we can't read, so we can never email it back to you. If you forget it, use the reset link.

Change your password from Settings → Security straight away. Changing your password automatically signs out every other session, so anyone using your account elsewhere is bumped out the moment the new password takes effect.

If you also think your TOTP device is at risk, open Settings → Security, disable TOTP, and set it up again with a fresh QR scan — the old secret stops working as soon as you turn it off.

Use the Report bug button in the app — it goes straight to our support inbox with everything we need to reproduce the problem. If you've found a security issue, mark it as such when you submit and we'll prioritise it.

We don't hide the door. From Settings → Account → Delete account you can wipe everything we hold about you. Before the delete will go through, we check there are no open invoices, active packages, or open Stripe disputes — settle those first and you'll be able to retry. Once you confirm, we work through these steps in order:

• Your Stripe Connect account is detached (we revoke our access to it).
• Your Google OAuth refresh token is revoked on Google's side, and any calendar events we created are removed.
• Your active subscription is cancelled — you won't be charged again.
• All students, parents, lessons, packages and invoices are deleted immediately by a cascade on the user row.

Retention specifics for the records we're obliged to keep afterwards (HMRC-relevant financial records) are covered in our privacy policy.