Privacy & Data Security

At Marlow Learning, your family’s privacy is a central focus. Every software tool and workflow process has been selected to protect your information and keep you safe from malicious actors.

I. The Risks of Closed-Source Services

Many tutoring businesses rely on closed-source services like Google Drive for file sharing, Zoom for video calls, and PayPal for payments. The convenience and brand familiarity of such services is not worth the risk to client data. Where source code is proprietary, users must rely entirely on the provider’s word regarding how their data is encrypted and used and where it is stored. Corporate secrecy can obscure security vulnerabilities from public view, and the lack of independent audits means that users cannot verify whether a service provider’s encryption claims are true.

Additionally, these service providers centralize massive amounts of sensitive client information, making them high-value targets for cyber-attacks. When breaches occur within closed systems, users often have no way of knowing the full extent of their exposure unless the service provider chooses to disclose it.

Even relying on closed-source platforms temporarily with the intention of moving to an open-source provider later can be problematic. To lock-in users, proprietary service providers often make user data migration difficult and time-consuming. Vendor lock-in is especially common where the service providers monetize data by scanning user content for advertising and profiling purposes.

Where possible, I operate open-source software on infrastructure that I control. Where external hosting is necessary, I use transparent, Canada-based providers to ensure that client data is stored securely and not monetized. My encrypted backups are stored on BorgBase infrastructure in the European Union, where data is subject to the General Data Protection Regulation. This page explains how Marlow Learning’s software choices, data infrastructure, and operational practices keep your data private and secure.

II. Local Computer Setup

A. Linux

Marlow Learning’s computers run on a Linux distribution called Pop! OS, an operating system developed by System76. Unlike Microsoft’s Windows or Apple’s macOS, Linux is open-source, meaning its code is publicly visible and scrutinized by a global community of developers. Security vulnerabilities are identified and patched quickly, and unlike proprietary operating systems, Pop! OS does not mandate intrusive telemetry or the silent harvesting of usage data.

B. Docker

Many of the applications powering Marlow Learning run inside Docker containers, which are self-isolated environments that separate applications and their dependencies from others. If one container was ever compromised, the others would remain unaffected. Docker also makes it straightforward to keep software updated, which is essential for security.

C. OpenSnitch

An open-source application firewall, OpenSnitch monitors and controls all outbound network connections made by every application on the system. It provides a critical fail-safe by governing whether applications can communicate with the outside world, and if a compromised program attempted an unauthorized network connection, OpenSnitch would block it before data could leave the machine. Unlike some firewalls that operate purely at the network level, OpenSnitch works at the process level, meaning it identifies precisely which application is attempting a connection and applies rules accordingly. For a business handling sensitive client documents, this granular control adds a vital layer of defence that many small businesses overlook entirely.

D. Uncomplicated Firewall

Commonly referred to as UFW, Uncomplicated Firewall is a straightforward Linux firewall that blocks all incoming network connections by default, permitting only those that are explicitly necessary. On Marlow Learning’s local office machine, only the ports required for legitimate local operations are open, and every other port is closed. This ensures that even if a vulnerability were discovered in a piece of software running on the machine, an attacker would have no network path to exploit it.

E. Flat Seal

Flatseal is used to manage permissions for Flatpak applications on the desktop, ensuring that no Flatpak application has access to parts of the system it does not need. While OpenSnitch governs outbound network connections at the process level and UFW blocks unauthorized incoming connections by default, Flatseal operates at a different layer, controlling whether Flatpak applications can access the filesystem, hardware devices, and other system resources beyond their intended scope. Together, these three tools implement the principle of least privilege across network and system access: every application communicates only with what it is permitted to reach and accesses only the system resources it genuinely requires.

III. Website

A. Astro Web Framework

Marlowlearning.ca is built with Astro, a modern static site framework, and hosted on Cloudflare Pages. To understand why this matters for your security, it helps to first understand how most small business websites are built. Platforms like Wordpress, Wix, and Ghost power dynamic websites that run server-side code, maintain databases, and process requests every time a visitor loads a page. This complexity comes with a significant security cost. Wordpress alone accounts for roughly 90% of all hacked content management systems globally. This disproportionate share is due to Wordpress’s dynamic architecture, plugin ecosystem, and database dependencies, all of which create numerous potential entry points for attackers, including ransomware. A ransomware attack on a dynamic website can encrypt or destroy not just the website itself but any data stored alongside it, including client records.

A static website like marlowlearning.ca contains no server-side code, no database, and no plugin ecosystem to exploit. It is essentially a collection of pre-built files delivered directly to your browser, so there is nothing for an attacker to execute, no database to breach, and no credentials to steal through the website itself. Cloudflare, one of the world’s leading web infrastructure providers, adds an additional layer of protection through enterprise-grade DDoS mitigation and global content delivery. This architecture does not just protect Marlow Learning as a business but also protects you as a client, because a website that cannot be compromised is a website that cannot be used as a vector to access your information. Further, marlowlearning.ca has no tracking cookies, no advertising scripts, and no third-party analytics or visitor tracking scripts.

B. Codeberg Source Code Infrastructure

How the source code for a website is stored and maintained is also critical for privacy and security. Corporate trackers and data miners can exploit insufficiently secure source code, and even a static website could become dangerous for visitors if a bad actor gains unauthorized access and injects malicious code. To protect client privacy and keep this website’s source code completely secure, Marlow Learning self-hosts Codeberg’s privacy-focused source code infrastructure. This ensures that zero client data, configuration metadata, or operational code is ever exposed to public networks, corporate telemetry, or unauthorized AI-scraping engines.

IV. Self-Hosting

A. OVHcloud Canada

Rather than entrusting client data to a managed platform like Google Drive, Dropbox, or Microsoft OneDrive, where a corporation controls the server, its configuration, and ultimately your data, I self-host dedicated private infrastructure rented through OVHcloud Canada, consisting of a virtual private server and a block storage volume. I choose what software runs on the hardware, how it is configured, who can access it, and how data is backed up. No platform provider has administrative access to the server, the block storage volume, or their contents. Any live client data that does not reside directly on my local office machine is hosted on my OVHcloud infrastructure within Canada.

OVHcloud is one of the largest and most reputable cloud infrastructure providers, and their Canadian data centres ensure that all externally hosted data is physically located within Canada and subject to Canadian privacy law. This is a meaningful distinction for Canadian families, as your live data is not subject to American laws such as the PATRIOT Act or the CLOUD Act, which can compel American companies to disclose user data to American government agencies without notifying the affected individuals.

Many large, well-known tutoring platforms operate within centralized data infrastructures subject to their own privacy policies, corporate ownership structures, and commercial incentives. When a family uses one of these platforms, their child’s academic records, session history, and personal information become part of that platform’s data asset, stored on servers they do not control, under terms that can change without notice. Choosing an independent, self-hosted tutor means choosing someone who has made a deliberate commitment to keeping your family’s information private.

B. Uptime Kuma

Uptime Kuma is a self-hosted monitoring tool that continuously checks whether Marlow Learning’s client-facing services are online and accessible. If Nextcloud, BookStack, or any other hosted service goes offline unexpectedly, Uptime Kuma sends an immediate alert, allowing me to respond and restore service as quickly as possible. For a tutoring business where clients rely on consistent access to their documents, resources, and communication channels, minimizing downtime is a professional obligation. Uptime Kuma runs on Marlow Learning’s OVHcloud Canada server alongside the services it monitors, meaning the monitoring infrastructure is subject to the same Canadian privacy standards as everything else.

C. Server Security Hardening

Running a publicly accessible server is a serious security responsibility. A VPS exposed to the internet receives automated attack attempts within minutes of going online because malicious bots continuously scan the entire internet for vulnerable servers. No single server security measure is sufficient on its own, so Marlow Learning’s approach to server security is built around the concept of layered defence, where each measure makes the next layer harder to penetrate. If an attacker bypasses one control, they encounter another, and then another. The following measures are implemented from the moment a new Marlow Learning server goes live, before any client-facing service is deployed, and are maintained continuously throughout the server’s lifetime.

i. Fail2ban

Fail2ban is an open-source intrusion prevention tool that runs silently in the background on Marlow Learning’s OVHcloud Canada server. It continuously monitors server log files for signs of malicious activity such as repeated failed login attempts, which are a hallmark of automated brute force attacks. When Fail2ban detects a pattern consistent with an attack, it automatically blocks the offending IP address before any damage can be done. An unavoidable reality of operating an internet-facing publicly accessible server is that it receives automated attack attempts from around the world within minutes of going live. Fail2ban is deployed at the outset on any new Marlow Learning server, ensuring that client-facing services are protected from the moment they go online.

ii. SSH Key-Based Authentication

Secure Shell (SSH) is the protocol used to remotely administer a Linux server. By default, SSH allows login via password, which makes it vulnerable to brute-force attacks where automated tools attempt thousands of password combinations in rapid succession. Marlow Learning disables password-based SSH login entirely, permitting access only through cryptographic key pairs. A key pair consists of a private key that never leaves my local machine and a public key stored on the server. Unlike a password authentication model, where a secret string is sent across the network to be verified, SSH key authentication uses a challenge-response mechanism. In essence, the server issues a cryptographic puzzle that can only be solved locally by the matching private key, and the resulting answer is sent across the network for verification. Because a standard Ed25519 private key represents a mathematical search space of up to 2²⁵⁶ combinations, guessing the key is physically impossible. Without the private key to solve the server’s unique challenge, remote access remains mathematically impenetrable regardless of how many trillions of automated login attempts are made.

iii. UFW Firewall

As with Marlow Learning’s local office machine, Uncomplicated Firewall is also deployed on the OVHcloud Canada server. On the server, only the ports required for web traffic and secure administration are open, and every other port is closed, meaning that even if a vulnerability were discovered in a piece of software running on the server, an attacker would have no network path to exploit it.

iv. Disabled Root Login

The root account is the most powerful account on any Linux server, with unrestricted access to every file and process on the system. Direct root login via SSH is disabled on all Marlow Learning servers. All administrative tasks are performed through a non-root account with selective administrative privileges, meaning that even if an attacker were somehow to gain access to that account, the damage they could cause would be significantly constrained.

v. Non-Standard SSH Port

SSH operates on port 22 by default, and the vast majority of automated attack tools target this port specifically. Moving SSH to a non-standard port does not make the server impenetrable, but it eliminates the overwhelming majority of automated attack attempts before they even reach the authentication layer, reducing noise in server logs and lowering the load on Fail2ban.

vi. Automatic Security Updates

The underlying operating system of Marlow Learning’s server is configured to automatically apply security patches as they are released. Software vulnerabilities are discovered regularly, and the window between a vulnerability being published and attackers exploiting it can be measured in hours. Automatic security updates ensure that the server’s operating system remains patched without relying on manual intervention, closing vulnerabilities before they can be exploited.

vii. Two-Factor Authentication

Two-factor authentication is enabled on Nextcloud and all other client-facing services that support it. Even if a password were somehow compromised, an attacker would still require a second form of verification, which is typically a time-sensitive code generated by an authentication app, to gain access. This adds a critical additional layer of defence for the services that hold the most sensitive client data.

V. Bookings, Video, Communication, & Documents

A. Nextcloud

Nextcloud is the heart of Marlow Learning’s client-facing infrastructure. A self-hosted cloud platform, Nextcloud runs on Marlow Learning’s dedicated server through OVHcloud Canada. This ensures that all live data stored on Nextcloud remains secure and physically located within Canada. Your documents, signed contracts, and communications are never routed through foreign servers and are subject to Canadian privacy law rather than the data retention policies of American or international corporations. Nextcloud is used for the following purposes at Marlow Learning:

i. Bookings

When you schedule an initial consultation at marlowlearning.ca, you use a booking form hosted within Nextcloud. Once a client account has been created for you, you will log into Nextcloud to access your personal booking link in order to schedule tutoring sessions. Because bookings are handled entirely within Marlow Learning’s self-hosted infrastructure, your contact information and scheduling history remain on Canadian servers and are never distributed to third-party platforms for advertising or data profiling purposes.

ii. Contract Signing

Tutoring agreements are signed digitally through LibreSign, a contract signing tool built directly into Nextcloud. The dominant alternative in this space is DocuSign, a closed-source platform that processes and stores signed legal documents on American servers under American jurisdiction. HelloSign and Adobe Sign present similar concerns. With LibreSign, your signed contracts never leave my Canadian server infrastructure. They are stored securely within the same system that handles your other documents, under the same privacy protections, with no third-party involvement.

iii. Secure Document Uploads

When you need to share a document with me (such as a writing sample or school assignment), it is uploaded directly to my Nextcloud instance rather than emailed or shared via a consumer cloud service. Google Drive, the most common alternative, is convenient and familiar, but it operates on Google’s servers, is deeply integrated into Google’s advertising and data profiling infrastructure, and grants Google broad rights to analyze uploaded content. Microsoft OneDrive presents similar concerns within Microsoft’s ecosystem. With Nextcloud, your documents never touch a corporate server. They are stored exclusively on my OVHcloud Canada infrastructure, accessible only to you and me, and are never scanned, analyzed, or monetized.

iv. Video Sessions

All tutoring sessions are conducted by video through Nextcloud Talk, Nextcloud’s built-in video conferencing tool. By self-hosting Nextcloud, Marlow Learning protects your privacy, ensuring that your video sessions will never be routed through a third-party platform. Google Meet, Microsoft Teams, and Zoom collect and monetize user information, tying your activity to their advertising ecosystems. With a publicly available codebase and transparent data handling practices, Nextcloud distinguishes itself from other video conferencing tools by never monetizing user information for advertising purposes.

All video sessions are recorded so that clients and students may review them. Accessible through Nextcloud, the video recordings are saved on my OVHcloud Canada secure block storage volume. Videos are not duplicated to any backup repository and cannot be recovered once deleted. Each video is automatically purged after five months.

v. Secure Chat

Nextcloud Talk provides an encrypted messaging channel for communication between sessions. The most familiar alternatives, such as email, Slack, and Microsoft Teams, are either unencrypted by default, subject to corporate data retention policies, or actively monetized through data analysis. Email in particular is one of the least secure communication methods available, as messages pass through multiple servers and are rarely encrypted in transit or at rest. Slack retains message history on its own servers and has faced scrutiny over its data handling practices. Nextcloud Talk keeps our conversation history in one secure, encrypted place on Canadian infrastructure, visible to no one but us.

B. Tuta Mail

Client email communication is handled through Tuta Mail, an encrypted email service developed by Tuta, a company based in Hanover, Germany. Tuta Mail is one of two tools in the Marlow Learning stack that is not self-hosted. Self-hosting email is one of the most technically complex and security-sensitive undertakings a small business can attempt, and a misconfigured email server can introduce serious vulnerabilities that outweigh the privacy benefits of direct control. For this reason, Marlow Learning uses a trusted, specialized provider rather than managing email infrastructure independently.

Tuta Mail was chosen deliberately. It is subject to some of the world’s strictest privacy legislation, including the European Union’s General Data Protection Regulation, which provides stronger legal protections in many respects than those available under Canadian law alone. Crucially, Tuta Mail uses end-to-end encryption, meaning that even Tuta itself cannot read the contents of your emails. The encryption is applied before messages leave your device and is only decrypted on the recipient’s device. No corporate server, including Tuta’s own, has access to your message content. And while other secure email providers like Proton Mail open-source only their client-side apps, Tuta Mail has also open-sourced its back-end server code, making all of Tuta’s infrastructure code publicly available for anyone to inspect, audit, and improve.

It is important to note, however, that email encryption is only as strong as both ends of the conversation. If Marlow Learning sends an encrypted email through Tuta Mail and you receive it in Gmail, Outlook, or another conventional email service, your provider may store that message in an unencrypted or only partially encrypted form on its own servers. For this reason, existing clients are asked to use Nextcloud Talk’s secure chat feature rather than email for ongoing communication. Nextcloud Talk keeps your messages within Marlow Learning’s self-hosted OVHcloud Canada infrastructure, end-to-end encrypted, with no third-party email provider involved at any point.

Email remains available for initial contact and onboarding, where its convenience outweighs its limitations. For existing clients, however, email is restricted strictly to transactional, automated system updates, such as delivering paid invoices from my payment processor or transmitting instant notifications when you receive a message prompt in Nextcloud. Apart from these automated transactional receipts from my no-reply addresses, Nextcloud Talk remains the mandatory, secure, and privacy-oriented choice for all ongoing tutor-client communication and collaboration.

C. VoIP.ms & Linphone

Voice calls and voicemail are handled on my computer through VoIP.ms, a Canadian VoIP provider headquartered in Montreal, Quebec. Unlike corporate telephony platforms such as Google Voice or Microsoft Teams calling, which are deeply integrated into their parent companies’ data ecosystems and subject to American jurisdiction, VoIP.ms is a Canadian company operating under Canadian privacy law. This means that call records and voicemail data are stored on Canadian infrastructure rather than on foreign servers.

Calls are placed and received through Linphone, an open-source softphone client that runs locally on my machine. Linphone handles the voice connection without routing your call data through a proprietary corporate app or cloud service. As with every other communication tool at Marlow Learning, the goal is to keep your interactions within a privacy-respecting, Canadian-anchored infrastructure wherever possible.

VI. Payments & Financial Administration

A. Stripe

Online payments and invoicing are processed through Stripe, one of the world’s most trusted and widely used payment processors, and one of two tools in the Marlow Learning stack that is not self-hosted. Self-hosting a payment processing system would require maintaining PCI DSS compliance infrastructure, which is an enormously complex and expensive undertaking that is impractical for an independent tutoring practice. Stripe handles this responsibility on Marlow Learning’s behalf. It is PCI DSS compliant, meaning it meets the gold standard for payment security, and it uses end-to-end encryption for all transactions. Marlow Learning never stores your payment card information directly. All financial data is handled exclusively by Stripe’s secure infrastructure, and payment records are imported manually into my locally hosted accounting system for reconciliation purposes, where they remain offline and inaccessible from the internet. Automated invoices and transaction receipts are transmitted through Stripe to you from [email protected]

B. ERPNext

Bookkeeping and accounting for Marlow Learning are managed through ERPNext, an open-source enterprise resource planning system that runs locally on my machine. Financial data from Stripe is imported manually for reconciliation purposes. ERPNext is never connected to the internet during normal operation, which means your financial records are kept entirely offline and are never exposed to external threats.

VII. Education Resources

BookStack

Educational resources, curriculum materials, and learning guides made available to students, parents, and guardians are published through BookStack, a self-hosted, open-source knowledge management platform hosted on Marlow Learning’s dedicated OVHcloud Canada server. BookStack organizes content into a clean, structured format that is easy to navigate, and access is controlled through individual client accounts, meaning your login credentials grant access only to the resources intended for you. Because BookStack is self-hosted on Canadian infrastructure, I control exactly what is published, who can access it, and how it is maintained. There is no reliance on a third-party platform that could change its terms, go offline, sell its user base to a new owner, or expose your access credentials through a corporate data breach. Your login information and usage history remain on Canadian soil, subject to Canadian privacy law, and visible to no one but you and me.

VIII. Internal Tools

The following tools are used internally to manage the business and do not interact with client data.

A. EspoCRM

EspoCRM is a self-hosted customer relationship management tool used for managing outreach pipelines to schools and educational institutions. No tutoring client data is stored here.

B. Logseq

Logseq is an open-source note-taking application used for session planning and internal notes. Session notes are stored locally and never uploaded to a third-party server.

C. Obsidian

Obsidian is a writing tool used for drafting curriculum materials, articles, and educational content. Unlike most other tools in the Marlow Learning stack, Obsidian is not open-source, as its codebase is proprietary and cannot be independently audited. For this reason, additional precautions are taken to ensure it cannot communicate with the internet. OpenSnitch is used to revoke Obsidian’s network access entirely, and community plugins are disabled to eliminate any third-party code that could introduce unexpected data sharing or security vulnerabilities. All data is stored locally and never leaves the machine.

D. Speech Note

Speech Note is a locally running voice transcription tool used to assist with note-taking after sessions. Voice recordings are processed entirely on my machine and are never sent to a cloud service for transcription.

IX. Artificial Intelligence Tools

Marlow Learning makes selective use of artificial intelligence tools to support research, curriculum development, and website content writing. Specifically, I use Claude, an AI assistant developed by Anthropic, a safety-focused AI company. Claude assists with tasks such as researching the relationship between neuroscience and pedagogy, drafting and refining website content, and exploring tutoring ideas.

It is important to be transparent about what Claude is and is not used for. Claude is a cloud-based AI service, meaning conversations are processed on Anthropic’s servers rather than locally on my machine. For this reason, Marlow Learning maintains a strict policy of never uploading client documents, student information, session notes, or any other sensitive data to Claude or any other AI service. Claude is used exclusively for general research and content tasks that contain no personal or confidential information whatsoever.

This boundary is non-negotiable. The same philosophy that governs every other tool in the Marlow Learning stack applies equally to AI tools. No student’s name, no parent’s contact information, no uploaded document, and no session record ever enters an AI system. AI assistance at Marlow Learning is strictly a productivity and research tool, not a data processing tool.

X. Security Practices

A. Regular Software Updates

All applications and containers are updated promptly when new versions are released, ensuring that known security vulnerabilities are patched quickly.

B. Dedicated Office Environment

Marlow Learning operates from a dedicated office space on one local machine. This approach is part of a broader security philosophy at Marlow Learning. No client-facing application syncs to a personal phone, tablet, or secondary computer. This means there is no risk of client data appearing on a lost or stolen mobile device, no accidental sync to a personal account, and no blurring of the boundary between professional and personal computing environments.

C. Principle of Least Privilege

As mentioned above with regard to UFW, OpenSnitch, and Flatseal, each software application has access only to what it needs and nothing more. Client documents, for example, are accessible only through Nextcloud and are not visible to other applications running on the same system. Application permissions on the desktop are actively managed to ensure no software can reach beyond its intended scope.

D. Local Password Management

Every application and service used by Marlow Learning is protected by a strong, unique password generated and stored in a locally hosted, open-source password manager. Unlike cloud-based password managers that synchronize your credentials across devices via a remote server, this password manager stores its encrypted database exclusively on my local machine. There is no cloud sync, no remote access, and no third-party server that could be breached to expose login credentials. The encrypted database never leaves the device that it is stored on.

E. Encrypted Backups

Apart from video recordings of tutoring sessions, all data is backed up regularly using Borg, an open-source backup tool that encrypts backups before they are stored. Even if a backup were intercepted, it would be unreadable without the encryption key. Local backups are stored on external drives physically located in Marlow Learning’s office. For offsite redundancy, encrypted backups are also transmitted to BorgBase, a hosting service purpose-built for Borg backups. BorgBase stores backups in EU data centres, meaning offsite backup data is subject to the European Union’s General Data Protection Regulation. This legislation creates one of the strongest privacy protection regimes in the world. Critically, because Borg encrypts all data before it leaves Marlow Learning’s infrastructure, BorgBase never has access to the contents of any backup, regardless of where it is stored.

XI. A Note on Open-Source Software

You may have noticed that most of the tools listed on this page are open-source. This is a deliberate choice. Open-source software is developed transparently, with its code being publicly available for anyone to inspect, audit, and improve. This means that security researchers around the world can identify and report vulnerabilities, and that there are no hidden features quietly collecting your data in the background.

By contrast, many popular consumer applications are closed-source, and you are asked to trust that the companies responsible for those applications are handling your data responsibly. At Marlow Learning, trust is something that should be earned through transparency, not assumed.

If you have any questions about the tools or practices described on this page, please contact me at [email protected]. I am happy to discuss any aspect of how your information is handled.