Security

All personal data is stored and processed within the United Kingdom. We do not transfer personal data outside the UK.

• Primary hosting: UK data centres (Contabo and AWS UK regions)
• Automated daily encrypted backups with 90-day rolling retention
• Multi-database architecture: separate databases for application data, cache, jobs, and websockets

• In transit: TLS 1.2+ for all connections
• At rest: AES-256 encryption for stored data
• Sensitive fields: Application-level encryption for context tags marked as sensitive (e.g. SEND status, Pupil Premium, ethnicity)
• Backups: Encrypted at rest with separate key management

• Role-based access controls (admin, staff, member)
• Multi-factor authentication for admin accounts
• Organisation-scoped data: each organisation can only access its own members and data
• Sensitive context tags (PP, SEND, FSM) visible only to authorised organisation admins
• Small group suppression: demographic reports hide groups smaller than 5 to prevent identification

No system is 100% secure. If a data breach occurs:

• As a processor: We notify the controller (e.g. the school) within 48 hours
• As a controller: We notify the ICO within 72 hours and affected individuals without undue delay
• Access logging and monitoring for all data operations
• Annual vulnerability scanning

• Data protection training for all personnel with access to personal data
• Audit logging for all approval workflows (experience updates, memberships, awards)
• Context tag audit trail tracks who tagged whom, when, and what changed