COMPLIANCE & DATA SECURITY
Your data is safe with us.
We process sensitive pupil data on behalf of schools across England. Here is exactly how we protect it — and who holds us accountable.
REGISTRATIONS & MEMBERSHIPS
Verified by recognised authorities.
ICO Registered
Registered with the Information Commissioner's Office as both a data controller and data processor. We handle all personal data in accordance with UK GDPR and the Data Protection Act 2018.
ISBL Affiliate Member
Affiliate member of the Institute of School Business Leadership — the professional body for school business managers and leaders across England.
DAMA UK Member
Member of the Data Management Association UK — the internationally recognised professional body for data management practitioners.
NCSC Aligned
Cyber security practices aligned with the National Cyber Security Centre 10 Steps to Cyber Security framework. Full compliance documentation available on request.
COMPLIANCE DOCUMENTATION
Full documentation available to all clients.
The following documents are provided to every client as standard, or available on request:
Data Processing Agreement
UK GDPR Article 28 compliant
Privacy Policy
Internal Data Protection Policy
Cyber Risk Register
IT Asset Register
NCSC 10 Steps Compliance Statement
All documents are reviewed annually. Current versions dated April 2026.
HOW WE HANDLE YOUR DATA
What we do — and don't do — with your data.
All pupil data encrypted in transit (TLS 1.2+) and at rest
Data processed within the United Kingdom only
Access restricted on strict need-to-know basis
Data never sold, shared, or used outside your contract
Data deleted or returned in full on contract termination
Breach notification to your school within 24 hours of awareness
Data protection enquiries
For any questions about how we handle your data, our compliance documentation, or to request a copy of our Data Processing Agreement:
Ready to see it in action?
15-minute call. Sample dashboard. Full compliance pack included.
Book your free demo →