Trust & Safety
Built for the most important users. Protected accordingly.
Malgosha works with vulnerable children. We take that responsibility seriously โ in our architecture, our policies, and our team culture.
๐ GDPR Compliant
๐ฌ๐ง UK Data Only
โฟ WCAG 2.1 AA
๐ก๏ธ KCSIE Aligned
๐ AES-256 Encrypted
๐ ICO Registered
๐
GDPR & Data Privacy
- All student data stored in UK data centres โ never leaves the UK
- No data sold or shared with third parties, ever
- Data retention: session data deleted after 12 months unless school opts to retain
- Full data subject access requests (DSAR) supported within 72 hours
- Data Protection Officer available: [email protected]
- ICO registered: registration number available on request
๐ก๏ธ
Safeguarding
- Designed in alignment with Keeping Children Safe in Education (KCSIE)
- No direct student-to-student interaction โ fully 1:1 AI sessions only
- No user-generated content visible to other users
- Session transcripts available to parents and designated safeguarding leads
- Malgosha does not collect biometric data
- All staff with data access are DBS checked
โฟ
Accessibility
- WCAG 2.1 AA compliant โ tested with NVDA and VoiceOver
- Keyboard-navigable throughout โ no mouse required
- High contrast mode and font size controls built-in
- Dyslexia-friendly font option (OpenDyslexic) available
- All interactive elements have ARIA labels
- No time-pressured interactions (unless opted into)
๐
Security
- All data encrypted in transit (TLS 1.3) and at rest (AES-256)
- Annual third-party penetration testing
- Vulnerability disclosure programme โ [email protected]
- Multi-factor authentication for all teacher and admin accounts
- Principle of least privilege โ staff access scoped by role
- Incident response: contained and communicated within 72 hours
Questions about data or compliance?
Our DPO is available for procurement queries, Data Processing Agreements, and DSAR requests.
Contact our DPO