Trust & Safety

Built for the most important users. Protected accordingly.

Educ8 works with vulnerable children. We take that responsibility seriously — in our architecture, our policies, and our team culture.

GDPR Compliant
UK Data Only
WCAG 2.1 AA
KCSIE Aligned
AES-256 Encrypted
ICO Registered

GDPR & Data Privacy

  • All student data stored in UK data centres — never leaves the UK
  • No data sold or shared with third parties, ever
  • Data retention: session data deleted after 12 months unless school opts to retain
  • Full data subject access requests (DSAR) supported within 72 hours
  • Data Protection Officer available: [email protected]
  • ICO registered: registration number available on request

Safeguarding

  • Designed in alignment with Keeping Children Safe in Education (KCSIE)
  • No direct student-to-student interaction — fully 1:1 AI sessions only
  • No user-generated content visible to other users
  • Session transcripts available to parents and designated safeguarding leads
  • Educ8 does not collect biometric data
  • All staff with data access are DBS checked

Accessibility

  • WCAG 2.1 AA compliant — tested with NVDA and VoiceOver
  • Keyboard-navigable throughout — no mouse required
  • High contrast mode and font size controls built-in
  • Dyslexia-friendly font option (OpenDyslexic) available
  • All interactive elements have ARIA labels
  • No time-pressured interactions (unless opted into)

Security

  • All data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Annual third-party penetration testing
  • Vulnerability disclosure programme — [email protected]
  • Multi-factor authentication for all teacher and admin accounts
  • Principle of least privilege — staff access scoped by role
  • Incident response: contained and communicated within 72 hours

Questions about data or compliance?

Our DPO is available for procurement queries, Data Processing Agreements, and DSAR requests.

Contact our DPO