How we protect your family's information
You are sharing sensitive details about your child. We take that trust seriously. This page explains exactly how your data is handled, protected, and deleted.
AES-256-GCM
encrypted at rest
2FA required
admin access
90-day
auto-deletion
UK GDPR
ICO registered
Encryption at every layer
Every piece of sensitive information you share — your child's name, diagnoses, school reports, and questionnaire answers — is encrypted using AES-256-GCM before it is written to the database. This is the same standard used by banks and healthcare providers. Encryption keys are held separately from the data, so even if the database were accessed without authorisation, the contents cannot be read. Completed audit reports are also encrypted before being saved to disk — there is no point at which a plain-text report exists in persistent storage.
Uploaded documents
When you upload a school report, EHCP, or diagnosis letter, we extract the relevant text, encrypt it immediately, and delete the original file from our server within seconds. We never retain raw copies of your documents. The extracted text — held encrypted in the database — is used only to inform your audit report and is erased when your data reaches its retention limit.
Your audit report
Your completed report is stored in two encrypted forms: as an encrypted file on our UK-based server, and as an encrypted off-site backup with a UK-GDPR-compliant cloud provider. Neither copy is readable without the encryption key, which is held separately. Access to your report is protected by a unique link that expires after 12 months and refreshes each time you use it. If you share the link and later want to revoke access, contact us and we will invalidate it immediately.
Data retention and deletion
We keep your data only as long as necessary. Uploaded document files are deleted immediately after text extraction — typically within seconds of upload. Report content and intake answers are retained for 90 days by default, after which they are permanently erased from both local and off-site storage. You can request earlier deletion at any time. After erasure, only a minimal audit record remains (order reference and deletion date) — no personal or health data.
Who can access your data
Only the ND Learning Audit practitioner preparing your report can access your information. Admin access requires a strong password plus a time-based authenticator code (TOTP two-factor authentication) — there is no single-password access. Every admin action — viewing an order, generating a report, downloading, sending — is recorded in a tamper-evident audit log with timestamp and IP address. We do not share, sell, or transfer your data to third parties for any purpose other than delivering your audit.
Admin access controls
Admin sessions require two factors: a 30-character password and a time-based one-time code from an authenticator app (Google Authenticator, Authy, or 1Password). Sessions expire after 8 hours and cannot be extended without re-authentication. Login attempts are rate-limited: five failures within five minutes locks the IP address. All access events are logged.
Report links and link sharing
Your report is delivered via a unique link that is not guessable (128-bit random token). The link expires after 12 months of inactivity and refreshes its expiry each time you access it, so you will not lose access while actively using your report. If you forward the link to a school or SENCO, be aware that anyone with the link can view the report until it expires or you request revocation. We recommend sharing with specific, trusted individuals only.
Your rights under UK GDPR
Under UK GDPR you have the right to: access a copy of your personal data; correct inaccurate data; request erasure ("right to be forgotten"); object to processing; and data portability. Your child's health and educational information is treated as special category data under Article 9, affording it the highest level of legal protection. To exercise any right, email us and we will respond within 30 days.
Lawful basis and ICO registration
We process your data on the basis of contractual necessity (to deliver the audit you have purchased) and your explicit consent, provided when you complete the intake questionnaire. You may withdraw consent at any time by emailing us; this does not affect the lawfulness of processing before withdrawal. We are registered with the Information Commissioner's Office (ICO). Third-party processors — including our hosting provider and encrypted backup provider — operate under UK GDPR-compliant Data Processing Agreements.
Questions about your data?
Email us at hello@jameswallace.tech and we will respond within 30 days.
You also have the right to complain to the ICO at ico.org.uk.