SafeKid AISign In

Privacy Policy

Last updated: 12 April 2026

1. Data Controller

SafeKid AI Ltd ("we", "us", "our") is the data controller for personal data processed through this platform. We are registered in England and Wales. Contact: dpo@safekidai.co.uk.

2. Data We Collect

We collect the following categories of personal data:

  • Account data: name, email address, organisation affiliation, role type
  • Authentication data: hashed passwords, session tokens
  • Usage data: content submitted for analysis (text only), safety scores, moderation actions
  • Technical data: IP addresses, browser type, access timestamps
  • Consent records: GDPR consent timestamps, marketing preferences

3. Lawful Basis for Processing

We process personal data under the following lawful bases as defined by UK GDPR Article 6:

  • Consent (Art. 6(1)(a)): Account creation, marketing communications
  • Contractual necessity (Art. 6(1)(b)): Provision of the SafeKid AI service
  • Legitimate interest (Art. 6(1)(f)): Platform security, fraud prevention, service improvement
  • Legal obligation (Art. 6(1)(c)): Safeguarding duties, Online Safety Act 2023 compliance

4. Children's Data

SafeKid AI processes content that children may interact with. We operate as a data processor on behalf of schools and EdTech providers (the data controllers for student data). We do not directly collect data from children under 13. All student interaction data is pseudonymised using student IDs assigned by the school or EdTech provider. We comply with the ICO's Age Appropriate Design Code and the Children's Code.

5. Data Retention

  • Account data: Retained for the duration of your account plus 30 days after deletion request
  • Interaction logs: Retained for 12 months, then automatically anonymised
  • Safeguarding alerts: Retained for 7 years (in line with Ofsted record-keeping requirements)
  • Audit logs: Retained for 3 years for compliance purposes

6. Data Sharing

We do not sell personal data. We share data only with:

  • Cloud infrastructure providers (data processed and stored in the UK/EEA)
  • AI model providers for content analysis (text only, no personally identifiable information transmitted)
  • Law enforcement or regulatory bodies when legally required

7. International Transfers

Where personal data is transferred outside the UK, we ensure adequate safeguards are in place including Standard Contractual Clauses (SCCs) approved by the ICO and International Data Transfer Agreements (IDTAs).

8. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data (Subject Access Request)
  • Rectify inaccurate data
  • Erase your data ("right to be forgotten")
  • Restrict processing
  • Data portability — receive your data in a machine-readable format
  • Object to processing based on legitimate interests
  • Withdraw consent at any time

To exercise any of these rights, contact dpo@safekidai.co.uk. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organisational measures including AES-256 encryption at rest, TLS 1.3 in transit, role-based access controls, regular penetration testing, and comprehensive audit logging.

10. Complaints

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.