How we collect, store, use and protect your personal data. Covers identity data, contact data, usage data, audit data and technical data — with the lawful basis for each. All data is stored on UK-based servers and never transferred outside the UK. Third-party AI providers are contractually bound not to use your data to train their models. Your rights under UK GDPR include access, correction, erasure, restriction and portability. Contact [email protected] within 30 days for any data request.

Our formal Data Processing Agreement governs the relationship between askKira (Data Processor) and your organisation (Data Controller). Covers the nature of processing, categories of data, sub-processors (AWS, OpenAI, Google Gemini, Wonde, Cloudflare, Stripe and others — all UK GDPR bound), data security obligations, breach notification within 72 hours, data retention and deletion (30 days on cancellation, backups purged within 90 days), transfers outside the UK/EEA, and your rights as Controller. askKira is ICO registered (ZB622646) and maintains Article 30 Records of Processing Activities. Signed copies provided within 5 working days on request.

Our full Data Protection Impact Assessment for the askKira platform, covering scope, purpose and lawful basis, nature of processing, risk assessment and mitigation, data protection principles, individual rights, international transfers, sub-processors, cyber security standards and ongoing monitoring. Data subjects are UK school staff (teachers, senior leaders, support staff, 18+). No pupil data is required or encouraged. Risks are assessed as low to medium under current controls. Covers 16 sections including safeguarding, insurance cover (Public Liability £2m, Professional Indemnity £2m, Employers' Liability £10m) and version control.

A plain-English summary of our DPIA written specifically for school governors, trustees and board members. Explains what askKira is, why a DPIA is required, and provides clear assurances on data security (UK-hosted, encrypted, Cyber Essentials certified), legal compliance (UK GDPR, DPA 2018, DfE AI guidance 2025, Ofsted AI expectations), safeguarding (no pupil data required, duty to report), data retention, staff rights and insurance cover. Suitable for inclusion in governor meeting packs.

Answers to the most common data protection questions from schools, MATs, DPOs and procurement teams. Covers: processor vs controller roles, lawful basis, how personal data is handled and protected, anonymisation, data sharing, international transfers, retention periods, IP ownership, deletion rights, breach handling, safeguarding disclosures, cyber security standards, insurance cover, cookies and accessibility. Also addresses DfE and Ofsted compliance. Designed to be shared with governors, parents and staff.

What cookies we use, why we use them and how long we keep them. We use analytics tools (Google Analytics, Hotjar) to improve our services. No advertising cookies are used. Staff and users can opt out or manage cookies through browser settings. We do not sell cookie data.

📋 Full policy document coming soon

The terms governing your use of the askKira platform — including acceptable use, intellectual property, AI-generated content limitations, liability and how disputes are handled. Your data and content remain yours at all times. Governed by the laws of England and Wales.

📋 Full policy document coming soon

The rules governing permitted and prohibited use of the askKira platform. Covers safeguarding obligations, data minimisation, prohibited inputs (pupil names, SEND data, identifiable personal data), and the principle that AI supports — but never replaces — professional judgement. Violation may result in suspension or termination of access.

📋 Full policy document coming soon

Our technical and organisational security measures. Primary hosting on AWS London (eu-west-2). Encryption in transit and at rest. Role-based access controls and MFA. Regular penetration testing. ISO 27001 principles. Cyber Essentials certified. Staff trained in data security. Breach notification to Data Controllers within 72 hours. Sub-processors include AWS, Microsoft Azure, OpenAI (API only — no model training), Google Gemini, Wonde (MIS integration), Cloudflare, Stripe (PCI-DSS compliant). SLA includes right to termination for repeated or prolonged downtime.

📋 Full statement document coming soon

Confirms askKira's alignment to DSIT AI Regulation Principles, CDDO AI Playbook and AI Safety Institute Standards. Covers safety, security and robustness (regular security testing, incident register, documented response); transparency and explainability (all AI outputs include context, users always informed when AI is involved); fairness (bias assessment in AI review cycle, annual equality impact assessment); accountability and governance (board-level AI governance, named DPO, documented framework); and contestability and redress (all outputs can be challenged, human review available, clear complaints process). Public sector compliance enquiries: [email protected]

askKira aligns to DfE guidance on AI in education (updated August 2025), Ofsted AI study findings, UK GDPR and the Data Protection Act 2018. Human oversight is central to the platform design — AI supports but never replaces professional judgement. All AI outputs are explainable and teacher-controlled. Platform aligned to KCSIE 2025 for safeguarding.

📋 Full statement document coming soon

askKira maintains comprehensive insurance cover to protect clients and users. Public Liability: £2,000,000. Professional Indemnity & Products Liability: £2,000,000. Employers' Liability: £10,000,000. Insurance certificates available on request for procurement and compliance purposes.