Assistant SENDCoAssistant SENDCo

Privacy Notice

Last updated: March 2026

The short version

  • Your plan data is encrypted on your device before it reaches our servers. We cannot read it.
  • AI features are optional. When used, names are removed and only the text you are editing is sent.
  • Your data is stored in the UK (London). We do not sell or share it with anyone.
  • Word document exports are built entirely on your device. Decrypted data never leaves your browser.
  • You can delete your plans or your entire account at any time.

Overview

Assistant SENDCo helps you create SEN Support Plans. We take data protection seriously, especially when handling information about children with special educational needs. This notice explains what data is collected and how it is handled.

What data is stored

When you use this tool, the following information may be entered:

  • Pupil name and date of birth
  • Year group and areas of need
  • Pupil and family voice statements
  • Assessment information and SMART outcomes
  • Provisions and support strategies
  • Access arrangements and signatures

Where data is stored

All data is stored securely in the cloud using Supabase (hosted in the UK — London). This allows you to access your plans from any device.

Supabase acts as our data processor for cloud storage. OpenAI acts as our data processor for AI-assisted features only, when you explicitly opt in. Resend handles transactional email delivery (password resets, invitations). All operate under data processing agreements.

End-to-End Encryption

Your plan data is encrypted on your device before being sent to our servers. Only you can decrypt it with your encryption password.

  • Data is encrypted with AES-256-GCM before leaving your device
  • Plan data is encrypted on your device. Only you (or your school's designated recovery key holder) can decrypt it.
  • Two-factor authentication required for all accounts
  • Each user can only access their own plans (Row Level Security)
  • Hosted in a UK data centre (London, GDPR compliant)
  • You can delete your data at any time

How ‘assessment’ is used in this tool

This tool uses the word “assess” because it follows the Newcastle LA graduated-approach framework: Assess, Plan, Do, Review. Assessment in this context refers entirely to the professional judgement of school staff — typically the class teacher or SENDCO.

  • Assistant SENDCo does not assess pupils
  • The system does not score, categorise, or infer need levels from the information you enter
  • Assessment text is stored exactly as entered, encrypted at rest
  • No background processes summarise or classify your assessment inputs
  • AI features receive only non-identifying descriptors and output drafting suggestions only

What this tool is (and isn't)

Assistant SENDCo is a plan-writing tool only. It does not monitor, detect, or route safeguarding concerns. Schools must continue to use their designated safeguarding systems for any child welfare matters.

The school (as data controller) is responsible for ensuring that staff enter only data that is necessary and appropriate for the SEN Support Plan. We provide PII warnings on free-text fields as a supportive guardrail, but enforcement of data minimisation remains the school's responsibility.

AI writing assistance

This tool offers optional AI features to help improve your writing. When you use these features:

Data is sent to OpenAI

When you click AI assist buttons, the text you're working on is sent to OpenAI's servers to generate suggestions.

How we protect pupil identity:

  • Your pupil's name is replaced with [PUPIL] before any text reaches the AI. Year group and areas of need are not sent.
  • Only the specific text field you're editing is sent, not the whole plan

AI suggestions may contain inaccuracies or bias. You are responsible for reviewing all AI-generated content before saving it to a support plan.

AI features are entirely optional. You can complete your support plan without using them.

Audit logging

We keep a minimal audit log of actions (such as creating, saving, or exporting a plan) for security and accountability. We do not log plan content, AI prompts, AI responses, or any information that could identify a pupil. Audit logs are automatically deleted after 12 months.

Data retention

Until you delete it

Your plans are kept until you delete them. You can delete individual plans from the "My Plans" page, or delete your entire account to remove all data.

We recommend schools review and delete plans in line with their own data retention policies. SEND records are typically retained until the pupil reaches age 25, per IRMS guidance.

Deleting your data

You can delete your data at any time:

  • Delete individual plans from the "My Plans" page
  • Delete your entire account from Settings → "Delete my account"

When you request account deletion, your account enters a 7-day grace period. During this time you can log back in and cancel the deletion. After 7 days your account and all associated data (plans, encryption keys, provisions, and profile) are permanently removed.

Exported Word documents stored on your device are not affected by account deletion and remain your responsibility to manage.

Document export

When you export your plan as a Word document, the document is built entirely inside your browser. Your decrypted plan data never leaves your device during export — no data is sent to our server.

Once exported, the Word document is unencrypted and under your school's control. Your school is responsible for storing, sharing, and disposing of exported documents in line with its own data protection policies.

Sub-processors

The following third-party services process data on our behalf:

  • Supabase — database hosting, UK (London)
  • OpenAI — AI text processing, US (data is not used for training under API terms)
  • Vercel — application hosting
  • Resend — transactional email delivery, US (staff emails only, no pupil data)

Questions

If you have questions about how this tool handles data, contact george@progress55.co.uk or your school's Data Protection Officer.

Back to home