EdPsych Connect
Back to Home

Privacy Policy

Last updated: November 2025

1. Introduction

EdPsych Connect Limited ("we", "our", "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our educational psychology platform.

As a provider of services to educational institutions and professionals in the UK, we adhere to the highest standards of data protection, including compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and relevant education sector guidance.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: Name, email address, organisation, role, and professional credentials
  • Assessment Data: ECCA assessment responses, observations, and results for students/clients
  • EHCP Information: Education Health and Care Plan content, amendments, and reviews
  • Case Management Data: Student information, intervention plans, progress notes
  • Training Records: Course enrollments, completion data, CPD hours, certificates
  • Payment Information: Billing address and payment details (processed securely through Stripe)

2.2 Information Collected Automatically

  • Usage Data: Features accessed, time spent, actions taken within the platform
  • Technical Data: IP address, browser type, device information, operating system
  • Analytics Data: Platform usage patterns, feature engagement, performance metrics

3. How We Use Your Information

3.1 Primary Purposes

  • Providing and improving our educational psychology services
  • Conducting ECCA cognitive assessments and generating professional reports
  • Managing EHCP workflows, tracking amendments and reviews
  • Delivering training courses and tracking CPD hours
  • Facilitating intervention planning and progress monitoring
  • Processing payments and managing subscriptions
  • Providing customer support and responding to inquiries

3.2 Legal Basis for Processing (UK GDPR)

  • Contract Performance: Processing necessary to provide our services
  • Legal Obligation: Compliance with UK education and data protection laws
  • Legitimate Interests: Platform improvement, security, fraud prevention
  • Consent: Marketing communications and optional features (where required)

4. Special Category Data (Sensitive Personal Information)

We process special category data, including information about children's health, special educational needs, and disabilities. This processing is necessary for:

  • Provision of health or social care services (GDPR Article 9(2)(h))
  • Purposes of safeguarding (DPA 2018 Schedule 1, Part 2)
  • Compliance with legal obligations in the education sector

We implement appropriate safeguards including encryption, access controls, and staff training to protect this sensitive information.

5. Data Sharing and Disclosure

5.1 Within Your Organisation

For institutional subscriptions, data is shared with authorised users within your local authority or school as configured by your administrator.

5.2 Third-Party Service Providers

  • Hosting: Vercel (United States) - covered by UK adequacy regulations
  • Database: Neon (PostgreSQL) - EU/UK data centres
  • Payment Processing: Stripe - PCI DSS compliant
  • AI Services: Anthropic Claude - for assessment interpretation and support
  • Email Services: For notifications and communications

All third-party processors are bound by data processing agreements ensuring UK GDPR compliance.

5.3 Legal Requirements

We may disclose information when required by law, court order, or to protect the rights, safety, and security of individuals, particularly in safeguarding contexts.

6. Data Retention

  • Assessment Records: Retained for 7 years after last access (aligned with professional guidelines)
  • EHCP Documents: Retained as per local authority retention schedules
  • Training Records: Retained for 7 years for CPD verification purposes
  • Account Data: Retained for duration of active subscription plus 2 years
  • Marketing Data: Until consent is withdrawn or 3 years of inactivity

7. Your Rights Under UK GDPR

You have the following rights:

  • Right to Access: Request copies of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion (subject to legal retention requirements)
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive data in a structured format
  • Right to Object: Object to processing based on legitimate interests
  • Rights Related to Automated Decision-Making: Challenge AI-assisted assessments

To exercise these rights, contact us at privacy@edpsychconnect.com

8. Security Measures

  • End-to-end encryption for data in transit (TLS 1.3)
  • Encryption at rest for all database storage
  • Multi-factor authentication options
  • Regular security audits and penetration testing
  • Staff training on data protection and confidentiality
  • Role-based access controls
  • Audit logging of all data access

9. Children's Privacy

Our platform is designed for use by educational professionals, not directly by children under 13. When professionals use our platform to assess or support children, they must obtain appropriate consent from parents/guardians and comply with relevant safeguarding policies.

10. International Data Transfers

Some of our service providers are located outside the UK/EEA. Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses and adequacy decisions. Your data is primarily stored in UK/EU data centres.

11. Cookies and Tracking Technologies

We use essential cookies for platform functionality and optional cookies for analytics. You can manage cookie preferences through your browser settings. For detailed information, see our Cookie Policy.

12. Changes to This Policy

We may update this Privacy Policy periodically. Significant changes will be communicated via email and platform notifications. Continued use after changes indicates acceptance of the updated policy.

13. Contact Us

For privacy-related questions or to exercise your rights:

  • Email: privacy@edpsychconnect.com
  • Data Protection Officer: Dr Scott Ighavongbe-Patrick
  • Address: EdPsych Connect Limited, 38 Buckingham View, Chesham, Buckinghamshire, HP5 3HA
  • Company Number: 14989115 (Registered in England and Wales)

14. Regulatory Authority

You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection:

Professional Standards: As HCPC registered professionals, we adhere to the Standards of Conduct, Performance and Ethics, including specific requirements around confidentiality and information governance. All data handling complies with BPS Code of Ethics and Conduct.

Terms of Service →Back to Home →