Security and Data Protection Details
Our products are fully compliant with the Data Protection Act 1998, and all other current relevant regulation. We are currently assessing the implications of the introduction of General Data Protection Regulation (GDPR) and will ensure that any changes required will be in place before GDPR comes into effect in May 2018.
As the market leaders for online room booking & Parents' Evening/Meet the Teacher booking software for schools, with millions of bookings added to date, we take all necessary steps to ensure your data is handled and processed securely. We are fully registered in accordance with the Data Protection Act under reference number ZA009035.
Data we store
We only store data relevant to providing online parents' evening booking:
- Student Data: name, registration, date of birth, year, ID
- Contact Data: title, name, relationship, parental responsibility, priority, email, phone, ID
- Teacher Data: title, name, email, room, ID
- Class Data: subject or class, teacher, student
- Group Data: group name, teacher, student
Uptime is of critical importance to us. We use load balanced servers, with automatic failover, operating at below half capacity. In addition all servers are behind redundant hardware firewalls. This means even if one of our servers was to completely fail, another would seamlessly take over. Therefore your data is synced in real time over two live servers.
Our selected UK data centre (UKFast.co.uk) is ISO 27001 & ISO 9001 accredited and ranks amongst the very best in the industry. Security staff 24/7, extensive CCTV covering the building and each aisle, intruder alarms, proximity card readers and perimeter prison fencing maintain a physical security layer to our servers.
We apply the latest patches to our servers keeping your data safe and secure with multiple levels of password protection - the servers themselves and the database each are password protected. The managed hosting provider performs annual penetration testing, monitors our firewalls for any unauthorised activity, and would immediately inform us should anything happen - information we would in turn pass onto our customers. This has not happened to date.
Our employees have access to the data - we're a small team that's been providing hosted software to schools for over 9 years. As we use managed hosting providers, the qualified engineers also have access to the data and they pass the advanced CRB check.
We take hourly offsite backups of your data to another EU based data centre in the event of a catastrophic (and very unlikely) data centre failure. These are encrypted using the AES 256 bit algorithm which is the same level used by governments. If you chose to remove your data from the system, this would be removed from the live database but would exist in our backups until they've fully rolled over. We maintain around 2 months worth of backups.