Skip to main content
27,000+ Questions
Trust & Compliance

Data protection built into every layer

Schools trust UpGrades with their students' data. We designed the platform with compliance from day one — GDPR-compliant, UK-hosted, safeguarding-ready, and fully transparent.

Download DPA Contact DPO
01

Data Protection & GDPR

  • All student data processed and stored in the UK/EU — Convex cloud, UK region
  • Lawful basis: legitimate interests for individual users, contract for school licences
  • No student data sold, shared with third parties, or used for advertising — ever
  • Full data export and deletion on request (GDPR Article 17 — Right to Erasure)
  • Article 22 transparency built into school onboarding — automated decision-making disclosures included
Read full privacy policy
02

Safeguarding

  • Role-based access controls: students see only their own data, teachers see only their classes
  • No peer comparison or public leaderboards — revision is private and non-competitive
  • All AI interactions are monitored and fully auditable by school administrators
  • Published safeguarding policy aligned with KCSIE (Keeping Children Safe in Education) guidance
  • Pupil Premium students receive silent Pro access — no student-facing distinction or labelling
Read safeguarding policy
03

AI Safety & Transparency

  • AI generates questions from official exam board specifications — not open-ended chat or generative content
  • All AI-generated content passes through a quality assurance pipeline with confidence thresholds and teacher review
  • AI interaction audit trails maintained for full accountability — every AI response is logged and reviewable
  • No student data is used to train AI models — student data is never shared with AI providers for model improvement
  • Board DNA system ensures questions match each exam board's style, difficulty, and curriculum specification
04

Infrastructure & Security

  • Hosted on Vercel (frontend) and Convex (backend, UK/EU region) — enterprise-grade infrastructure with 99.9% uptime SLA
  • HTTPS everywhere — all data encrypted in transit (TLS) and at rest
  • Role-based access controls powered by Clerk authentication — students, teachers, parents, and admins are strictly isolated
  • No local data storage — all data processing happens server-side in controlled environments
  • Regular security updates and dependency monitoring via automated tooling
05

Accessibility

  • WCAG 2.1 AA compliance targeted across all interfaces — contrast ratios, focus states, and semantic HTML
  • Keyboard navigable and screen reader compatible throughout the student and teacher interfaces
  • Fully responsive design — works on mobile, tablet, and desktop for students revising on any device
  • Dark mode supported across the platform, providing high contrast for students with visual sensitivities
  • Adaptive difficulty removes barriers for SEND students — content automatically adjusts to each student's level
Data Processing Agreement

Download our Data Processing Agreement

Our standard DPA is ready for your school to review and sign. Pre-filled with Rogue Digital Ltd details — simply add your school's information and return a signed copy.

Download DPA (PDF)

Questions about the DPA? Contact our Data Protection Officer at dpo@upgrades.app

Data Protection Officer

For data protection enquiries, subject access requests, or to discuss our compliance practices:

Company Rogue Digital Ltd (trading as UpGrades)

Legal Documentation

Our full compliance documentation is available to review: