EduNest Data Protection Policy

Last updated: May 2025

This Data Protection Policy sets out how EduNest ("we", "us", "our"), operated by Scott Baxter as a sole trader, protects the personal data of users in compliance with the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018.

1. Our Commitment

EduNest is committed to protecting the privacy and data of its users, particularly educators and childminders who use our AI-powered services to support planning and communication. We treat all personal data with care, responsibility, and transparency.

2. Scope

This policy applies to all personal data processed by EduNest, including but not limited to:

  • Names
  • Email addresses
  • Phone numbers
  • Account information
  • Interaction and usage data

It also covers metadata and AI-generated content that may be stored temporarily for service delivery.

3. Legal Basis for Processing

  • Consent: when users register for an account or opt in to communications.
  • Contractual necessity: to provide the services users have signed up for.
  • Legitimate interest: to operate, improve, and secure our platform.

4. Data Minimisation & Storage

We collect only the data necessary to:

  • Provide core functionality
  • Support user accounts
  • Process payments via Stripe
  • Generate and temporarily store AI-assisted content

Retention periods:

  • AI prompt/output data: up to 28 days
  • Generated content: up to 30 days
  • Account information: as long as the user account remains active

5. Data Security

  • Encryption of data in transit and at rest
  • Secure access control and authentication
  • Monitoring and patching of infrastructure

Personal data is stored in secure UK or EU-based cloud services with high standards of compliance.

6. Data Sharing

EduNest shares personal data only with essential third parties:

  • Stripe for payment processing
  • OpenAI and Claude (Anthropic) for AI content generation (no identifiable data sent)

We do not share data with advertisers or third-party marketers.

7. International Transfers

Some technical infrastructure may be located outside the UK. We ensure that appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) where applicable.

8. Your Rights

As a data subject, you have the right to:

  • Request access to your personal data
  • Correct or delete your data
  • Withdraw consent at any time
  • Object to or restrict processing
  • Lodge a complaint with the ICO (Information Commissioner's Office)

To exercise your rights, contact us at [email protected].

9. Data Breaches

In the event of a data breach involving personal data, we will:

  • Investigate promptly
  • Notify affected users if necessary
  • Report to the ICO within 72 hours where required

10. Review and Updates

This policy is reviewed regularly and updated to reflect legal requirements and operational changes.

Last reviewed: May 2025

11. Contact

If you have any questions about this policy or your data, please contact:
Email: [email protected]