Britwise processes voice recordings of learners (including minors in B2S deployments) for AI inference. Per UK GDPR Art. 35 · ICO guidance, this triggers DPIA requirements due to: (a) systematic processing of children’s data, (b) processing of biometric voice prints, (c) profiling of CEFR/IELTS band progression.

Voice capture (browser MediaRecorder / native mic) → STT (Deepgram EU) → LLM grading (OpenAI / Anthropic, EU preferred) → score persistence (MongoDB Helsinki) → weekly report email (Resend EU). No data is sold or shared with advertising platforms.

Voice recording is essential to deliver IELTS Speaking practice. CEFR scoring requires LLM analysis. Less-invasive alternatives (text-only) were rejected because they cannot grade pronunciation. Recordings are auto-deleted after 90 days; transcripts retained for 24 months.

(A) Voice deepfake risk — mitigated by zero-retention enterprise contract with Deepgram. (B) Minor consent (B2S) — mitigated by parental consent gates + safeguarding KCSiE-aligned manual review. (C) US transfer (Schrems-II) — mitigated by EU-first endpoints + SCCs. (D) Inference-bias against non-native accents — mitigated by quarterly fairness audit (target Q3 2026). (E) Account takeover — mitigated by MFA + session hardening.

TLS 1.3 · AES-256 · RBAC · MFA · immutable audit log · zero-retention STT contract · EU endpoints · SCCs for residual US transfers · KCSiE safeguarding for minors · 30-day breach notification · DSL SLA: 30 min in-hours / 2 h out-of-hours.

Low. No high-risk residual processing requiring ICO prior consultation under UK GDPR Art. 36.

DPO: Doan Huu Dang · dpo@britwise.school · Approved 14 June 2026. Next review: 14 June 2027 or on material change.