EU + UK
DATA RESIDENCY (100%)
0
DATA BREACHES SINCE LAUNCH
WHERE YOUR DATA LIVES
Inside UK + EEA, full stop.
Every piece of data Britwise touches — your account, your audio, your transcripts, your billing — is processed and stored inside UK and EEA borders. No exceptions. No "fallback regions". No US backups.
•
Primary database: self-hosted MongoDB on Hetzner Falkenstein, Germany (AES-256 at rest, nightly encrypted backups to Hetzner Storage Box, Helsinki)
•
Object storage: Hetzner Storage Box, Helsinki (audio, transient ≤60 s)
•
AI grading text: OpenAI under Art. 28 GDPR DPA + EU SCCs (Standard Contractual Clauses) — text-only prompts, no PII in payloads
•
Speech-to-text: Deepgram EU endpoint (Helsinki) with zero-retention enterprise policy
•
Voice synthesis: ElevenLabs EU endpoint · no audio retention
•
Image generation: Google Gemini EU endpoint · no PII in prompts
•
Payments: Stripe (PCI DSS Level 1; card data never enters Britwise infrastructure)
WHO TOUCHES YOUR DATA
Our complete sub-processor list.
Hetzner Online GmbH
Hosting + database + storage · Falkenstein & Helsinki · ISO 27001 certified
OpenAI
GPT text grading · Art. 28 DPA + EU SCCs · no model training on user audio
Deepgram (EU endpoint) · Helsinki · zero-retention · TLS 1.3 in transit
ElevenLabs
Voice synthesis · EU endpoint · no audio retention
Google Gemini EU
Image generation only · no PII in prompts
Stripe Inc.
Payment processing · PCI DSS Level 1 · UK + EU contracts
Resend
Transactional email only · GDPR processor · EU regions
Sub-processor changes are notified at least 30 days in advance to all enterprise customers per our Master Services Agreement. Cloudflare and MongoDB Atlas are not in our stack — we self-host on Hetzner.
SECURITY POSTURE
The five engineering commitments.
•
TLS 1.3 everywhere · HSTS preloaded · TLS 1.0/1.1 blocked at the edge
•
AES-256 at rest for databases, object storage and backups · keys rotated quarterly
•
JWT auth with rotating refresh tokens · 4-hour access, 30-day refresh · revoked on password reset
•
Brute-force protection: 5 failed login attempts per IP per 15 minutes → 15-minute lockout
•
Secrets in Hetzner Vault · never committed to git · rotated on personnel departure
WHAT MOST ED-TECH APPS DO
Quietly route your audio through US servers
Use your speech to train third-party voice models
Keep account data indefinitely 'for product improvement'
Refuse to publish a sub-processor list
Treat security as 'we have SSL' and stop there
100% UK + EEA processing — written into our DPA
Zero model training on your audio · third-party or our own
Audio deleted ≤60s after grading; account deletable in 2 taps
Sub-processor list published on this page, updated 30 days before any change
Annual penetration test by a CREST-registered firm — summary available under NDA
SAFEGUARDING (UNDER-18s)
Aligned with UK KCSiE 2024 principles — full DSL toolset on the H2 2026 roadmap.
•
Under-13s cannot create accounts. 13–16 requires parent / guardian email verification.
•
School-account model includes a Designated Safeguarding Lead role; the dedicated DSL dashboard with flagged-transcript routing is on our H2 2026 roadmap and currently delivered as a manual export on request.
•
Angie's voice prompts are reviewed quarterly by a child-safeguarding linguist panel.
•
Conversation logs are retained for 30 days and any safeguarding-trigger flagging is currently performed on request by our trust team within one working day. Automated 4-hour DSL routing is a roadmap target — not yet live.
•
No cross-pupil messaging by default. Teacher-moderated only.
Found a security issue?
Email security@britwise.school with a description and proof-of-concept. We acknowledge within 24 hours, triage within 72, and pay a bug bounty between £100 and £2,500 depending on severity. No CFAA-style threats. Coordinated disclosure window: 90 days.
CERTIFICATIONS & FRAMEWORKS
Where we are on the maturity ladder.
GDPR + UK GDPR
Compliant. DPO appointed (dpo@britwise.school). Records of processing maintained per Art. 30.
KCSiE 2024
Aligned. Full DSL auto-routing toolset is a H2 2026 roadmap target — manual flagged-export available on request.
PCI DSS
Roadmap. Stripe Checkout integration is in development; live payments target Q3 2026. SAQ A scope when live.
SOC 2 Type II
In progress. Audit window: Sep 2026. Letter of engagement available under NDA.
ISO 27001
Gap analysis complete. Targeting H1 2027 certification.
Cyber Essentials Plus
Targeting Q4 2026.
TRUST FAQ
What enterprise procurement always asks.
Can we have the pen-test summary?
Do you train AI models on our data?
What happens if you exit a sub-processor?
Where do we send a Right-to-Erasure request?
Can you host on-prem / in our cloud?
Need our enterprise security pack?
Email security@britwise.school. The pack includes the DPA template, EU SCCs, latest pen-test summary (under NDA), and a one-page sub-processor diagram. Sent within one UK working day.