Privacy Hub

Assembly exists to help schools drive improvement through good use of data. Protecting the sensitive data schools choose to store in our platform is our top priority.

Designed with security at heart

The Assembly Platform is designed with privacy and data security at its core. We are fully compliant with all aspects of GDPR and proud of the additional measures we take to protect your data.

Secure Systems

As an added assurance that your data is secure with Assembly, we have been certified to international standards for information security management systems by the UKAS accredited British Standards Institute in ISO 27001.

Our Security Pledge


We are always clear and transparent in how we extract, transport and store data in our platform. We try to explain this as simply as possible.


We exist to help schools get the most out of their data, not to gain any understanding of it ourselves. We will never inspect data or mine for information, or allow others to do so.

End to end security

We are commited to making sure your data is secure. This includes Secure Socket Layers for encrypted transfer, encryption of data at rest, field-level encryption for identifiable data and password protection for all end users.

Our Advisors


Forbes Solicitors

National partnership with
dedicated Education Group


John Roberts

Edtech and data protection consultant


Stone King

Law firm with specialisms in
education and charity

Keeping you in control

No unauthorised sharing

One of the reasons Assembly exists is to help you connect your data to education apps where you wish to. However we will never, ever share data with anyone except where you’ve asked us to. Your data is still yours to process as you see fit.

Minimum data transfer

When you choose to authorise an application, we will tell you what data that app needs access to before you decide whether you want to authorise it. We won’t share more than the minimum that it requires.

Freedom to delete

We delete data when schools leave the platform or become inactive. You are also entitled to choose to have your data deleted at any point you wish.

Freedom to change your mind

Decisions you make don’t have to be permanent. If you change your mind about where you want to share your data, you can simply revoke the permission in your console.

Our approach to GDPR and Brexit

The General Data Protection Regulation (GDPR) is the legal framework that became law in May 2018 via the Data Protection Act 2018. Find out how we’re approaching Brexit and GDPR by reading our Brexit Continuity Statement

Want to find out more?

Our privacy statement explains how we process data in a little more detail than this summary.

Our self certification response to the DfE's Cloud Software Services Questionnaire also contains information about our approach to data protection, following guidance provided by the DfE in 2014.

Our approach to information security management systems is explained in our Information Security Policy.

For full details, please refer to our suite of privacy documents. We keep these on Github so that you can easily see any amendments we’ve made:

Terms of Service

This explains in full detail how our platform works, and how we ensure privacy and security. This is also the document we require schools to agree to before using the platform. It explains what we require from schools if they choose to use Assembly.

View Terms of Service

Developer Agreement

This is the agreement that we require Application Developers sign up to. It covers the minimum privacy and security principles that we require from them. Just as our Terms of Service extends these to cover the Assembly platform, developers have their own policies that explain data protection in relation to their specific application

View Developer Agreement

If you still have questions about data protection or security, please email us and we'd be happy to talk to you.