Assembly exists to help schools drive improvement through good use of data. Protecting the sensitive data schools choose to store in our platform is our top priority.
The Assembly Platform is designed with privacy and data security at its core. We are fully compliant with all aspects of GDPR and proud of the additional measures we take to protect your data.
As an added assurance that your data is secure with Assembly, we have been certified to international standards for information security management systems by the UKAS accredited British Standards Institute in ISO 27001.
We are always clear and transparent in how we extract, transport and store data in our platform. We try to explain this as simply as possible.
We exist to help schools get the most out of their data, not to gain any understanding of it ourselves. We will never inspect data or mine for information, or allow others to do so.
We are commited to making sure your data is secure. This includes Secure Socket Layers for encrypted transfer, encryption of data at rest, field-level encryption for identifiable data and password protection for all end users.
One of the reasons Assembly exists is to help you connect your data to education apps where you wish to. However we will never, ever share data with anyone except where you’ve asked us to. Your data is still yours to process as you see fit.
When you choose to authorise an application, we will tell you what data that app needs access to before you decide whether you want to authorise it. We won’t share more than the minimum that it requires.
We delete data when schools leave the platform or become inactive. You are also entitled to choose to have your data deleted at any point you wish.
Decisions you make don’t have to be permanent. If you change your mind about where you want to share your data, you can simply revoke the permission in your console.
The General Data Protection Regulation (GDPR) is the legal framework that became law in May 2018 via the Data Protection Act 2018. Find out how we’re approaching Brexit and GDPR by reading our Brexit Continuity Statement
Our privacy statement explains how we process data in a little more detail than this summary.
Our self certification response to the DfE's Cloud Software Services Questionnaire also contains information about our approach to data protection, following guidance provided by the DfE in 2014.
Our approach to information security management systems is explained in our Information Security Policy.
For full details, please refer to our suite of privacy documents. We keep these on Github so that you can easily see any amendments we’ve made:
This explains in full detail how our platform works, and how we ensure privacy and security. This is also the document we require schools to agree to before using the platform. It explains what we require from schools if they choose to use Assembly.
This is the agreement that we require Application Developers sign up to. It covers the minimum privacy and security principles that we require from them. Just as our Terms of Service extends these to cover the Assembly platform, developers have their own policies that explain data protection in relation to their specific application
View Developer Agreement
