Alongside SEND

Privacy Policy

Last updated: April 2026  ·  Reece Advisory Ltd

Plain English summary: We store your email address and a record of when you used the service. We do not store your conversations. Your conversations are processed by Anthropic (the company behind Claude AI) in order to generate responses, but we do not keep a copy. Conversations about your child's special educational needs are treated as sensitive data and handled with additional care. We never sell your data and never share anything with schools, local authorities, or the DWP. You can ask us to delete your information at any time.

1. Who we are

Alongside SEND is a service provided by Reece Advisory Ltd, a company registered in England and Wales.

Reece Advisory Ltd is the data controller for the purposes of UK data protection law.

2. What data we collect

When you purchase access

When you buy access to Asha through our website, Stripe (our payment processor) collects your email address and payment details. We receive your email address from Stripe so we can send you your access link.

When you use Asha

Each time you send a message to Asha or one of her specialist companions, we record:

We do not store the content of your conversations. Your conversation history is held in your browser only and is not written to our database.

SEND data and children's information in conversations

When you use Alongside SEND, you are likely to share information about your child's special educational needs, disability, education history, and potentially medical or social care information. This includes:

  • Information about your child's diagnosis or identified needs
  • Details from EHCPs, school reports, or assessments
  • Information about tribunal or appeal proceedings
  • DLA or benefit-related information

This information relates to your child and constitutes special category data (health and disability information) under UK GDPR. Information about children is given additional protection under data protection law.

This may include documents you choose to share, such as EHCPs, school reports, assessment letters, or DLA correspondence. These are processed in the same way as your messages and are not stored by us.

We process this data only because you have given us your explicit consent at the point of purchase. You can withdraw consent at any time by contacting us, though this will mean you can no longer use the service.

A note on children's data: Alongside SEND is designed for use by parents and carers, not by children directly. If you are under 18 and wish to use the service, please ask a parent or carer to do so on your behalf.

Technical data

Netlify (our hosting provider) collects standard server logs including IP addresses. This is used for security and service reliability. We do not use this data to identify individuals.

3. How we use your data

Purpose Data used Lawful basis
Send you your access link after purchase Email address Performance of contract
Generate AI responses to your messages Your conversation messages (in transit to Anthropic) Explicit consent (special category data)
Apply rate limiting (30 messages per hour) Message count and timestamps Performance of contract
Prevent misuse and protect the service Usage patterns, access token Legitimate interests
Comply with accounting and tax law Transaction records from Stripe Legal obligation

We do not use your data for advertising. We do not sell your data.

We never share any information from your conversations with schools, local authorities, the DWP, NHS services, or any other public body. Nothing you tell Asha can be used against you or your child in any process.

4. Who processes your data on our behalf

We use the following third-party services. Each acts as a data processor, meaning they process data only on our instructions.

Anthropic (Claude AI)

When you send a message to Asha or a specialist companion, that message is transmitted to Anthropic's API to generate a response. Anthropic is the company behind Claude, the AI model that powers our companions. Anthropic is based in the United States. We rely on Standard Contractual Clauses (SCCs) for this international transfer. You can read Anthropic's privacy policy at anthropic.com/legal/privacy.

Supabase

We use Supabase to store your access token, email address, and usage data (message counts and timestamps). Supabase does not store your conversation content. Supabase is based in the United States. We rely on Standard Contractual Clauses for this international transfer.

Stripe

Stripe processes your payment and sends us your email address once purchase is complete. Stripe handles all payment card data directly — we never see your card details. Stripe is based in the United States. Data transfers are covered by Stripe's own compliance framework and SCCs. You can read Stripe's privacy policy at stripe.com/gb/privacy.

Netlify

Netlify hosts this website and the companion chat pages. Netlify processes standard web server logs including IP addresses. Netlify is based in the United States. Data transfers are covered by SCCs.

Important: Your conversations — including any information about your child's needs — pass through Anthropic's servers in order to generate a response. Although we do not store them, Anthropic's own data processing terms apply to this transit. We encourage you to read Anthropic's privacy policy for details of their data handling.

5. International data transfers

All third-party processors listed above are based in the United States. The UK does not have an adequacy decision in place for the US. We ensure that appropriate safeguards are in place for each transfer, specifically the use of Standard Contractual Clauses approved under UK GDPR.

6. Schools and organisations

If you are a school, multi-academy trust, local authority SEND team, or charity using Alongside SEND under a partnership or licensing arrangement, a separate Data Processing Agreement (DPA) will govern how we handle data in that context. Please contact hello@alongsidesend.co.uk to request a copy.

7. How long we keep your data

Data Retention period
Conversation content Not stored by us. Held in your browser only, for the duration of your session.
Email address and access token Duration of your access period, plus 30 days after expiry
Usage data (message counts, timestamps) Duration of your access period, plus 30 days after expiry
Payment and transaction records 7 years, as required by UK accounting law

8. Your rights

Under UK data protection law, you have the following rights:

To exercise any of these rights, please email hello@alongsidesend.co.uk. We will respond within one calendar month.

Rights on behalf of your child

Where you have shared information about your child in conversations with Asha, you may exercise data rights on their behalf as their parent or carer. If your child is old enough to exercise their own rights (generally considered to be around age 12 and above, depending on their capacity), they may also contact us directly.

Right to complain

If you are unhappy with how we have handled your data, you have the right to complain to the Information Commissioner's Office (ICO):

We would appreciate the chance to address your concerns before you contact the ICO, so please do get in touch with us first.

9. Security

We take reasonable steps to protect your data, including encrypted transmission (HTTPS), access controls on our database, and using established third-party infrastructure (Netlify, Supabase) with their own security programmes.

No internet service is completely secure. If you have concerns about a specific security matter, please contact us.

10. Changes to this policy

We may update this policy from time to time, for example if the law changes or we add new features. The date at the top of this page will always reflect the most recent version. If we make material changes that affect how we use your data or your child's data, we will notify you by email.

11. Contact us

For any questions about this policy or to exercise your data rights: