Privacy Charter

Alongside SEND: Your Data, Your Control

Last updated: June 2026 | Version 2.1

Our Privacy Promise

We will never:

We will always:


What We Collect

When You Register for Free Access

When You Use an Agent

Metadata only:

What We Do NOT Collect


Where Your Data Goes

Your Conversations (In Transit Only)

When you send a message to an agent:

  1. Your browser → Holds full conversation (localStorage)
  2. Our server (Netlify Functions) → Routes message to Anthropic
  3. Anthropic (Claude AI) → Processes message, generates response
  4. Our server → Passes response back to your browser
  5. Your browser → Displays response
Critical Point: Your conversation exists in your browser and Anthropic's API (in transit). We do NOT write it to our database (Supabase).

Your Metadata (Stored)

Supabase (PostgreSQL database, US-based):

Your Donation Data (If You Choose to Donate)

Asha is completely free to use. If you choose to make a voluntary donation:


Third-Party Processors

We only share data with processors who act on our instructions:

Processor Purpose Location Safeguards
Anthropic AI message processing (Claude API) USA Standard Contractual Clauses (SCC)
Supabase Metadata storage (access tokens, timestamps) USA Standard Contractual Clauses (SCC)
Netlify Website hosting (server logs only) USA Standard Contractual Clauses (SCC)
Stripe Donation processing (voluntary donations only) USA PCI-DSS compliant + Standard Contractual Clauses (SCC)
Anthropic's Role: Your conversation passes through Anthropic to generate responses. Anthropic may use conversations to improve Claude (you can opt out - see their privacy policy). We recommend reading Anthropic's privacy policy for full details.

Special Category Data (Your Health Information)

What is "Special Category Data"?

Under UK GDPR, health information is given extra protection. This includes:

Why We Can Process It

Legal basis: Explicit consent (UK GDPR Article 9(2)(a))

When you register for free access, you explicitly consent to:

  1. Sharing health information with the agent (processed by Anthropic)
  2. Us logging metadata about your usage (timestamps, message counts)
  3. Anthropic processing your messages to generate responses

You can withdraw consent at any time by emailing hello@alongsidesend.co.uk - but this means you can no longer use the service.


Your Data Rights

Under UK data protection law, you have:

✅ Right of Access

Request a copy of data we hold about you.

What you'll receive:

✅ Right to Erasure ("Right to be Forgotten")

Ask us to delete your data.

We will delete:

✅ Right to Rectification

Correct inaccurate data.

Example: If your email address is wrong, we can update it.

✅ Right to Data Portability

Get your data in a machine-readable format.

We'll send you a JSON file containing:

✅ Right to Object

Object to processing based on legitimate interests.

You can object to us logging metadata (but this means we can't enforce rate limits, so access would be suspended).

✅ Right to Withdraw Consent

Change your mind about processing special category health data.

Email us at any time - we'll delete your data within 30 days (subject to legal retention).


How We Protect Your Data

Technical Security

Organisational Security

Limitations

No internet service is 100% secure. If you have concerns about a specific security issue, please contact hello@alongsidesend.co.uk immediately.


Data Retention

Data Type How Long We Keep It Why
Conversation content Never stored Privacy by design
Email address + access token 90 days after access expires Allow renewal, then auto-delete
Message counts + timestamps 90 days after access expires Usage analytics, then auto-delete
Donation records (Stripe) 7 years UK accounting law (legal obligation)
Server logs (Netlify) 30 days Security monitoring (Netlify policy)

International Data Transfers

Why Your Data Leaves the UK

All our third-party processors are based in the United States. The UK does not have an "adequacy decision" for the US (meaning the UK government doesn't automatically trust US data protection laws).

How We Protect International Transfers

Standard Contractual Clauses (SCCs):

Processors covered by SCCs:


Children and Vulnerable Users

Asha (SEND Agent)

Designed for parent/carer use, not direct use by children.

Safeguarding measures:

Limitation: We do NOT have user PII beyond email, so cannot make direct safeguarding referrals. Reliant on user self-referral.

Cookies and Tracking

We Do NOT Use:

What We Use:

You can clear this anytime: Browser settings → Clear site data for alongsidesend.co.uk


Changes to This Charter

When We Update It

How You'll Know

Current version: 2.1 (June 2026)


Regulatory Compliance

ICO Registration

Legal Framework

Right to Complain

Unhappy with how we handle your data?

  1. Contact us first: hello@alongsidesend.co.uk (we want to fix it!)
  2. Complain to ICO:
    • Website: ico.org.uk
    • Phone: 0303 123 1113
    • Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow SK9 5AF

Contact Us

Questions about your data?

Data requests: Please specify which right you're exercising (access, erasure, etc.) and include your email address (to verify identity).


Our Commitment

"We built Alongside SEND because we believe every parent deserves compassionate support when navigating the SEND system. Your trust is the foundation of that mission. We will never compromise your privacy for profit."

— Judith Reece, Founder

This Privacy Charter sits alongside our full Privacy Policy (legal document at alongsidesend.co.uk/privacy).

← Back to the Alongside SEND homepage