We take keeping your data safe very seriously, our security measures are extensive and follow industry best practice. Safety, security and privacy has been thought of throughout the design of HEC and the trust that we are given to keep this data safe is important to us. Firstly, the main account holder is the parent or carer (from now on called the 'customer') who must be over 18. When we create an account it is the customer's name and email we use. The customer can then create 'learner' accounts. We use minimal personal information about a learner. Customer's are able to use a nickname for their learner rather than their actual name if preferred. The portfolio document will allow the nickname to be changed locally when downloaded later. The following security measures are also in place:
* The back-end services network perimeter is protected by a firewall as well as a web application firewall
* The applications back-end data is encrypted at rest
* The communications between back-end services and the databases used are encrypted
* The communications between the application on the phone and the back-end services are also encrypted
* Customers authenticate using the industry standard for this type of application (oAuth2’s authorisation code flow with proof key for code exchange (PKCE))
* Customers will be required to provide a strong password when registering with the application
* Customers of the application will have the option to enable two-factor authentication
* A ridged patching strategy will be employed to keep the software used by the application and back-end services up to date.
* The application is scanned for vulnerabilities in the application code and in any third-party dependencies used.
* Separation between development, test and production environments is in place
* No customer data will be used in development or testing
* A suite of automated tests are run against any changes to the application code that ensure the integrity of customer data
* The team have decades of experience in running internet facing applications
We are constantly reviewing and updating our security measures as necessary and will update this page as new security capabilities are added.
Please see our privacy policy page for more information.
Apart from where we use third-party dependencies within our application for transactional processes, the simple answer is NO. As long-term home educator's ourselves, we are fully aware of the issues around maintaining privacy. Our HEC tool is designed to support home-educating families and it exists for you and only you to use.
Not all families choose to keep formal records but some find it useful and HEC is designed for those who would like a tool to help with this. For more information on your rights around home educating in the UK here are some useful links:
*
https://www.educationotherwise.org/resources/fact-sheets/
* https://educationalfreedom.org.uk/
* https://www.facebook.com/share/g/rBe3pU3o2bmAP6g6/