Data Protection
How SENDev uses personal data
SENDev is designed for school staff to manage access-arrangements evidence with only the data needed for that task.
What we process
Staff account data, assignment workflow records, student identifiers, student support evidence, audit events, reminder settings, and essential session data.
Why we process it
- To authenticate staff and control access by school and role.
- To create, review, and complete access-arrangements evidence packs.
- To keep a security audit trail and manage account protection.
- To send teacher reminder emails when a school enables reminders.
Processor disclosures
| Processor | Purpose | Data shared | Status |
|---|---|---|---|
| MySQL | Stores user accounts, assignments, audit logs, reminder settings, and session data for the service. | Operational personal data entered into SENDev. | Enabled |
| Wonde | Optional school MIS sync for staff and student lookup when configured by the school. | Only the minimum student/staff profile fields needed for assignment and evidence workflows. | Optional per school |
| SMTP provider | Sends reminder emails to teachers when reminders are enabled. | Teacher name, teacher email address, and reminder count. Student names are not included in reminder emails. | Not configured |
Retention
- Audit logs are deleted after 365 days.
- Failed-login records are deleted after 90 days.
- Uploaded supporting evidence files are deleted after 180 days once a request has been completed or archived.
Your rights
School admins can export user or student records and purge uploaded evidence files from inside the admin workspace. Requests for correction, restriction, or deletion should be handled by the school controller using those tools and the school's own GDPR process.