Privacy Policy

Last updated: 16 April 2026

1. Data Controller

AllSeeingOfsted (“we”, “us”, “our”) is operated by Kyle Smith, a sole trader based in England, United Kingdom. For the purposes of UK data protection law, Kyle Smith is the data controller of personal data collected through the platform at allseeingofsted.com.

Registered address: 35 Cromwell Road, Wolverhampton, WV10 8AA
Email: help@allseeingofsted.com
ICO registration number: C1922038

We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. What Data We Collect

We may collect and process the following personal data:

  • Account information: Your email address, display name, and chosen local authority / provider type preference when you register.
  • Mobile number: Optional. If you add a mobile number, we use it to send SMS verification codes (two-factor sign-in and password recovery) and subscription confirmation messages. You can update or remove it at any time from your account page.
  • Payment information: Payment details are collected and processed securely by Stripe. We only store your Stripe customer ID, not your full card details.
  • Technical data: IP address, browser type, device information, and pages visited when you use the platform.
  • Usage data: Search queries, pages viewed, and features used. Includes per-request logs for the JSON API (your API key ID, IP, user agent, query params excluding the API key itself, response row count, status code) kept for abuse-detection and audit purposes.
  • AI analysis inputs/outputs: When you request an AI inspector analysis we pass the public inspector data we already hold to the Anthropic Claude API and store the generated JSON result against your account. Completed analyses are retained indefinitely so you can revisit them and so we can show you when an analysis for a given inspector was last generated. No personal identifiers about you are sent to Anthropic. You can request deletion of your analysis history at any time by emailing help@allseeingofsted.com, and all analyses are removed automatically if you delete your account.
  • Communication data: Any information you provide when contacting our support team, plus the email address you used to contact us.

3. Why We Collect It

We use your personal data for the following purposes:

  • Account management: To create and maintain your account, verify your identity, and manage your subscription.
  • Service delivery: To provide the features and functionality of the platform, including personalised alerts and analysis.
  • Security: To detect and prevent fraud, abuse, and unauthorised access to the Service.
  • Communication: To send transactional emails (verification codes, password resets, subscription confirmations) and respond to support enquiries.
  • Improvement: To understand usage patterns and improve the platform.

4. Legal Basis for Processing

We process your personal data on the following legal bases under Article 6 of the UK GDPR:

  • Contract (Article 6(1)(b)): When you create an account and use the Service, processing is necessary for the performance of the contract between you and AllSeeingOfsted — including authenticating your login, delivering the features of your plan, processing payments, sending transactional account email (verification codes, password resets, purchase confirmations), and providing customer support. You cannot use the Service without us processing this data.
  • Legitimate interests (Article 6(1)(f)): We process certain data on the basis of our legitimate interests in operating, securing, and improving the Service, where those interests are not overridden by your rights and freedoms. This covers: security and fraud prevention (e.g. IP addresses, login activity, rate-limit logs); aggregate analytics on platform usage; the publication of analytics derived from publicly available Ofsted reports; and reasonable communications with you about material changes to your account or the Service.
  • Legal obligation (Article 6(1)(c)): Where required by law (e.g. retention of billing records for tax purposes, response to lawful requests from regulators or law enforcement).
  • Consent (Article 6(1)(a)): Where we ask for it explicitly — for example, opt-in marketing communications (see Section 6 below). Where processing relies on your consent, you have the right to withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

5. Third-Party Processors

We share personal data with the following third-party processors, who act on our behalf and under our instructions:

  • Stripe, Inc.: For secure payment processing and subscription management. Stripe’s privacy policy applies to the payment data they handle.
  • Google LLC (Google Workspace): Outbound email (verification codes, password resets, subscription confirmations, alert notifications) is sent via Google Workspace SMTP from help@allseeingofsted.com and verify@allseeingofsted.com.
  • ClickSend: SMS delivery for verification codes and subscription confirmations, where a mobile number has been provided.
  • Anthropic (Claude API): Inspector-level analysis and aggregate "next steps" summaries are generated via the Anthropic Claude API. Only the public inspection data we already hold is shared; no user personal data is passed to Anthropic.

We do not sell your personal data to any third party.

5a. International Data Transfers

Some of our third-party service providers are located outside the United Kingdom. Where personal data is transferred internationally, we ensure appropriate safeguards are in place in accordance with UK data protection laws, including reliance on UK adequacy regulations or approved standard contractual clauses.

6. Cookies

We use the following types of cookies:

  • Session cookies: Essential cookies used to maintain your authenticated session. These are strictly necessary for the Service to function and cannot be disabled.
  • Preference cookies: Used to remember your settings and display preferences across visits.

We do not use third-party tracking or advertising cookies.

6a. Marketing Communications

We do not send marketing communications unless you have opted in. The email and SMS messages we send to account holders by default are transactional — verification codes, password resets, purchase receipts, alert digests you have explicitly subscribed to, and material notifications about your account or the Service. These are sent on the basis of contract or legitimate interest, not marketing consent.

If we introduce optional marketing communications (such as product newsletters or promotional offers), we will only send them where you have given prior, specific, and informed consent under the Privacy and Electronic Communications Regulations 2003 (PECR). You can withdraw your consent at any time by using the unsubscribe link in any marketing message or by contacting help@allseeingofsted.com. Withdrawing marketing consent does not affect the lawfulness of transactional messages required to deliver the Service.

7. Data Retention

We retain your personal data for as long as your account is active and as needed to provide the Service. If you request deletion of your account, we will remove your personal data within a reasonable timeframe, except where we are required to retain certain information by law or for legitimate business purposes (such as resolving disputes, enforcing our terms, or fulfilling tax / accounting obligations — typically up to 6 years for billing records).

Technical logs (including IP addresses, login activity, and rate-limit records) are retained for up to 365 days for security, fraud prevention, and incident-investigation purposes, after which they are automatically purged. Where a specific log is required for an active security investigation or legal matter, we may retain it for longer until that matter is resolved.

Backups of the production database are retained for up to 30 days on a rolling basis to support disaster-recovery scenarios. Personal data deleted at your request will persist in those backups until the relevant backup expires, at which point it is overwritten.

8. Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

  • Right of access: You may request a copy of the personal data we hold about you.
  • Right to rectification: You may request correction of inaccurate or incomplete data.
  • Right to erasure: You may request deletion of your personal data (“right to be forgotten”).
  • Right to data portability: You may request your data in a structured, commonly used, machine-readable format.
  • Right to object: You may object to processing based on legitimate interest.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at help@allseeingofsted.com. We will respond to your request within one month, as required by law.

9. Data Security

We take appropriate technical and organisational measures to protect your personal data, including:

  • Encrypted connections (HTTPS/TLS) for all data in transit.
  • Secure password hashing using industry-standard algorithms.
  • Session management with CSRF protection and secure cookie handling.
  • Regular review of access controls and security practices.

9a. Automated Decision-Making and Profiling

We do not use automated decision-making that produces legal effects concerning you or similarly significantly affects you within the meaning of Article 22 of the UK GDPR. AI-generated outputs on the Service (including inspector analyses, prep packs, group benchmark commentary, and aggregate "next steps" summaries) are informational only — they are intended to support human judgement, not replace it, and are not used to make automated decisions about you.

Internal automated processes such as fraud-prevention scoring, rate-limit triggers, and account-suspension thresholds may flag activity for review, but final decisions affecting your account (suspension, termination, refund determinations) are made or confirmed by a human reviewer.

10. Children

The Service is for use by adults aged 18 or over. We do not knowingly collect personal data from children as part of the user account or subscription process. If we become aware that we have collected personal data from a person under 18, we will take steps to delete it promptly.

The Service does not process personal data about children attending the inspected settings. The Ofsted inspection content we display is published by Ofsted under the Open Government Licence and contains commentary about settings (nurseries, childminders, schools, multi-academy trusts), inspectors, and registered providers — it does not contain information about individual children. Where Ofsted reports refer to children only in aggregate or anonymised terms, we display those references as published by Ofsted; we do not enrich, deanonymise, or otherwise process information about identified children.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Material changes will be communicated via email or a notice on the platform. The “last updated” date at the top of this page indicates when the policy was most recently revised. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

12. Contact

If you have any questions or concerns about this Privacy Policy or how we handle your personal data, please contact us at:

Email: help@allseeingofsted.com

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your data protection rights have been infringed. The ICO can be contacted at ico.org.uk.