Privacy Policy

Last updated: April 2026

This policy explains how SENguru collects, uses and protects your personal data. It is written to comply with UK law — specifically the UK GDPR and the Data Protection Act 2018 — and follows the guidance issued by the Information Commissioner's Office (ICO).

Who we are

SENguru is a tool that helps families navigate the Education, Health and Care Plan (EHCP) process in England.

The data controller is SENguru CIC, a community interest company registered in England and Wales. You can contact us at privacy@senguru.co.uk for any privacy-related question, including subject-access requests.

What data we collect

  • Account information: your name and email address from Google OAuth sign-in.
  • Case data you provide: contact logs, documents you upload, deadlines, checklist progress, and settings (child name, local authority name).
  • AI-generated data: summaries, key points, and action items produced by AI analysis of your contacts and documents.
  • Technical data: minimal request logs (IP address, user-agent, timestamps) used to diagnose errors and protect against abuse. Logs are kept no longer than 30 days.

Why we process your data — and the lawful basis for each purpose

Under UK GDPR Article 6 we have to point each processing activity at a lawful basis. Ours are:

  • Performance of a contract — running the service you signed up to: storing your case, calculating deadlines, displaying your data back to you, and keeping you logged in.
  • Consent — running AI analysis (summaries, key points, draft EHCP review, chat responses) on the contacts and documents you provide. You can withdraw consent at any time by deleting the relevant content or your account.
  • Legitimate interests — short-term technical logs and security monitoring needed to keep the service working and safe. We have balanced this against your rights and only retain logs for 30 days.
  • Legal obligation — keeping limited records where law (e.g. tax, anti-fraud) requires us to.

How we use your data

  • To provide the SENguru service: displaying your case data, calculating deadlines, running AI analysis you have asked for.
  • AI analysis is performed by managed inference providers listed under "Sub-processors" below. Your data is sent to those providers only to generate the requested output and is not used to train any model.
  • We do not sell your personal data, ever. We do not share it with third parties for advertising or marketing. We will never share it with a new third party without your explicit consent, except where compelled by law.

Where your data is stored

  • The application runs on Google Cloud Run in a region inside the EEA / UK. The PostgreSQL database is hosted by Neon, also in the EEA.
  • AI inference is performed by Google Cloud Vertex AI; embeddings used for retrieval are also generated by Vertex AI.
  • Some providers may transfer data to the United States for processing. Where that happens we rely on the UK ICO's approved transfer mechanisms (UK International Data Transfer Addendum to the EU Standard Contractual Clauses) plus the relevant adequacy decision where one applies.
  • Data is encrypted in transit (TLS) and at rest. Each user's data is isolated at the database level — you cannot see another user's data.

Sub-processors (current data processors)

The following organisations process personal data on our behalf. Each is bound by a written data-processing agreement that requires them to use your data only for the purposes we set.

  • Google Cloud Platform — hosting (Cloud Run), object storage, and Cloud Logging. Region: EEA / UK where configurable.
  • Google Cloud Vertex AI — LLM inference and embedding generation. Vertex AI does not retain customer prompts for model training.
  • Neon — managed PostgreSQL hosting (with pgvector for retrieval).
  • Google (Identity) — Google OAuth 2.0 for sign-in. We receive your name and email; Google's privacy policy applies to their end of the connection.
  • Public CDNs (jsDelivr, unpkg) — serve daisyUI / HTMX assets to your browser. They may log access metadata but receive no application data.

If we add or change a sub-processor we will update this list and, where the change is material, notify account holders before the change takes effect.

How long we keep your data — retention

  • Account, case, contact and document data is retained for as long as your account exists.
  • If you delete your account, all associated case data (contacts, documents, deadlines, checklist progress, embeddings, AI-generated summaries) is permanently deleted within 30 days.
  • Backup snapshots may persist for up to 35 days after deletion before they expire on their normal rotation.
  • Technical logs are retained for no more than 30 days.

Your rights under UK GDPR

You have the right to:

  • Be informed about how your data is used (this policy).
  • Access: request a copy of all data we hold about you.
  • Rectification: correct inaccurate data via the Settings page or by contacting us.
  • Erasure: request deletion of your account and all associated data.
  • Portability: request your data in a machine-readable format.
  • Restrict or object to processing, and the right to withdraw any consent you have given.
  • Not be subject to a solely automated decision that has a legal effect on you. AI features in SENguru are decision-support tools — a human (you) is always the decision maker.

To exercise any of these rights, email privacy@senguru.co.uk. If you are unhappy with how we have handled your data you can complain to the Information Commissioner's Office (ICO) at ico.org.uk.

Cookies

SENguru uses a single session cookie (senguru_session) to keep you logged in. This is a strictly-necessary functional cookie required for the service to work — under PECR / UK GDPR it does not require an opt-in banner. We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

Children's data

SENguru is designed for parents and carers, not children. Any information about children (such as names entered in settings or mentioned in contacts) is provided by, and controlled by, the parent or carer. We treat that information as a special category of sensitive data and apply the same rights and protections to it as we do to the account holder's own data.

Security

We use TLS for all network traffic, encrypt data at rest, isolate user data at the database level, store secrets in a managed secret manager, and limit administrative access on a need-to-know basis. Administrative access to user data is logged.

Changes to this policy

We may update this privacy policy from time to time. The "last updated" date at the top of this page will be changed accordingly. Material changes (for example, adding a new sub-processor or a new processing purpose) will be communicated to account holders via email before they take effect.

Contact

For privacy-related questions or to exercise your UK GDPR rights, please email: privacy@senguru.co.uk