Safeguarding and data protection are built in as a benefit, not bolted on as a checklist.
The standard a system holding this data should meet, met quietly.
The young people in an alternative provision are among the most vulnerable anywhere in the system. A platform that holds their information has to earn the right to.
So safeguarding, accountability and data protection were not features added late. They shaped how the platform was built, and they run through every part of it.
Risk assessment and a full audit trail run through the platform.
Every change is recorded. Every monthly report is reviewed by a person and signed off by a leader before it goes anywhere. The platform shows who did what, and when. Nothing important happens without a trail behind it.
Role-based access across nine roles, scoped by area and site.
A mentor sees the young people they work with. A leader sees the sites they are responsible for. Access follows the job, so sensitive information is only ever in front of the people who need it. Sign-in is multi-factor.
The platform is built around UK data protection law, and data minimisation is the default.
Information is held because it helps a young person move forward, not gathered for its own sake. Each setting remains the data controller; Hapio acts as the data processor, only on your instructions. The platform's data is hosted in the EU, in Ireland.
The platform uses AI to draft the words of a monthly report, and nothing more.
Every number, score, level and recommendation is calculated by the platform and is fully auditable. AI only turns recorded evidence into readable prose. A person reviews and edits it, and a leader signs it off, before it is shared. Before any of a young person's data reaches an AI model it is anonymised, and it is not used to train one.
A young person's data is anonymised before it reaches any AI model, and never used to train one.
Nine roles, scoped by area and site, so people see only what their job needs.
Every change and sign-off is recorded, with a person and a leader behind every report.
Access to the platform is protected by multi-factor authentication.
Built around UK data protection law, with data minimisation as the default.
AI drafts the prose, a person reviews, and a leader signs off before anything is shared.
We work with a small number of trusted providers to host the platform, draft report prose, and send our emails. We will share the full list, and a data processing agreement, with any setting that asks.
We are registered with the ICO. A full list of sub-processors is available on request, and we are happy to complete a setting's own due-diligence and security questionnaires.
Book a demo and we will walk you through every safeguard, in plain terms.