Trusted with the young people who need it most.
Safeguarding and data protection are built in as a benefit, not bolted on as a checklist.
The standard a system holding this data should meet, met quietly.
Safe by design, from the first line of code.
The young people in an alternative provision are among the most vulnerable anywhere in the system. A platform that holds their information has to earn the right to.
So safeguarding, accountability and data protection were not features added late. They shaped how the platform was built, and they run through every part of it.
Accountable for every young person, and every action.
Risk assessment and a full audit trail run through the platform.
Every change is recorded. Every monthly report is reviewed by a person and signed off by a leader before it goes anywhere. The platform shows who did what, and when. Nothing important happens without a trail behind it.
The right people see the right things.
Role-based access across nine roles, scoped by area and site.
A mentor sees the young people they work with. A leader sees the sites they are responsible for. Access follows the job, so sensitive information is only ever in front of the people who need it. Sign-in is multi-factor.
Built to UK data protection, not retrofitted to it.
The platform is built around UK data protection law, and data minimisation is the default.
Information is held because it helps a young person move forward, not gathered for its own sake. Each setting remains the data controller; Hapio acts as the data processor, only on your instructions. The platform's data is hosted in the EU, in Ireland.
AI narrates. It never decides.
The platform uses AI to draft the words of a monthly report, and nothing more.
Every number, score, level and recommendation is calculated by the platform and is fully auditable. AI only turns recorded evidence into readable prose. A person reviews and edits it, and a leader signs it off, before it is shared. Before any of a young person's data reaches an AI model it is anonymised, and it is not used to train one.
What that means in practice.
Anonymised before AI
A young person's data is anonymised before it reaches any AI model, and never used to train one.
Role-based access
Nine roles, scoped by area and site, so people see only what their job needs.
Full audit trail
Every change and sign-off is recorded, with a person and a leader behind every report.
Multi-factor sign-in
Access to the platform is protected by multi-factor authentication.
UK data protection
Built around UK data protection law, with data minimisation as the default.
Human sign-off
AI drafts the prose, a person reviews, and a leader signs off before anything is shared.
No mystery about who touches your data.
We work with a small number of trusted providers to host the platform, draft report prose, and send our emails. We will share the full list, and a data processing agreement, with any setting that asks.
We are registered with the ICO. A full list of sub-processors is available on request, and we are happy to complete a setting's own due-diligence and security questionnaires.
The young people come first. So does protecting them.
Book a demo and we will walk you through every safeguard, in plain terms.
