Privacy Policy | EHCP Clarity

Privacy Policy

Last updated: May 2026

EHCP Clarity is built by parents, for parents. We handle your data responsibly, keep it only as long as you need it, and never sell it.

Data controller

The data controller for the personal data described in this policy is Ianson Systems Ltd (trading as EHCP Clarity), a company registered in England and Wales with its registered office at 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom.

We are registered with the UK Information Commissioner's Office under registration number ZC127831.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at any time. The ICO can be contacted via ico.org.uk/make-a-complaint or on 0303 123 1113.

For questions about how we handle your data, or to exercise any of your rights, contact us at support@ehcppackbuilder.co.uk. We aim to respond within 5 working days, and in any event within 1 calendar month of receipt as required by UK GDPR for data subject requests. For complex or numerous requests we may extend this period by up to 2 further months and will notify you of any extension within the first month.

What data we store

  • Account details: Your email address and name, provided when you create an account. Authentication is managed by Better Auth, our session-based authentication service.
  • Pack information: The case details you enter — child's name, local authority, route type, notes, and guided input responses. This information may include details about your child's educational needs, health conditions, and disabilities.
  • Targeted extracts: Short passages of text you paste directly into the system from your reports, letters, or assessments — you choose which quotes to include. These are stored in our database and may contain health, disability, and educational psychology information about your child. Identifying details (names, dates of birth, addresses) are replaced with pseudonymisation tokens (such as [CHILD] and [PARENT]) before storage and before any AI processing — see Identifier Lens below.
  • Pasted document text: Text you paste from external documents is processed in memory only and is not retained — only the AI summary you choose to keep is saved to your case.
  • EHCP Operator outputs: Summaries, evidence points, draft sections and readiness reviews generated from your inputs.
  • Chronology and evidence items: Events and evidence points you create or accept from EHCP Operator suggestions.
  • Payment records: If you unlock a pack, we store a record of the payment (via Stripe) including the session reference and amount paid. We do not store card details.
  • Consent record: The date and time you gave consent to process your data, stored so we can demonstrate compliance.

Special category data

EHCP Clarity is designed to help parents prepare materials related to their child's educational, health, and disability needs. As a result, information you enter into the service — including targeted extracts you paste from reports, guided input responses, and case notes — is likely to include special category personal data as defined by UK GDPR Article 9. This includes data about health conditions, disabilities, and educational psychology assessments relating to your child.

We process this data under UK GDPR Article 9(2)(a) — your explicit consent, given at the point of first use — and, where your use of the service is connected with legal proceedings or preparing claims, under Article 9(2)(f) (processing necessary for legal claims). Where the purpose of the case preparation is to secure appropriate educational or therapeutic support for a child with special educational needs, we may also rely on Article 9(2)(g) (substantial public interest) read with Schedule 1 Part 2 paragraph 29 of the Data Protection Act 2018 (safeguarding of children and individuals at risk).

We recommend that you do not include sensitive personal data about third parties (such as professionals or other children) unless it is strictly necessary for your case preparation.

Lawful basis for processing

  • Performance of a contract (Art. 6(1)(b)): Processing your account details and case data is necessary to deliver the EHCP Clarity service to you.
  • Consent (Art. 6(1)(a) and Art. 9(2)(a)): We rely on your explicit consent — given before you first use the service — to process special category data, including health and disability information about your child.
  • Legal obligation (Art. 6(1)(c)): We retain payment records for 7 years to comply with financial reporting and tax obligations.
  • Legitimate interests (Art. 6(1)(f)): We process limited technical data (error logs, usage metadata) to maintain and improve the security and stability of the service. We have assessed that this does not override your rights and interests.

How we use your data

We use your data solely to provide the EHCP Clarity service to you. Specifically:

  • To generate outputs from your documents and notes using the EHCP Operator AI engine (powered by OpenAI's API)
  • To power the 'Find evidence' feature, which analyses your extracts and surfaces relevant passages for your case sections
  • To let you return to and continue building your pack across sessions
  • To process payments via Stripe when you unlock annual access
  • To troubleshoot technical issues and improve the service

When we ask you to sign in

You can start building a pack without creating an account. Browsing, picking your route, entering your child's details, adding chronology and evidence notes, and pasting targeted extracts all work without sign-in. While you are anonymous, your in-progress case is held against a short-lived browser session identifier and is owned by the guest session — not by an account.

We only ask you to sign in when you reach a step that needs an account to be meaningful: generating an AI draft pack, exporting your pack, or paying for the unlock. At that point a sign-in window opens in place — you do not leave the page. As soon as you sign in or sign up, your in-progress case is moved from the guest session onto your account in a single database transaction, and the action you originally clicked is then carried out automatically. You do not have to repeat your work.

Authentication is handled by Better Auth using secure, server-side HTTP-only cookie sessions. Your email and password are stored in our database and never sent to third-party identity providers. See Sub-processors below.

Session duration. Once signed in, your session remains active for up to 7 days of inactivity. If you do not use the service for 7 days your session will expire and you will be asked to sign in again. Sessions are held as HTTP-only cookies and are invalidated server-side on sign-out.

Pseudonymisation in our database (Identifier Lens)

EHCP Clarity uses a privacy model we call the Identifier Lens. Every piece of long-form text you add to a pack — guided input, chronology entries, evidence notes, issue map items, draft sections — is run through a pseudonymisation step before it is written to our database. Your child's name, your name, the school name, the local authority name and the address are replaced with structured tokens (for example, [CHILD], [PARENT], [SCHOOL], [LOCAL_AUTHORITY], [ADDRESS]). Structural identifiers such as postcodes, NHS numbers, email addresses and phone numbers are also replaced with tokens. First names are detected using an ONS-backed name list covering common UK given names, providing an additional layer of protection beyond title-case detection alone.

The real identifiers are held in a small, separate set of fields on the case record (child name, your name, school name, local authority, address). When you load a page in the app, our server uses those fields to swap the tokens back into the text just before it is sent to your browser, so you see your real names while you work.

Automatic clearing of your identifiers. Those identifier fields are cleared from our database in two situations: (1) immediately after you export a pack, and (2) automatically after 24 hours of inactivity on a case. The pack content itself is preserved — only the identifiers are removed. The next time you sign in we will ask you to re-enter your child's name, your name, the local authority and (optionally) the address. Once you do, the tokens are swapped for your real names again.

The same pseudonymisation happens before any text leaves our server for OpenAI's API, so OpenAI never receives the real identifiers from your case. Tokens are restored in the response before it is shown to you. This is a technical measure to limit the identifying information held in our database and transmitted to third-party AI processors.

Your responsibility for reviewing replacements

While the Identifier Lens performs automatic detection and replacement of identifiers, it cannot guarantee completeness — particularly if text contains identifiers that were not declared in your case settings, or identifiers in unusual formats. You are responsible for reviewing every replacement shown to you before confirming, ensuring that all identifying details have been fully and correctly replaced, and for the completeness of redaction prior to any text being saved or processed. You must not confirm or save an extract if you believe identifying details remain unredacted. EHCP Clarity provides the redaction tool to assist you; the final verification and assurance of completeness before submission is your responsibility.

AI processing and your information

When you use EHCP Operator features, pseudonymised text from your case is sent to OpenAI's API to generate summaries, evidence points, and draft text. Your data is transmitted securely over HTTPS. We configure requests not to store outputs where supported, and API call logging is disabled in our OpenAI dashboard. Under standard API terms, your data is not used by OpenAI to train their models.

No automated decisions: In accordance with UK GDPR Article 22, EHCP Clarity does not make solely automated decisions that produce legal or similarly significant effects about you or your child. All EHCP Operator outputs are clearly marked as drafts and require your review and confirmation before use.

All EHCP Operator content must be reviewed by you before use — see our Data & EHCP Operator page for more detail.

Who we share data with and international transfers

We use a small number of trusted sub-processors. Several are based in the United States. Data transfers to US-based processors are covered by the UK-US Data Bridge (a UK adequacy decision) where the processor is certified, and by standard contractual clauses where required. Contact us at support@ehcppackbuilder.co.uk to request details of specific transfer safeguards.

  • Better Auth (United Kingdom / EU (database)): Session-based authentication service. Session tokens are stored as HTTP-only cookies. Authentication credentials are held in our database (Neon, EU region). No international transfer.
  • OpenAI (United States): AI content generation from pseudonymised case text. Identifying details are replaced with tokens before transmission. Requests are configured not to store outputs where supported, and API call logging is disabled in our OpenAI dashboard. Your data is not used to train OpenAI models under standard API terms. Transfer covered by OpenAI's Data Processing Addendum incorporating the UK International Data Transfer Agreement (IDTA).
  • Stripe (United States / European Union): Payment processing when you unlock a pack. Transfer covered by UK-US Data Bridge and EU adequacy.
  • Neon / PostgreSQL (European Union): Secure database storage for your pack data. No international transfer.
  • Replit (United States): Application hosting and infrastructure. Transfer covered by UK-US Data Bridge.

We do not sell, rent, or share your personal data with any third party for marketing or advertising purposes.

How long we keep your data

  • Case data, notes, and AI outputs: Held until you delete the pack or request account closure. You can delete any pack from your dashboard at any time. Identifying details (child name, your name, school, local authority, address) are cleared from the database immediately after you export a pack and automatically after 24 hours of inactivity — see Identifier Lens above.
  • Uploaded files: Removed from secure storage within 24 hours of the associated case being deleted.
  • Payment records: Retained for 7 years to meet legal and accounting obligations.
  • Account details (email, name): Removed within 30 days of receiving and processing an account closure request.
  • Consent records: Retained for 3 years from the date of consent as evidence of compliance, then deleted.

Your rights under UK GDPR

Under UK GDPR, you have the following rights. To exercise any of them, email support@ehcppackbuilder.co.uk with the subject line Data rights request. We will respond within 30 days.

  1. Right of access (Subject Access Request): You can ask us to confirm what personal data we hold about you and receive a copy of it.
  2. Right to rectification: You can ask us to correct any inaccurate or incomplete personal data we hold about you.
  3. Right to erasure ("right to be forgotten"): You can ask us to delete your personal data. You can also delete individual packs yourself from your dashboard — this removes all associated documents, notes, and AI outputs. For full account deletion, email us.
  4. Right to restriction of processing: You can ask us to restrict how we use your data — for example, while you contest its accuracy.
  5. Right to data portability: You can request a machine-readable copy of the personal data you have provided to us. Use the "Download my data" button in your account settings, or email us to request a full export.
  6. Right to object: You can object to processing based on legitimate interests. We will stop unless we can demonstrate compelling grounds that override your interests.
  7. Right to withdraw consent: Where we rely on consent (including for special category data), you can withdraw it at any time by contacting us. Withdrawal does not affect the lawfulness of processing before the withdrawal.
  8. Right to lodge a complaint with the ICO: If you believe we have handled your data unlawfully, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk/make-a-complaint or by calling 0303 123 1113.

Cookies

EHCP Clarity uses session cookies only — small files placed on your device to keep you signed in as you navigate the service. These are generated by our server (via Better Auth) as HTTP-only session cookies and are strictly necessary for the service to function.

We do not use tracking cookies, advertising cookies, or any third-party analytics that place cookies on your device. Because we only use strictly necessary cookies, no cookie consent banner is required.

Changes to this policy

If we make material changes to this policy, we will notify you by email at least 15 days before the changes take effect. Continued use of the service after that date constitutes acceptance of the updated policy. The "Last updated" date at the top of this page always reflects the most recent version.

Contact

If you have questions about this policy or how we handle your data, email support@ehcppackbuilder.co.uk.

Terms of useDisclaimerData & EHCP Operator