Passdesk
Security

Security and data protection at Passdesk.

How we host your data, how we protect it, and how to report anything we may have missed.

Hosting UK · London region
Database UK · encrypted at rest
Compliance UK GDPR · ICO registered
Transport TLS 1.2+ · HSTS preload

Plain about where we are: Passdesk is an independent, founder-built platform — early in its life and run by one person. We don't hold ISO 27001 or Cyber Essentials certification yet, and we won't pretend otherwise. What follows is exactly how your data is handled today, so you can make your own call.

Where your data lives

Your school's data is stored and primarily processed in the United Kingdom: the database runs in a London region and the application servers run in Google Cloud's europe-west2 (London) region. To run the service we also rely on a small set of established sub-processors — some of them US-based, such as our payment, email and SMS providers — which process limited personal data outside the UK. Those transfers are protected by appropriate UK GDPR safeguards; see International transfers below.

Passdesk Ltd (registered in England & Wales, company number 17193377) is the data processor acting on each school's instructions; each school is the controller for its learners' and staff data. Solo learners contract with Passdesk directly.

Encryption

Data is encrypted in transit over TLS 1.2+ (HSTS preload), and at rest at the database and storage layer using our hosting providers' managed encryption. Passwords are stored as bcrypt hashes — never plaintext, never recoverable, even by us. Card details never touch our servers: all card data is tokenised and handled by our PCI-DSS Level 1 certified payment provider.

Access control

Access inside the product is role-based: a school's data is visible only to that school's own staff and to Passdesk support acting on the school's instructions. Each tenant's data is scoped at the query layer so one school can never see another's records. Sign-in is protected by per-IP rate limiting and a managed bot challenge, and admin actions are written to an internal audit log.

Day-to-day, the only people with production access are the founder and the small set of managed services listed below — there is no large support org with standing access to your records.

Backups & resilience

The production database runs on a managed Postgres provider with automated, encrypted backups and point-in-time recovery. Hosting and content delivery run on Cloudflare's global network. We're honest that, as an early-stage product, our formal recovery-time objective is still being matured — if that level of guarantee is a procurement requirement for you, talk to us before you commit.

Sub-processors

We use a small set of established providers to run the service. Each only processes the data needed for its function:

  • Neon — managed Postgres database hosting (UK region).
  • Google Cloud — application server compute (Cloud Run, London region).
  • Cloudflare — CDN, edge hosting, DNS, and bot protection (processes IP addresses).
  • Stripe — payment processing and card tokenisation (PCI-DSS Level 1).
  • Postmark — transactional email (password resets, invites, receipts).
  • Twilio — SMS notifications, where a school opts in to send them.
  • Sentry — error and performance monitoring (optional; production only; payloads are scrubbed of personal data).
  • Google — maps on address and route screens, and optional Google Calendar sync where a school connects it.
  • getAddress.io — UK postcode-to-address lookup on address forms.
  • Companies House — business-verification lookups (public register data).

We'll give you reasonable notice before adding a new sub-processor that handles personal data. For the current authoritative list or a signed data processing agreement (DPA), email hello@passdesk.co.uk.

International transfers

Your data is stored and primarily processed in the UK. A few of the sub-processors above are based in the United States — our payment provider (Stripe), email provider (Postmark), SMS provider (Twilio), optional error monitoring (Sentry), maps and calendar features (Google), and our CDN and bot protection (Cloudflare). Where they process personal data outside the UK, those transfers are covered by appropriate UK GDPR safeguards — the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or, where the provider is certified, the UK Extension to the EU–US Data Privacy Framework. We send each provider only the minimum personal data its function needs.

Your data — export & deletion

Your data is yours. You can export your records at any time from inside the app, and request correction or erasure whenever you want. The full set of UK GDPR rights, the export route, and the retention periods we apply are set out in the Your rights section of our privacy policy. If you cancel, you take your students, payments, rubric, and routes with you.

If something goes wrong

We're registered with the UK Information Commissioner's Office (ICO). If we ever became aware of a personal-data breach that posed a risk to individuals, we would investigate promptly and notify the ICO within 72 hours where UK GDPR requires it, and tell affected controllers and individuals without undue delay. Schools acting as controllers will be kept informed so they can meet their own notification duties.

Vulnerability disclosure

Found something? Email security@passdesk.co.uk. Good-faith researchers won't face legal action, and we're happy to credit you publicly if you'd like. For compliance questions, a DPA, or the current sub-processor list, get in touch at hello@passdesk.co.uk.