Data Security in Schools

Designed with school security at heart

The Assembly Platform is designed with privacy and data security at its core. We are fully compliant with all aspects of GDPR and proud of the additional measures we take to protect your data.

Section Breaker

BSI Logo
Secure Systems

As an added assurance that your data is secure with Assembly, we have been certified to international standards for information security management systems by the UKAS accredited British Standards Institute in ISO 27001.

Section Breaker


We are always clear and transparent in how we extract, transport and store data in our platform. We try to explain this as simply as possible.


We exist to help schools get the most out of their data, not to gain any understanding of it ourselves. We will never inspect data or mine for information, or allow others to do so.

End to end security

We are commited to making sure your data is secure. This includes Secure Socket Layers for encrypted transfer, encryption of data at rest, field-level encryption for identifiable data and password protection for all end users.

Keeping you in control

No unauthorised sharing

One of the reasons Assembly exists is to help you connect your data to education apps where you wish to. However we will never, ever share data with anyone except where you’ve asked us to. Your data is still yours to process as you see fit.

Minimum data transfer

When you choose to authorise an application, we will tell you what data that app needs access to before you decide whether you want to authorise it. We won’t share more than the minimum that it requires.

Freedom to delete

We delete data when schools leave the platform or become inactive. You are also entitled to choose to have your data deleted at any point you wish.

Freedom to change your mind

Decisions you make don’t have to be permanent. If you change your mind about where you want to share your data, you can simply revoke the permission in your console.

Want to find out more?

Our privacy statement explains how we process data in a little more detail than this summary.

Our self certification response to the DfE’s Cloud Software Services Questionnaire also contains information about our approach to data protection, following guidance provided by the DfE in 2014.

Our approach to information security management systems is explained in our Information Security Policy.

For full details, please refer to our suite of privacy documents. We keep these on Github so that you can easily see any amendments we’ve made:

Terms of Service

This explains in full detail how our platform works, and how we ensure privacy and security. This is also the document we require schools to agree to before using the platform. It explains what we require from schools if they choose to use Assembly.

Developer Agreement

This is the agreement that we require Application Developers sign up to. It covers the minimum privacy and security principles that we require from them. Just as our Terms of Service extends these to cover the Assembly platform, developers have their own policies that explain data protection in relation to their specific application