Privacy Policy

Version: 1.0
Effective date: 12 May 2026
Website/service: checkitquick.academicintelligence.co.uk
Organisation: Academic Intelligence Ltd
Contact email: [email protected]
Registered office: 60 Viceroy Court, 36 Dingwall Road, Croydon, England, CR0 2NG
Company number: 17204358 (Companies House)

For parents and pupils

In most cases your school controls your data. We provide software that helps the school show you information it already holds and receive corrections or confirmations from you.
We do not sell pupil data, use it for advertising, or train AI models on it.
For questions about school records, contact your school first.
For questions about our use of account, support, cookie or website data, contact [email protected].

1. About this Privacy Policy

This Privacy Policy explains how Academic Intelligence Ltd, referred to as we, us or our, uses personal data in connection with the website and service available at checkitquick.academicintelligence.co.uk, referred to as the Service.

The Service is used by schools, academy trusts, colleges and other educational organisations to help parents, guardians, carers and authorised users check, confirm or update information that the school already holds about them and their child pupils.

The Service connects with school systems, including iSAMS and MySchoolPortal single sign-on, where configured by the school.

This Privacy Policy is intended to explain:

a. what personal data we process;
b. whether we act as a controller or processor;
c. why personal data is processed;
d. where personal data comes from;
e. who personal data may be shared with;
f. how long personal data is kept;
g. how personal data is protected; and
h. the rights individuals have under UK data protection law.

2. Who We Are

The organisation responsible for the Service is:

Academic Intelligence Ltd
Registered office: 60 Viceroy Court, 36 Dingwall Road, Croydon, England, CR0 2NG
Company number: 17204358 (Companies House)
Email: [email protected]
Website: checkitquick.academicintelligence.co.uk

Our company number is 17204358. For ICO registration or VAT details for procurement, contact [email protected].

We do not currently appoint a Data Protection Officer as a statutory requirement. For data protection enquiries, our contact is:

Data protection contact: Academic Intelligence Ltd (privacy enquiries)
Email: [email protected]

3. Our Role: Controller or Processor

Our role depends on the type of personal data being processed.

3.1 School, Parent and Pupil Data

When the Service processes personal data from a school’s iSAMS database, MySchoolPortal account or related school systems, the school is normally the data controller and we are normally the data processor.

This means:

a. the school decides why and how the personal data is used;
b. the school decides which data is made available through the Service;
c. the school decides which users may access the Service;
d. the school is responsible for its lawful basis for processing; and
e. we process the data on the school’s instructions.

The ICO explains that controllers decide the purposes and means of processing, while processors act on behalf of controllers and have more limited responsibilities.

If you are a parent, guardian, carer, pupil or member of school staff and your question relates to personal data held by your school, you should normally contact the school first.

3.2 Our Own Business, Website and Service Administration Data

We are normally the data controller for personal data we use for our own business and administration purposes, such as:

a. customer contact details;
b. school administrator account details;
c. billing and contract records;
d. website enquiries;
e. support requests;
f. security logs;
g. cookie data (and analytics only if introduced in future as described in our Cookie Policy); and
h. records needed to run, secure and improve our Service.

4. What the Service Does

The Service allows a school to configure access to its own school systems. An authorised school administrator may enter API keys, API secrets, SSO settings or other credentials into their admin account so that the Service can connect to the school’s systems.

Depending on the school’s configuration, the Service may:

a. authenticate users through MySchoolPortal single sign-on;
b. retrieve parent, guardian, carer or pupil information from iSAMS;
c. display information to authorised users for checking or confirmation;
d. allow users to submit proposed updates;
e. validate, process or transmit updates;
f. write approved changes back to the school’s iSAMS database;
g. store school configuration settings;
h. store API keys, secrets and related credentials needed for the Service to work; and
i. keep limited logs and audit records for security, support and troubleshooting.

The Service is designed so that it does not keep a permanent copy of parent or pupil records after the processing session, except where limited information is needed for security, logs, support, audit trails, backups, error handling or legal purposes.

5. Personal Data We May Process

Depending on how a school configures the Service, we may process the following types of personal data.

5.1 Parent, Guardian and Carer Data

This may include:

a. name;
b. address;
c. email address;
d. telephone number;
e. relationship to pupil;
f. emergency contact details;
g. contact preferences;
h. communication details;
i. authentication identifiers;
j. MySchoolPortal user identifiers or SSO claims;
k. submitted corrections or updates; and
l. other information made available by the school through iSAMS or related systems.

5.2 Pupil Data

This may include:

a. name;
b. pupil identifier;
c. school identifier;
d. year group, form, house, class or similar school information;
e. linked parent, guardian or carer relationships;
f. contact and household information;
g. information submitted by parents, guardians or carers; and
h. other pupil information made available by the school through iSAMS or related systems.

5.3 School Staff and Administrator Data

This may include:

a. name;
b. job title;
c. school email address;
d. telephone number;
e. administrator login details;
f. access permissions;
g. support requests;
h. configuration activity;
i. audit logs; and
j. communications with us.

5.4 Technical, Security and Usage Data

This may include:

a. IP address;
b. browser type and version;
c. device type;
d. operating system;
e. date and time of access;
f. pages or features used;
g. authentication events;
h. error logs;
i. API request metadata;
j. change-submission metadata;
k. security logs;
l. cookie identifiers; and
m. diagnostic information.

5.5 API Keys, Secrets and Credentials

The Service stores certain credentials required to connect to school systems. This may include:

a. iSAMS API keys;
b. iSAMS API secrets;
c. MySchoolPortal SSO configuration;
d. client identifiers;
e. client secrets;
f. tokens;
g. endpoint URLs; and
h. related integration settings.

These credentials are used to allow the Service to function. They are not intended to be used for any unrelated purpose.

6. Special Category Data

The Service is not designed primarily to process special category data.

However, depending on what the school makes available through iSAMS, MySchoolPortal or related systems, the Service may process information that could include health, medical, dietary, disability, safeguarding or welfare information.

Product note: Schools should not expose special category or sensitive fields through iSAMS or portal configuration unless that information is genuinely needed for the workflow the school has enabled.

Where this occurs, the school is normally responsible for deciding whether that data should be made available through the Service and for identifying the appropriate lawful basis and special category condition under UK data protection law.

We process such data only on the school’s instructions and only as necessary to provide the Service.

7. Children’s Data

The Service may process children’s personal data because it is used in a school context.

We recognise that children’s personal data requires particular care. The ICO says children should be given privacy information in clear language they can understand, and that organisations need to consider the level of protection given to children’s data.

We do not use pupil data for:

a. advertising;
b. selling data;
c. data broking;
d. unrelated marketing;
e. behavioural advertising;
f. cross-school profiling; or
g. training artificial intelligence models.

8. Where Personal Data Comes From

Personal data processed through the Service may come from:

a. the school;
b. iSAMS;
c. MySchoolPortal;
d. parents, guardians or carers;
e. school staff or administrators;
f. authorised users of the Service;
g. our website forms;
h. support emails or helpdesk communications;
i. cookies and similar technologies; and
j. technical logs generated when the Service is used.

9. Why We Use Personal Data

We may process personal data for the following purposes.

9.1 To Provide the Service to Schools

This includes:

a. connecting to iSAMS;
b. enabling MySchoolPortal single sign-on;
c. retrieving relevant data from school systems;
d. displaying data to authorised users;
e. allowing users to check or submit updates;
f. validating submitted information;
g. writing changes back to iSAMS;
h. maintaining school settings; and
i. storing API credentials required for the Service.

When we do this for a school, we usually act as processor on the school’s instructions.

9.2 To Manage School Accounts

This includes:

a. creating and managing administrator accounts;
b. verifying authorised school users;
c. managing subscriptions or service access (including payment processing via Stripe where used);
d. sending service communications;
e. responding to school enquiries; and
f. administering contracts.

9.3 To Provide Support

This includes:

a. responding to support requests;
b. investigating issues;
c. checking configuration;
d. resolving technical problems;
e. communicating with school administrators; and
f. maintaining support records.

9.4 To Keep the Service Secure

This includes:

a. detecting unauthorised access;
b. monitoring suspicious activity;
c. protecting API keys and secrets;
d. preventing misuse;
e. investigating security events;
f. maintaining audit logs; and
g. protecting the integrity of the Service.

9.5 To Improve and Maintain the Service

This includes:

a. fixing bugs;
b. improving reliability;
c. monitoring performance;
d. understanding how the Service is used;
e. testing changes; and
f. developing new or improved features.

Where possible, we use anonymous, aggregated or minimised data for this purpose.

9.6 To Comply with Legal and Business Obligations

This includes:

a. keeping accounting records;
b. complying with tax obligations;
c. handling complaints;
d. responding to legal requests;
e. enforcing agreements;
f. defending legal claims; and
g. meeting data protection obligations.

10. Lawful Bases for Processing

Where we act as a processor for a school, the school is responsible for identifying the lawful basis for processing parent, pupil and school data.

Where we act as controller, we may rely on the following lawful bases.

Purpose	Lawful basis
Providing access to the Service for school administrators	Contract or legitimate interests
Managing customer accounts	Contract or legitimate interests
Responding to enquiries	Legitimate interests or steps before entering a contract
Providing support	Contract or legitimate interests
Keeping the Service secure	Legitimate interests
Storing and protecting API keys/secrets	Contract, legitimate interests and legal obligation where applicable
Sending service messages	Contract or legitimate interests
Billing and accounting (including Stripe where used)	Contract and legal obligation
Legal compliance	Legal obligation
Handling complaints or disputes	Legitimate interests and legal obligation
Website and product analytics	We do not currently use non-essential analytics cookies or similar tracking on the Service. If we introduce them, we will identify the lawful basis and obtain consent where required (see our Cookie Policy).
Non-essential cookies	Consent

Our legitimate interests include operating, securing, supporting and improving the Service, protecting school systems, preventing misuse, managing customer relationships and maintaining appropriate business records.

11. Cookies and Similar Technologies

The Service may use cookies and similar technologies.

Cookies may be used for:

a. keeping users signed in;
b. maintaining session security;
c. remembering preferences where essential;
d. protecting against misuse; and
e. essential operation of the Website.

We do not currently use non-essential analytics, advertising or marketing cookies. Other cookies, such as analytics or marketing cookies, would only be used where permitted by law and, where required, with consent, as described in our Cookie Policy.

For more information, see our Cookie Policy.

12. Who We Share Personal Data With

We may share personal data with the following recipients where necessary.

12.1 Schools

Where a parent, guardian, carer or authorised user submits updates through the Service, those updates may be sent to the relevant school or written into the school’s iSAMS database.

12.2 iSAMS

The Service may connect to iSAMS to retrieve, display and update school-held information, depending on the school’s configuration. iSAMS is your school’s system under your school’s contract with its vendor; we access it only with credentials you supply.

12.3 MySchoolPortal

The Service may use MySchoolPortal single sign-on to authenticate users and receive identity or access information. MySchoolPortal is provided under your school’s arrangement; we use it only as configured by your school.

12.4 Hosting and Infrastructure Providers

We use hosting and infrastructure providers to run the website, database and related systems. Core application and database infrastructure for the Service is located in the United Kingdom (including VPS hosting with OVHcloud in London, and managed PostgreSQL with Neon on AWS Europe West 2 (London)).

12.5 Payment Processing

Where subscriptions are paid online, Stripe processes payment and related billing data on our instructions. Stripe’s privacy notice applies to that processing.

12.6 Support, Security and Operational Providers

We may use third-party providers for support, monitoring, diagnostics, email delivery, error tracking, security, backups, analytics, source control and deployment automation (for example GitHub for build pipelines, typically involving limited metadata), or similar operational purposes.

12.7 Legal, Professional and Regulatory Recipients

We may share personal data with:

a. lawyers;
b. accountants;
c. insurers;
d. auditors;
e. regulators;
f. courts;
g. law enforcement; or
h. public authorities,

where necessary and lawful.

13. Subprocessors and Service Providers

Where we process personal data on behalf of a school, we may use subprocessors to help provide the Service.

Provider	Purpose	Location
OVHcloud	VPS hosting: application runtime, networking, backups where configured on this infrastructure	OpenStack os-uk2, London (UK)
Neon	Managed PostgreSQL database	AWS Europe West 2 (London), United Kingdom
Stripe	Subscription payment processing (where the school or its organisation pays via Stripe)	Per Stripe’s documentation; appropriate transfer mechanisms where applicable
iSAMS	School MIS integration and record updates	As contracted by the school
MySchoolPortal	Single sign-on and user authentication	As contracted by the school

We require subprocessors to protect personal data appropriately.

A current subprocessor list with additional categories is available at our Subprocessor list.

14. International Transfers

The core application and primary database for the Service are hosted in London, United Kingdom.

We aim to keep core school, parent and pupil processing within the United Kingdom where reasonably possible.

Some providers may process data outside the United Kingdom, for example payment processing, support, diagnostics, email or other cloud operations.

Where personal data is transferred outside the United Kingdom, we will ensure that appropriate safeguards are in place where required, such as:

a. UK adequacy regulations;
b. the UK International Data Transfer Agreement;
c. the UK Addendum to the EU Standard Contractual Clauses; or
d. another lawful transfer mechanism.

15. How Long We Keep Personal Data

We keep personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer period is required by law.

Typical retention periods are:

Data type	Typical retention
Parent/pupil data retrieved from iSAMS	Not intended to be permanently stored; processed transiently during use
Submitted updates	Kept only as needed for transmission, confirmation, audit, support or dispute handling
API keys and secrets	Kept while the school uses the Service; deleted or disabled on termination/request unless retention is required
School configuration	Kept while the school uses the Service and for a limited period afterwards
Administrator account details	Kept while the account is active and for a reasonable period afterwards
Security and application logs	Typically between 30 and 180 days unless a longer period is temporarily needed for a security investigation
Support records	Typically 12 to 24 months unless deletion is requested earlier and is lawful
Billing and accounting records	Retained as required for accounting, tax, legal and business records (often up to six years where UK requirements apply)
Backups	Retained according to the backup rotation cycle (typically up to approximately 90 days unless operational needs require otherwise)

If a school stops using the Service, we will delete or disable school configuration and credentials in accordance with our agreement with the school, subject to lawful retention, backups, logs and legal requirements.

For a detailed retention schedule, offboarding expectations and how we handle deletion requests, see our Data Retention & Deletion Policy.

16. How We Protect Personal Data

We use appropriate technical and organisational measures to protect personal data.

These may include:

a. HTTPS/TLS encryption for website traffic;
b. secure hosting in the United Kingdom;
c. access controls;
d. administrator authentication;
e. restricted personnel access;
f. encryption or secure secret management for API keys and secrets;
g. logging and monitoring;
h. backup and recovery processes;
i. confidentiality obligations;
j. secure development practices;
k. tenant separation between schools;
l. security updates; and
m. incident response procedures.

No online service can be guaranteed to be completely secure. Schools and administrators must also keep their own accounts, API keys, passwords and systems secure.

17. API Keys and Secrets

School administrators may enter API keys, API secrets, SSO credentials or similar values into the Service.

We use these credentials only to:

a. connect to the school’s configured systems;
b. provide the Service;
c. authenticate or authorise access;
d. troubleshoot technical issues;
e. maintain security; and
f. support the school.

Schools are responsible for:

a. deciding which credentials to create;
b. setting appropriate permissions;
c. rotating credentials where appropriate;
d. revoking credentials when no longer needed;
e. ensuring only authorised administrators have access; and
f. telling us promptly if credentials may have been compromised.

18. Automated Decision-Making and Profiling

We do not use parent or pupil personal data for automated decision-making that produces legal or similarly significant effects.

We do not use pupil data for behavioural advertising, cross-school profiling or unrelated analytics.

The Service may perform technical validation, formatting checks or rule-based processing to help submit updates to school systems. This does not replace the school’s responsibility for reviewing and managing its own records.

19. Marketing

We do not use parent or pupil personal data obtained from school systems for marketing.

We may contact school staff or administrators about:

a. service updates;
b. security notices;
c. account administration;
d. support matters;
e. renewal or billing matters; and
f. relevant product or service information where lawful.

Marketing communications can be opted out of at any time by using the unsubscribe link or contacting us.

Service, security and account messages may still be sent where necessary.

20. Data Subject Rights

Under UK data protection law, individuals may have rights including:

a. the right to be informed;
b. the right of access;
c. the right to rectification;
d. the right to erasure;
e. the right to restrict processing;
f. the right to object;
g. the right to data portability;
h. rights relating to automated decision-making; and
i. the right to withdraw consent where processing is based on consent.

The ICO says privacy notices should tell people about their information rights and how they can complain if they have concerns.

20.1 Requests About School, Parent or Pupil Data

If your request relates to personal data held by a school, such as pupil records, parent contact details or iSAMS information, you should normally contact the school directly.

This is because the school is usually the controller and decides how to respond to your request.

If you contact us directly about school-controlled data, we may refer your request to the relevant school.

20.2 Requests About Data We Control

If your request relates to data we control, such as your enquiry, administrator account, support record or marketing preference, contact us at:

[email protected]

We may need to verify your identity before responding.

21. Complaints

If you have concerns about how your personal data has been used, please contact us first so we can try to resolve the issue.

Email: [email protected]
Registered office: 60 Viceroy Court, 36 Dingwall Road, Croydon, England, CR0 2NG

You also have the right to complain to the UK Information Commissioner’s Office. The ICO recommends that people first raise complaints with the organisation concerned, but you may contact the ICO if you are unhappy with how your information has been handled.

ICO contact details:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Website: ico.org.uk
Telephone: 0303 123 1113

22. Links to Other Websites and Services

The Service may contain links to other websites or services, including school websites, iSAMS, MySchoolPortal or other third-party services.

We are not responsible for the privacy practices of those third-party websites or services. You should read their privacy policies separately.

23. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

If we make material changes, we will take reasonable steps to notify affected schools or users, such as by email, dashboard notice or website notice.

The latest version will be available on our website.

24. Contact Us

For privacy questions about the Service, contact:

Academic Intelligence Ltd
Email: [email protected]
Registered office: 60 Viceroy Court, 36 Dingwall Road, Croydon, England, CR0 2NG

If your question relates to personal data held by your school, you should normally contact the school directly.

Last updated: 12 May 2026.