How SENScribe Protects Student Data
Last updated: 9 April 2026
A plain-English technical guide to our end-to-end encryption and PII redaction architecture. Share this with your Principal, DPO, or IT administrator.
Executive Summary (30 seconds)
The Problem: Teachers need AI help with paperwork, but sending student names to cloud services creates GDPR risk.
Our Solution: Two layers of protection. For AI generation, student names and diagnoses are redacted in the teacher's browserbefore transmission - the AI only sees "[PERSON_1] has attention regulation needs." For data storage, all Student Support Files are encrypted end-to-end on the teacher's device before being stored on our servers.
The Result: Teachers get AI-powered drafts and multi-device access. Schools get strong data protection. SENScribe cannot decrypt stored data or identify students in AI prompts.
How End-to-End Encryption and PII Redaction Work
You Type in Your Browser
You enter your observations including student names. This text exists only in your browser's memory.
Names Are Detected & Replaced
Our JavaScript code runs locally in your browser, detecting names and replacing them with placeholders like [PERSON_1].
Diagnoses Are Generalised
Specific conditions like 'ADHD' or 'dyslexia' are replaced with functional categories like 'attention regulation needs'.
Only Anonymous Text Is Sent
The redacted, generalised text is sent to our servers for AI processing. Student names and diagnoses have already been removed.
AI Generates the Draft
Microsoft Azure OpenAI (within the EU data zone) generates professional language based on the anonymous context.
Names Are Restored Locally
The response returns to your browser where our code swaps [PERSON_1] back to the real name. Student Support Files are encrypted and synced to our servers for multi-device access.
What Data Goes Where
| Data Type | Your Device | SENScribe Servers | Microsoft Azure | Stored? |
|---|---|---|---|---|
| Student Names | โ Yes | ๐ Encrypted only | โ Never | ๐ Encrypted (we cannot decrypt) |
| Specific Diagnoses (ADHD, ASD, etc.) | โ Yes | ๐ Encrypted only | โ Never | ๐ Encrypted (we cannot decrypt) |
| School Name / Class | โ Yes | ๐ Encrypted only | โ Never* | ๐ Encrypted (we cannot decrypt) |
| Generalised Needs (e.g., 'attention regulation needs') | โ Yes | โ Streamed only | โ Processed | โ ๏ธ Azure: 30 days (abuse monitoring) |
| Anonymous Observations | โ Yes | โ Streamed only | โ Processed | โ ๏ธ Azure: 30 days (abuse monitoring) |
| Your Email (for login) | โ Yes | โ Yes | โ No | โ 12 months after last activity |
* School names and class identifiers should not be included in observations. Our redaction focuses on student names and diagnoses.
Diagnosis Generalisation: Why "ADHD" Becomes "Attention Regulation Needs"
Even with names removed, specific diagnoses could theoretically help identify a student in a small school. We address this with an additional layer: condition generalisation.
Before (What You Type)
"The student has ADHD and dyspraxia. Recently diagnosed with autism..."
After (What We See)
"[PERSON_1] has attention regulation needs and motor coordination difficulties. Recently identified with social communication needs..."
This is based on HIPAA-endorsed generalisation techniques for de-identification. The AI can still suggest relevant interventions because it understands the functional needs, but re-identification risk is dramatically reduced.
GDPR Compliance Summary
Article 5(1)(c) - Data Minimisation
ExceededAI processing uses only anonymised, generalised text. Stored data is end-to-end encrypted - we cannot access it.
Article 9 - Special Category Data
CompliantStudent data is encrypted end-to-end (AES-256-GCM). AI processing only receives anonymised, generalised text. Encryption satisfies Article 32 security measures.
Article 17 - Right to Erasure
SupportedDelete your data anytime from your account. On account deletion, all encrypted data is permanently removed. Account data deleted 12 months after last activity.
Article 44 - International Transfers
CompliantAll processing occurs within the EU data zone. No student data is transferred outside the EEA.
For Your Data Protection Officer
Do we need a DPIA? SENScribe has conducted a Data Protection Impact Assessment for our encrypted sync service. We recommend schools document SENScribe in their Register of Processing Activities. Read our DPIA.
Is SENScribe a Data Processor? Yes. We store encrypted Student Support Files on behalf of teachers. However, we cannot decrypt this data - only the teacher holds the decryption key. Read our Data Processing Agreement.
What about the AI provider?Microsoft Azure OpenAI Service operates under Microsoft's standard Data Processing Addendum, which includes GDPR SCCs. Data sent to Azure OpenAI is not used to train models. For abuse monitoring purposes, Microsoft may retain prompts for up to 30 days - but since we strip all identifiable information before transmission, this only affects anonymised, generalised text.
Technical Implementation Details
- Client-Side Redaction: Our proprietary privacy engine runs entirely in your browser, using multiple detection layers including natural language processing and machine learning to identify and replace names, phone numbers, emails, PPS numbers, dates, eircodes, addresses, and professional registration numbers.
- Condition Generalisation: Specific diagnoses are automatically mapped to functional categories aligned with Department guidance, ensuring medical terminology is replaced with needs-based descriptions before transmission.
- End-to-End Encryption: Student Support Files are encrypted with AES-256-GCM on your device using a key derived from your data password. Encrypted data is synced to our servers in Ireland for multi-device access. We cannot decrypt your data.
- Transport Security: All communication uses HTTPS/TLS 1.2+. API endpoints are protected with rate limiting and authentication.
- Data Residency: Azure OpenAI processing occurs within the European Union data zone (DataZoneStandard deployment). Account data is stored in Azure Cosmos DB in North Europe (Ireland).
Ready to Try SENScribe?
Start a 14-day free trial to evaluate the tool. No credit card required. Share this whitepaper with your Principal or DPO.