PECTECH
Try Phoenix Ember →

Privacy Policy

Last updated 29 May 2026

The Phoenix Wellbeing Tracker ("the Service") is provided by Phoenix Education Consultancy, trading as PECTECH ("we", "us"). This policy explains how we handle personal data when your school uses the Service. It applies to school staff, trust users, and the parents and pupils whose information is processed in the Service.

Who is responsible for your data

When a school or trust uses the Service, the school (or trust) is the data controller for the pupil and staff data it enters — they decide why and how it is used. PECTECH is the data processor, acting on the school's documented instructions under a data processing agreement. For our own business contacts (for example, enquiries from this website) PECTECH is the controller.

What data we process

On behalf of schools, the Service processes:

  • Pupil records — name, year group, date of birth, and identifiers such as a UPN.
  • Wellbeing data — assessment scores across the eight Phoenix domains, observations, interventions and notes. Some of this is special category data concerning a child's social, emotional and mental health.
  • Staff accounts — name, email, role and authentication data.
  • Parent accounts — name, email and the pupils linked to them.

We do not use pupil or wellbeing data for advertising, for profiling unrelated to a child's support, or for any purpose beyond delivering the Service to the school.

Lawful basis

Schools determine the lawful basis for processing pupil data, typically the performance of a public task (safeguarding and promoting pupil welfare) under the UK GDPR, with special category data processed on the basis of substantial public interest in the safeguarding of children. PECTECH processes this data only to provide the Service under the school's instructions.

How data is stored and secured

  • All data is hosted in the United Kingdom (AWS London region) and is not transferred outside the UK.
  • Data is encrypted in transit and at rest.
  • Access is role-based: staff see only the pupils their role and relationships permit, enforced at the database level.
  • Passwords are stored using strong one-way hashing; we never store them in plain text.
  • Actions on records are audit-logged.

Safeguarding flags

Where the Service prompts staff to consider a safeguarding concern, that prompt is never stored, logged or reported within the Service — it exists only to direct staff to their school's own safeguarding process.

Sharing and sub-processors

We do not sell personal data. We share it only with infrastructure sub-processors who help us run the Service (for example, our UK cloud-hosting and email-delivery providers), each under contract and bound to equivalent data-protection obligations. A current list of sub-processors is available from your school on request.

Retention

PECTECH retains data for as long as the school's subscription is active and the school instructs us to hold it. On termination, data is deleted or returned in line with the data processing agreement. Schools set their own retention rules for pupil records in line with statutory guidance.

Your rights

Individuals have rights under the UK GDPR, including access, rectification, erasure, restriction and objection. Because the school is the controller of pupil and staff data, requests should be made to your school, which we will support as processor. For data where PECTECH is the controller, contact us directly.

Children's data

The Service is used by school staff, not directly by pupils, and is designed around the protection of children's data. We apply data minimisation and the security measures above specifically because children's special category data is involved.

Cookies

The Service uses only the strictly necessary cookies required to keep you signed in and secure. We do not use advertising or third-party tracking cookies.

Contact

For questions about this policy or how data is handled, contact hello@pectech.org. You also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.