Privacy Policy
Last updated: 26 April 2026
Introduction
At Ask.School we build AI-powered chatbots for schools, and we take the privacy of students, parents, and staff seriously. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and the rights you have over it.
Ask.School is a trading name of Muon Works Ltd, a company registered in England and Wales. References to "we", "us", or "our" mean Muon Works Ltd. References to the "Service" mean the Ask.School platform, including the public ask.school website, the school administrator dashboard, and the chatbots a school deploys.
You can reach our data protection contact at [email protected].
How we relate to your school
Ask.School is sold to schools, not to the public. That means:
- Your school is the data controller for the personal data of its students, parents, and staff. The school decides what chatbots to deploy, who gets access, and what data to load into the platform.
- Ask.School acts as the data processor for that information. We process it under the school's instructions and the Data Processing Agreement we sign with each school. See our Data Processing Agreement.
- Ask.School acts as data controller only for: visitors to our public marketing site, school administrators who sign up for the platform, billing contacts, and our own business operations (sales correspondence, supplier records).
If you are a student, parent, or member of school staff and want to exercise rights over your personal data, please contact your school first — they hold the keys to that data. If they need our help they will route the request to us.
Information we collect
We collect three broad categories of information:
1. Account information (school administrators only). When a school registers, we collect the administrator's name, work email, role, the school's name, address, contact details, and billing details. We use multi-factor authentication for administrator accounts in production.
2. School data provided by the school or, optionally, synced from a school's MIS via Wonde. This may include staff and student names, email addresses, year groups, sites/campuses, class lists, parent–student links, and the user-group memberships that determine which chatbots a person can reach. Personally identifying fields are encrypted at rest.
3. Usage data generated as people use the Service. This includes: chat messages and AI responses (encrypted at rest), uploaded documents, safeguarding alerts, audit logs of who did what in the dashboard, billing events, and aggregate usage metrics (token counts, response times). On the public marketing site only, we collect basic analytics — see our Cookie Policy.
We do not collect a date of birth or age field for any user, and we don't allow students to register directly. Schools manage student access on our platform.
How we use information
We use personal data to:
- Run the Service — host chatbots, generate AI responses, sync MIS rosters, deliver documents, and keep things working.
- Keep accounts secure — authenticate users, prevent abuse, detect fraud, and protect the Service.
- Support safeguarding — automatically scan chat content for safeguarding concerns (self-harm, abuse, exploitation) and alert the school's designated safeguarding lead.
- Communicate with schools — send invitations, password resets, billing emails, security notices, and product updates.
- Improve the Service — review aggregate, de-identified usage to make the platform better. We do not use a school's data to train AI models, and our AI provider does not train on it either.
- Meet legal obligations — keep billing records, respond to lawful requests, and demonstrate compliance with UK GDPR.
The lawful bases we rely on are: contractual necessity (delivering the Service to your school), legal obligation (tax, fraud prevention, safeguarding), and legitimate interests (keeping the Service secure, communicating with administrators, improving the platform). For the public marketing site we rely on consent for non-essential cookies.
Information sharing
We do not sell or rent personal data to anyone, and we do not use it for unrelated marketing.
To deliver the Service we share data with a small set of carefully chosen sub-processors — hosting, AI inference, payment processing, transactional email, and a few others. Each is bound by a written data processing agreement and appropriate transfer safeguards. The full list with locations and safeguards lives at /subprocessors.
A few specifics worth calling out:
- AI processing. Chat messages, the chatbot's system prompt, and any documents the school has loaded are sent to our AI provider (OpenAI) at the moment a response is generated. The system prompt may include the user's name, year group, sites, and parent–student links so the chatbot can tailor its reply. Under OpenAI's API terms, this content is not used to train OpenAI's models and is not retained beyond the request.
- MIS sync. If your school connects Wonde, the data flow is one-way (Wonde → Ask.School) and limited to the fields the school chooses.
- Disclosure required by law. We may disclose data if compelled by court order, regulator, or law-enforcement request, and we will push back on overbroad demands.
- Business transfers. If Muon Works Ltd is acquired or restructured, personal data may transfer as part of the transaction — under the same protections set out here.
Security
We take the security of personal data seriously. Our measures include:
- Encryption in transit using modern TLS.
- Encryption at rest for the database and for sensitive personal-data fields (names, email addresses, chat messages, safeguarding alerts) using authenticated symmetric encryption.
- Multi-tenant isolation at the database layer — every query is automatically filtered to the calling school, so one school cannot see another's data.
- Multi-factor authentication for school administrator accounts in production.
- Encrypted, daily backups retained for 30 days and stored in a separate region.
- Safeguarding and PII guardrails that scan chat input and output before responses are stored or returned.
- Vulnerability management — application dependencies are audited and patched on an ongoing basis through our build and release pipeline.
No system is impenetrable. If a breach occurs we will notify the affected schools without undue delay (and within 72 hours where required).
International transfers
Application servers, the primary database, and our caching layer run with our UK cloud-infrastructure provider in London, UK. Uploaded documents and encrypted backups are stored in object storage in Frankfurt, Germany (EU).
Some sub-processors — most notably OpenAI, Stripe (US legs), and Google Analytics — process data in the United States. These transfers are protected by the UK International Data Transfer Addendum to the EU Standard Contractual Clauses, or by the equivalent Data Privacy Framework where the provider is certified. The full mapping is on the Sub-processors page.
Children's data
Ask.School is built for use at the direction of a school. Schools do not allow students to register on their own; access is provisioned through user groups by school staff or a Wonde MIS sync. The school is responsible for obtaining any consents required under data-protection law, including parental consent for children under 13 in the UK.
Even though students don't sign up directly, our safeguarding monitoring is always active — it cannot be disabled. The Service is designed to comply with the ICO Age-Appropriate Design Code (Children's Code).
If you believe a child's data is on Ask.School and shouldn't be, contact the school first; they can remove the account immediately. You can also email [email protected] and we will help.
Your rights
If you are in the UK, EEA, or another jurisdiction with similar laws, you have the right to:
- access the personal data we hold about you;
- correct inaccurate or incomplete data;
- have your data deleted in certain circumstances;
- restrict or object to processing;
- receive a copy of your data in a portable format;
- withdraw consent where consent is the lawful basis;
- complain to a supervisory authority — in the UK, that is the Information Commissioner's Office.
If you are a student, parent, or staff member, please direct rights requests to your school first. School administrators and our own customers can contact us directly at [email protected].
How long we keep data
We keep personal data only as long as we need it. Concrete defaults:
| Data | Retention |
|---|---|
| Chat sessions and messages | 12 months from last activity, then deleted automatically |
| School and user accounts | For the duration of your school's subscription, then 30 days for export, then deleted |
| Safeguarding alerts | Duration of your school's subscription — schools should export records they need to retain longer (per IRMS guidance) |
| Email logs | 90 days |
| Service call logs | 30 days |
| Guardrail violation logs | 6 months |
| Encrypted database backups | 30 days |
| Billing records | 7 years (UK tax law) |
If your school cancels, you have 30 days to export data before it is permanently deleted.
Cookies
The public ask.school website uses a small number of cookies, including basic analytics. The school dashboard and chatbots only use cookies that are strictly necessary to keep you signed in. Full details are in our Cookie Policy.
Updates to this policy
We may update this Privacy Policy as the Service evolves or the law changes. The effective date at the top of the page tells you when. For material changes we will notify the data protection contact at each school by email at least 30 days before the change takes effect.
Contact
- Data protection enquiries — [email protected]
- General support — [email protected]
- Sales and partnerships — [email protected]
- Postal — Muon Works Ltd, United Kingdom (registered address available on request)