Security

Last updated: January 2026.

This page gives a plain-language overview of how we approach security for SEN-Ed. SEN-Ed is a trading name of The Send Tech Company Ltd. Company number 16756429. Registered in England and Wales. SEN-Ed is an education service for UK schools and is not intended for use by children directly.

We never ask for your password by email or by phone. Log in only via schools.sen-ed.co.uk or your school’s bookmarked address.

Hosting and infrastructure

The service is hosted on Google Firebase. Data is stored in regions appropriate for UK/EU use. Firebase provides encryption in transit and at rest, and we do not disable these.

Access control

Access to the application is controlled by authentication. School and role-based rules restrict what users can see and do. We follow the principle of least privilege for backend access.

Data in transit and at rest

Traffic between your browser and our services uses HTTPS. Data stored in our databases is encrypted at rest by the underlying platform.

Secrets and configuration

API keys and other secrets are stored in secure configuration (e.g. secret manager) and are not exposed in client-side code or public repositories.

Reporting security issues

If you believe you have found a security issue, please report it responsibly. See our security.txt file for contact and disclosure preferences.