Skip to content
🚀 Launching soon — join the waitlist for early access
Aubis

Privacy Policy

Last updated: February 7, 2026

Aubis provides a family-focused platform to organise Education, Health and Care Plan (EHCP) documents, deadlines and exports. This policy explains how we handle your data under the UK GDPR and the Data Protection Act 2018.

Data Controller

Aubis Ltd (United Kingdom). Contact: nikki@aubis.co.uk

This policy covers aubis.co.uk, the Aubis progressive web app (PWA), and the Aubis mobile apps distributed via the Apple App Store and Google Play Store.

Data We Collect

  • Account & billing: name, email, authentication data, subscription data
  • Child workspace: documents you upload, timeline entries, notes, and metadata you create
  • System data: event logs, device/browser information, and security telemetry
  • AI processing context: see AI Transparency section for precise scope separation

Lawful Bases for Processing

  • Contract: to provide the service you requested (store files, show timelines)
  • Legitimate interests: security, fraud prevention, improving reliability
  • Legal obligation: tax records and compliance
  • Consent: optional features (marketing emails). You can withdraw consent at any time

AI Processing Boundaries

Aubis operates two separate AI systems:

1. Help AI — Platform guidance only

  • Explains features and answers platform questions
  • Does not read your documents
  • Deflects legal questions to the main Guidance area

2. Legal AI — Facts-only document processing

  • Extracts factual information from files you upload
  • Maps content to EHCP sections and builds timelines
  • Flags deadline passed states using statutory timeframes
  • Never provides legal advice or strategic recommendations

This separation is enforced in design, infrastructure and copy policy.

Third-Party AI Processing

To power the AI features described above, Aubis sends data to Anthropic (the maker of Claude) via their commercial API. This means that when Legal AI processes your uploaded documents, the content is sent to Anthropic's servers for analysis and the response is returned to Aubis.

Here is what you should know about how Anthropic handles that data:

  • No training on your data: Aubis uses Anthropic's commercial API, which is governed by their commercial terms. Your inputs and outputs are never used to train AI models.
  • Short retention: Under Anthropic's API terms, inputs and outputs are automatically deleted from their systems within a short retention window (currently 7 days) unless required by law or to enforce their usage policy.
  • US-based processing: Anthropic is based in the United States. This means your document content is transferred outside the UK for processing. We rely on appropriate safeguards (UK IDTA / Standard Contractual Clauses) to protect this transfer.
  • Only what is needed: We send only the document content necessary for the specific AI task. We do not send your account details, billing information, or data from other children's workspaces.

Help AI queries (platform guidance) are also processed via Anthropic's API but do not include any of your uploaded documents or personal case information.

App Store Distribution and In-App Purchases

Aubis is available as a progressive web app (PWA) installed from aubis.co.uk, and as a native app from the Apple App Store and Google Play Store. Depending on how you access Aubis:

  • Web and PWA: Subscriptions are processed by Stripe. Aubis receives your email and a payment token; we do not see or store full card details.
  • Apple App Store: Subscriptions are processed by Apple. Aubis receives a purchase receipt to verify your entitlement. Apple's own privacy policy governs how Apple handles your payment data.
  • Google Play Store: Subscriptions are processed by Google. Aubis receives a purchase token to verify your entitlement. Google's own privacy policy governs how Google handles your payment data.

Regardless of platform, a single subscription unlocks Aubis across all your devices. We sync only your entitlement status, not your payment details, across platforms.

Anonymised Data and Aubis Data

Aubis Data is a public transparency dashboard showing how the EHCP system is performing across Local Authorities. It uses anonymised, aggregated data derived from timeline events within the platform — such as statutory deadlines, breach rates, and response times.

Opt-in only: Contributing to Aubis Data is entirely optional. You must manually enable data contribution, and you can revoke your consent at any time. If you revoke, your data is excluded from the next nightly aggregation run.

Anonymised at source: No personal information ever leaves your private workspace. Aubis Data contains no names, email addresses, school identifiers, document content, medical information, diagnoses, or free text. Only minimal event-level facts are captured (event type, Local Authority code, dates, and status).

Safeguards against re-identification: Data is published at Local Authority level only. We enforce a minimum sample size (n≥25) before publishing any statistics for a given authority. A rolling 90-day window is used to reduce outlier risk. No combination of published fields can be used to identify an individual.

Transparency: Our methodology, definitions, and caveats (including selection bias) are published alongside the dashboard. The anonymisation process is subject to quarterly independent review.

Because published Aubis Data is fully anonymised, UK GDPR does not strictly apply to the published outputs. We maintain consent for transparency and trust.

Aubis Data insights are shared publicly through dashboards and reports to help parents, professionals, researchers, and policymakers understand how the EHCP system is working in practice. Questions? Contact nikki@aubis.co.uk.

Children's Data

Parents and carers control which documents are uploaded to the child's workspace. Do not upload information you do not have authority to share.

Data Retention

We keep account and workspace data while your subscription is active. Backups and audit records are retained for limited periods for safety and compliance. You can request deletion of your account data at any time; some records may be retained where required by law.

Data Sharing and International Transfers

We use the following sub-processors to operate Aubis:

  • Vercel (US) — website and app hosting/CDN
  • Render (US) — API server hosting
  • MongoDB Atlas (configurable region) — database
  • Anthropic (US) — AI document processing and platform assistance (see Third-Party AI Processing above)
  • Postmark (US) — transactional email
  • Stripe (US) — web and PWA payment processing
  • Google Play (US) — Android app distribution and subscriptions
  • Apple App Store (US) — iOS app distribution and subscriptions (future)

Where sub-processors are located outside the UK, we rely on appropriate safeguards (such as UK IDTA / Standard Contractual Clauses) to protect international transfers. We do not sell your data to third parties.

Our Approach to Data Protection

Aubis is built around a privacy-by-design principle. We handle sensitive family information about children with special educational needs, and we take that responsibility seriously. Here is how that commitment works in practice:

  • Encryption everywhere: Your data is encrypted in transit (TLS 1.3) and at rest (AES-256). Exported document bundles are password-protected and auto-deleted from our servers after download or after 7 days, whichever comes first.
  • Two-factor authentication: 2FA is required at login to the platform, regardless of how you access it (web, PWA, or mobile app). This protects your account even if your password is compromised.
  • AI isolation: Aubis runs two completely separate AI systems — Help AI (platform guidance) and Legal AI (document analysis). They do not share data, token pools, or processing infrastructure. Each requires separate consent.
  • Minimal logging: Our security systems never log raw email addresses or IP addresses. Where security logs are needed, we use rotating-salt hashing and retain logs for a maximum of 14 days unless an active incident requires longer.
  • Defined retention: Your workspace data is kept while your subscription is active. After cancellation, data enters a 30-day grace period (read-only with export available), then moves to compressed archive. At Year 22 of the child's EHCP journey, we send you a full encrypted export of your archived data by email before deletion. Nothing is auto-deleted without notice.
  • Tamper-evident audit trails: All sensitive actions (uploads, exports, AI processing, account changes) are logged with cryptographic verification so records cannot be altered after the fact.
  • Your data, your control: You can download a full copy of your data or request deletion at any time. Deletion requests trigger an encrypted export to you before your data is removed.

Your Rights

You can request access, rectification, erasure, restriction, data portability, and object to certain processing. To exercise a right, contact nikki@aubis.co.uk. You can complain to the ICO, but please contact us first so we can help.

Contact

Data Protection: nikki@aubis.co.uk

We may update this policy; changes will appear here with a new "Last updated" date.

Factual information only — not legal advice

Cookies on Aubis

We use essential cookies to make our site work, plus optional analytics to improve the service.

Cookies Policy · Privacy Policy