Skip to content
🚀 Launching soon — join the waitlist for early access
Aubis

Privacy Policy

Last updated: November 8, 2025

Aubis provides a family-focused platform to organise Education, Health and Care Plan (EHCP) documents, deadlines and exports. This policy explains how we handle your data under the UK GDPR and the Data Protection Act 2018.

Data Controller

Aubis Ltd (United Kingdom). Contact: nikki@aubis.co.uk

This policy covers aubis.co.uk and the Aubis apps.

Data We Collect

  • Account & billing: name, email, authentication data, subscription data
  • Child workspace: documents you upload, timeline entries, notes, and metadata you create
  • System data: event logs, device/browser information, and security telemetry
  • AI processing context: see AI Transparency section for precise scope separation

Lawful Bases for Processing

  • Contract: to provide the service you requested (store files, show timelines)
  • Legitimate interests: security, fraud prevention, improving reliability
  • Legal obligation: tax records and compliance
  • Consent: optional features (marketing emails). You can withdraw consent at any time

AI Processing Boundaries

Aubis operates two separate AI systems:

1. Help AI — Platform guidance only

  • Explains features and answers platform questions
  • Does not read your documents
  • Deflects legal questions to the main Guidance area

2. Legal AI — Facts-only document processing

  • Extracts factual information from files you upload
  • Maps content to EHCP sections and builds timelines
  • Flags deadline passed states using statutory timeframes
  • Never provides legal advice or strategic recommendations

This separation is enforced in design, infrastructure and copy policy.

Children's Data

Parents and carers control which documents are uploaded to the child's workspace. Do not upload information you do not have authority to share.

Data Retention

We keep account and workspace data while your subscription is active. Backups and audit records are retained for limited periods for safety and compliance. You can request deletion of your account data at any time; some records may be retained where required by law.

Data Sharing and International Transfers

We use reputable sub-processors for hosting, email, and payments. Some services may be located outside the UK; where so, we rely on appropriate safeguards (such as UK IDTA / SCCs). A current list of sub-processors is available on request.

Security

We apply encryption in transit and at rest, strong authentication (including 2FA) and continuous monitoring. We also maintain tamper-evident audit trails for sensitive actions.

Your Rights

You can request access, rectification, erasure, restriction, data portability, and object to certain processing. To exercise a right, contact nikki@aubis.co.uk. You can complain to the ICO, but please contact us first so we can help.

Contact

Data Protection: nikki@aubis.co.uk

We may update this policy; changes will appear here with a new "Last updated" date.

Factual information only — not legal advice

Cookies on Aubis

We use essential cookies to make our site work, plus optional analytics to improve the service.

Cookies Policy · Privacy Policy