Skip to content
Education Host

Trust & security

Data protection

How Education Host handles data protection: UK-hosted infrastructure, UK GDPR-aligned operations, published privacy policy, data categories and contractual terms confirmed during procurement.

Education Host operates in line with UK GDPR. Customer data on managed hosting sits on UK data-centre infrastructure (6DG Birmingham Central), the categories of personal data we process are set out in our published Privacy Policy, and deployment-specific data-processing terms are confirmed with your institution during procurement.

What data is processed?

The categories of personal data Education Host processes as a data controller — account, profile, service, usage, enquiry and correspondence data — are set out in the published Privacy Policy, along with the lawful bases, retention approach and your rights. Platform deployments typically process the institutional user data needed to operate accounts: names, institutional email addresses, course/module membership and service activity.

Websites and coursework that students publish on hosted services are controlled by the institution and its users; Education Host provides the governed infrastructure they run on.

Where is data hosted?

Managed hosting is delivered from UK data-centre infrastructure — the 6DG Birmingham Central facility operated by Six Degrees, which holds facility certifications including ISO 27001. Education Host is UK-based and supports institutions internationally.

How is access to personal data limited?

Platform access is role-based, so personal data is visible only to the roles that need it — lecturers see their own cohorts, administrators see their institution, and students see their own services. Institutional sign-in (Microsoft Entra where supported) keeps authentication under your identity governance.

What about contractual terms and data-processing agreements?

Deployment-specific data-processing terms are agreed with each institution as part of procurement. If your institution requires a data-processing agreement or a completed supplier assessment, raise it during scoping — we work through institutional documentation as part of onboarding rather than publishing a one-size-fits-all document.

Data protection — frequently asked questions

Direct answers for IT, security, procurement and teaching teams.

Is Education Host UK GDPR compliant?
Education Host operates in line with UK GDPR. The published Privacy Policy sets out the data we process, the lawful bases, retention and your rights, and deployment-specific terms are confirmed with your institution during procurement.
Where is our data stored?
Managed hosting runs on UK data-centre infrastructure at the 6DG Birmingham Central facility. Education Host is a UK company (registered in England, no. 09377245).
Who can see student data?
Access is role-based: students see their own services, lecturers see their own cohorts and administrators see their institution. Education Host support access is limited to operating and supporting the service.
Do you have a data-processing agreement?
Data-processing terms are agreed per institution during procurement, alongside any supplier assessments your institution requires. Raise documentation requirements during scoping and we will work through them as part of onboarding.
Where can I read the privacy policy?
The full Privacy Policy is published at /legal/privacy-policy, including data categories, lawful bases, cookies, retention and how to exercise your rights.
Talk to Education Host

Every deployment starts with a conversation

Tell us about your institution, modules and requirements — we will answer the technical and commercial questions honestly, including where something is not the right fit.