Trust & security
Data protection
How Education Host handles data protection: UK-hosted infrastructure, UK GDPR-aligned operations, published privacy policy, data categories and contractual terms confirmed during procurement.
Education Host operates in line with UK GDPR. Customer data on managed hosting sits on UK data-centre infrastructure (6DG Birmingham Central), the categories of personal data we process are set out in our published Privacy Policy, and deployment-specific data-processing terms are confirmed with your institution during procurement.
What data is processed?
The categories of personal data Education Host processes as a data controller — account, profile, service, usage, enquiry and correspondence data — are set out in the published Privacy Policy, along with the lawful bases, retention approach and your rights. Platform deployments typically process the institutional user data needed to operate accounts: names, institutional email addresses, course/module membership and service activity.
Websites and coursework that students publish on hosted services are controlled by the institution and its users; Education Host provides the governed infrastructure they run on.
Where is data hosted?
Managed hosting is delivered from UK data-centre infrastructure — the 6DG Birmingham Central facility operated by Six Degrees, which holds facility certifications including ISO 27001. Education Host is UK-based and supports institutions internationally.
How is access to personal data limited?
Platform access is role-based, so personal data is visible only to the roles that need it — lecturers see their own cohorts, administrators see their institution, and students see their own services. Institutional sign-in (Microsoft Entra where supported) keeps authentication under your identity governance.
What about contractual terms and data-processing agreements?
Deployment-specific data-processing terms are agreed with each institution as part of procurement. If your institution requires a data-processing agreement or a completed supplier assessment, raise it during scoping — we work through institutional documentation as part of onboarding rather than publishing a one-size-fits-all document.
Data protection — frequently asked questions
Direct answers for IT, security, procurement and teaching teams.
- Is Education Host UK GDPR compliant?
- Education Host operates in line with UK GDPR. The published Privacy Policy sets out the data we process, the lawful bases, retention and your rights, and deployment-specific terms are confirmed with your institution during procurement.
- Where is our data stored?
- Managed hosting runs on UK data-centre infrastructure at the 6DG Birmingham Central facility. Education Host is a UK company (registered in England, no. 09377245).
- Who can see student data?
- Access is role-based: students see their own services, lecturers see their own cohorts and administrators see their institution. Education Host support access is limited to operating and supporting the service.
- Do you have a data-processing agreement?
- Data-processing terms are agreed per institution during procurement, alongside any supplier assessments your institution requires. Raise documentation requirements during scoping and we will work through them as part of onboarding.
- Where can I read the privacy policy?
- The full Privacy Policy is published at /legal/privacy-policy, including data categories, lawful bases, cookies, retention and how to exercise your rights.
Every deployment starts with a conversation
Tell us about your institution, modules and requirements — we will answer the technical and commercial questions honestly, including where something is not the right fit.
