How SENScribe Protects Student Data
Last updated: 1 February 2026
A plain-English technical guide to our zero-knowledge architecture. Share this with your Principal, DPO, or IT administrator.
Executive Summary (30 seconds)
The Problem: Teachers need AI help with paperwork, but sending student names to cloud services creates GDPR risk.
Our Solution: Student names and diagnoses are detected and replaced in the teacher's browser before any data is transmitted. Our servers only receive anonymous text like "[PERSON_1] has attention regulation needs."
The Result: Teachers get AI-powered drafts. Schools get zero data liability. SENScribe literally cannot identify students because we never see their names.
How the Zero-Knowledge Architecture Works
You Type in Your Browser
You enter your observations including student names. This text exists only in your browser's memory.
Names Are Detected & Replaced
Our JavaScript code runs locally in your browser, detecting names and replacing them with placeholders like [PERSON_1].
Diagnoses Are Generalised
Specific conditions like 'ADHD' or 'dyslexia' are replaced with functional categories like 'attention regulation needs'.
Only Anonymous Text Is Sent
The redacted, generalised text is sent to our servers. We literally cannot see who the student is.
AI Generates the Draft
Microsoft Azure OpenAI (within the EU data zone) generates professional language based on the anonymous context.
Names Are Restored Locally
The response returns to your browser where our code swaps [PERSON_1] back to the real name. Names never left.
What Data Goes Where
| Data Type | Your Device | SENScribe Servers | Microsoft Azure | Stored? |
|---|---|---|---|---|
| Student Names | ✅ Yes | ❌ Never | ❌ Never | ❌ Never |
| Specific Diagnoses (ADHD, ASD, etc.) | ✅ Yes | ❌ Never | ❌ Never | ❌ Never |
| School Name / Class | ✅ Yes | ❌ Never* | ❌ Never* | ❌ Never |
| Generalised Needs (e.g., 'attention regulation needs') | ✅ Yes | ✅ Streamed only | ✅ Processed | ⚠️ Azure: 30 days (abuse monitoring) |
| Anonymous Observations | ✅ Yes | ✅ Streamed only | ✅ Processed | ⚠️ Azure: 30 days (abuse monitoring) |
| Your Email (for login) | ✅ Yes | ✅ Yes | ❌ No | ✅ 12 months after last activity |
* School names and class identifiers should not be included in observations. Our redaction focuses on student names and diagnoses.
Diagnosis Generalisation: Why "ADHD" Becomes "Attention Regulation Needs"
Even with names removed, specific diagnoses could theoretically help identify a student in a small school. We address this with an additional layer: condition generalisation.
Before (What You Type)
"The student has ADHD and dyspraxia. Recently diagnosed with autism..."
After (What We See)
"[PERSON_1] has attention regulation needs and motor coordination difficulties. Recently identified with social communication needs..."
This is based on HIPAA-endorsed generalisation techniques for de-identification. The AI can still suggest relevant interventions because it understands the functional needs, but re-identification risk is dramatically reduced.
GDPR Compliance Summary
Article 5(1)(c) - Data Minimisation
ExceededWe collect no student data at all. Names and diagnoses are stripped before transmission.
Article 9 - Special Category Data
Not ApplicableHealth data (diagnoses) never leaves the browser. Generalised functional descriptions are not special category data.
Article 17 - Right to Erasure
AutomaticStudent data is never stored by SENScribe. Account data deleted 12 months after last activity. Azure retains anonymised prompts for 30 days (abuse monitoring).
Article 44 - International Transfers
CompliantAll processing occurs within the EU data zone. No student data is transferred outside the EEA.
For Your Data Protection Officer
Do we need a DPIA? Under GDPR Article 35, a Data Protection Impact Assessment is required when processing is "likely to result in a high risk" to individuals. Since SENScribe's architecture ensures no identifiable student data reaches our servers, the processing risk is minimal. However, we recommend documenting SENScribe in your school's Register of Processing Activities for transparency.
Is SENScribe a Data Processor? Technically, yes for the anonymous generalised text we stream through our servers. However, since we process no identifiable data, the scope of our data processing agreement is limited to operational data (your email, usage counts). We are happy to provide a DPA on request.
What about the AI provider? Microsoft Azure OpenAI Service operates under Microsoft's standard Data Processing Addendum, which includes GDPR SCCs. Data sent to Azure OpenAI is not used to train models. For abuse monitoring purposes, Microsoft may retain prompts for up to 30 days - but since we strip all identifiable information before transmission, this only affects anonymised, generalised text.
Technical Implementation Details
- Client-Side Redaction: Our proprietary privacy engine runs entirely in your browser, using multiple detection layers including natural language processing and machine learning to identify and replace names, phone numbers, emails, PPS numbers, dates, eircodes, addresses, and professional registration numbers.
- Condition Generalisation: Specific diagnoses are automatically mapped to NCSE-aligned functional categories, ensuring medical terminology is replaced with needs-based descriptions before transmission.
- No Local Storage: Redacted text is held only in browser memory during the session. We do not use localStorage, IndexedDB, or cookies for student data.
- Transport Security: All communication uses HTTPS/TLS 1.2+. API endpoints are protected with rate limiting and authentication.
- Data Residency: Azure OpenAI processing occurs within the European Union data zone (DataZoneStandard deployment). Account data is stored in Azure Cosmos DB in North Europe (Ireland).
Ready to Try SENScribe?
Get 3 free drafts to evaluate the tool. No credit card required. Share this whitepaper with your Principal or DPO.