Data Protection
How we protect and secure your personal information and data
Last Updated: 4th June 2025
Implementation: This policy takes effect immediately upon publication on 4th June 2025 and applies to all data protection activities.
At AI Lesson Planner, operated by Mind Bloom Learning, we take our responsibility for protecting personal data seriously. Our platform is designed around the principles of privacy by design and by default, and we support full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This page sets out key information for individual users, schools, and organisations carrying out a Data Protection Impact Assessment (DPIA). For specific queries, contact us at support@mindbloomlearning.com or through our contact form.
Key Data Protection Principles
We follow the 7 data protection principles set out in UK law:
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Accuracy
- Storage limitation
- Integrity and confidentiality
- Accountability
These principles guide every element of our platform's design and operation.
When We Act as Data Controller
We are the Data Controller for:
- User registration information (e.g. name, email)
- Account and subscription records (via Stripe)
- Lesson generation history and preferences
- Support and feedback communications
- Optional teaching information (e.g. role, years of experience, key challenges)
We store this data securely on encrypted databases hosted via Neon. We retain it while your subscription is active, and for 24 months after cancellation or inactivity, after which all data is automatically deleted.
We never sell or share your personal data for advertising or analytics.
When We Act as Data Processor
We act as a Data Processor when you use our tools to generate lesson plans using free-text inputs. In these cases:
- You are the Data Controller for any personal data included in your input
- We process that data only to generate the output requested
- This processing is covered by our Data Processing Agreement
We strongly discourage entering any personally identifiable information (PII) such as pupil names, SEN status, or health data. Our system provides reminders to use anonymised placeholders where necessary.
Data Minimisation and User Responsibility
The AI Lesson Planner platform is designed so that no real pupil data is needed. Teachers are responsible for ensuring that:
- Personal data is minimised or anonymised
- Their use complies with school or organisational data protection policies
- They follow any relevant DPIA procedures and safeguard pupil rights
If you input personal data, you must ensure you have a lawful basis for doing so.
Lesson Generation Pipeline
Lesson plans are generated through a multi-stage AI process designed to ensure quality, safety and educational relevance:
- Inputs are first automatically screened using OpenAI's Moderation API, which checks for potentially harmful, unsafe, or inappropriate content
- If flagged, the content is blocked and not processed
- Accepted input is then passed through a scaffolded prompt-engineering pipeline using our internal guidance based on the UK curriculum and pedagogical frameworks
- OpenAI's GPT-4 API generates structured lesson output
- Final content is stored in a secure database for user access and download
This architecture ensures lessons are standardised, age-appropriate, and educationally sound — and adds an essential safeguarding layer.
Use of OpenAI
We use the OpenAI API (not ChatGPT or Playground). This means:
- User inputs and outputs are not used to train or improve OpenAI's models
- Input data is transmitted securely, used briefly to generate content, then discarded by OpenAI
- We use only OpenAI's enterprise-grade API, with additional moderation and controls
- OpenAI acts as a sub-processor under our Data Processing Agreement
We do not use your data for model improvement or training, and no third-party AI vendors receive your data.
Reviewing Outputs and Support Requests
We do not monitor or manually review user-generated content unless:
- You request assistance via support@mindbloomlearning.com, or
- You report an issue with a lesson that requires us to investigate
We do not use lesson outputs for analytics or development unless you explicitly give permission.
Data Hosting and Storage Locations
Your data is securely stored using the following providers:
Service | Purpose | Hosting Region |
---|---|---|
Neon | Database (user data, lessons) | EU/US (UK safeguards in place) |
Vercel | Frontend hosting | Global (EU/US) |
Stripe | Payment processing | EU/US |
OpenAI | AI model inference | US only |
All providers meet strong international data security standards (e.g. SOC 2, ISO 27001). Data is encrypted both in transit (TLS) and at rest (AES-256).
Intellectual Property
All content generated using AI Lesson Planner remains your property. You retain full rights to use, edit, share, and delete lesson content. We do not reuse or republish your inputs or outputs for any purpose.
Safeguarding, Bias and Discrimination
We cannot guarantee that AI-generated content will be free from bias, inaccuracy, or hallucination. However, we mitigate these risks through:
- Multiple AI stages to structure and constrain output
- Input moderation for safeguarding risks
- Prompt reminders not to enter personal or sensitive data
- Tools that allow users to revise, refine or regenerate content
Teachers are responsible for reviewing content before delivery and ensuring it aligns with safeguarding and equality requirements.
Supporting DPIAs and School Use
We support schools completing Data Protection Impact Assessments (DPIAs). You can request the following:
- Privacy Policy
- Data Processing Agreement (DPA)
- Terms and Conditions
We encourage Data Controllers (schools or organisations) to set local rules about AI use and to monitor how lesson data is entered and reviewed.
Emergency Contact
For urgent legal, safety, or data protection concerns, contact: support@mindbloomlearning.com
For DPIA support and data protection queries: support@mindbloomlearning.com