Sendient Privacy Notice (UK)
Effective: 4 November 2025
- Scope
This privacy notice explains how Sendient.ai (“Sendient”, “we”, “our”) collects, uses, and protects your personal information. It applies to all users of our products and services, including SmartEducator, SmartDetector, SmartAssessor, and our internal HR systems.
- Aboutus
Sendient provides AI-driven assessment and compliance products and services. Our headquarters are in the UK (Southam, Warwickshire), and we deliver services globally.
Controller vs Processor roles
- Controller: For SmartDetector and for our own HR/employee data, Sendient is the Data Controller.
- Processor: For SmartEducator and SmartAssessor, we act as a Data Processor on behalf of schools, teachers, or corporate clients, who are the Controllers.
- Contactus
- Post: Sendient, Stoneythorpe Hall, Southam, Warwickshire, CV47 2DL
- Email (data rights & DPO): datacontroller@sendient.ai
- Concerns/complaints: ClientSuccess@sendient.ai
- ICO contact: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Helpline: 0303 123 1113. Website: https://www.ico.org.uk
- What Informationwecollect and why
We collect or process the following categories, depending on the service:
- SmartEducator (Processor): student submissions, names, identifiers, assessment content, grades, feedback.
- SmartDetector (Processor): text content submitted by users; may include incidental identifiers.
- SmartAssessor (Processor): employee/engineer form inputs, compliance data, audit evidence, interview videos/transcripts, certificates.
- HR (Controller): employment records, payroll/welfare data, performance reviews.
- Support & Marketing: names, contact details, preferences, interaction logs.
- Recruitment: contact details, CVs, education, employment history, right-to-work information.
- How We Obtain Personal Data
- Directly from you when registering, using services, or contacting us.
- Indirectly via schools, employers, or clients who upload data.
- Referrals or marketing lists (with consent).
- Automatically via cookies/analytics (see Cookie Policy).
- Lawfulbases forprocessing
- Contractual necessity: where processing is required to deliver a service under contract (e.g. employment, school or client contracts).
- Legal obligation: e.g. payroll, tax, safeguarding.
- Legitimate interests: e.g. product safety, academic integrity, fraud prevention.
- Consent: where required, e.g. for marketing or optional surveys.
- Special category data: processed only where necessary for employment law or with explicit consent.
Automated decision-making: SmartEducator and SmartDetector outputs are advisory only and always subject to human oversight. No solely automated decisions with legal or significant effects are made.
- Recipients of Personal Data
We may share data with trusted suppliers acting under contract, including:
- Microsoft Azure (hosting, AI processing — UK/EU data centres, region-locked).
- BrightHR (HR platform for employees).
- Stripe (payment processing).
- Kinde (authentication).
- Marketing and event service providers.
All suppliers are bound by contracts and data protection agreements.
- Internationaltransfers
Where data is transferred outside the UK (e.g. Azure Sweden), safeguards apply via UK adequacy decisions or contractual clauses. Under DUAA 2025, we ensure that protections are not materially lower than UK standards.
- Retention
We retain data only as long as necessary for the purpose collected:
- Student/assessment data: 2 years after contract end (unless earlier deletion requested).
- HR/payroll data: 6 years post-employment (statutory).
- Marketing data: until consent withdrawn.
- Recruitment data: up to 12 months after process completion.
- 10. How Third-Party Services Access and Use Data
- We only use third-party processors necessary to deliver SmartEducator services.
- We do not sell student or teacher data.
- We require all processors to meet or exceed UK GDPR, FERPA, COPPA, and regional education privacy standards.
- Microsoft Azure (Hosting & Processing)
| Category | Details |
| Data Accessed | • Student work, assessment content, teacher inputs, and account identifiers stored/processed on Azure • Metadata needed for application delivery, analytics, and security logging |
| Data Usage | • Used solely to run SmartEducator ,SmartAssessor and SmartDetector services and provide AI-assisted marking and feedback • AI models hosted in the UK/EU/US are used only when student data is processed in the user's chosen region |
| Data Sharing | • No sharing of customer content outside Sendient systems • No data used by Microsoft for model training or product improvement |
| Data Storage & Protection | • All data encrypted in transit and at rest • Hosted in Microsoft Azure under enterprise-grade security • UK/EU users’ data hosted within UK/EU region unless explicitly chosen otherwise |
| Data Retention & Deletion | • Retained only for duration of school contract or as otherwise instructed • Full secure deletion within 90 days of contract termination • Deletion requests honoured via school administrator |
- Microsoft Azure AI Models (UK, Sweden, US)
| Category | Details |
| Data Accessed | • Assignment content, Student Submissions and metadata used for AI-assisted grading workflows • Only data necessary for model operation is transmitted |
| Data Usage | • Used solely to carry out marking, feedback, mark scheme/rubric alignment, and analytics • No data used to train Microsoft's general AI models |
| Data Sharing | • No sharing with Microsoft or external parties beyond model inference • Processing only — no retention outside Sendient systems |
| Data Storage & Protection | • Processing within Azure secure environments • Models operate with encryption and strict access controls |
| Data Retention & Deletion | • Data only passed temporarily to AI models for inference • No persistence beyond processing event |
- Google Drive (via Edlink Integration)
| Category | Details |
| Data Accessed | • Read-only access to assignment files and submissions stored in Google Drive
• Only for authorised teachers and classes synced via Edlink • Access limited to specific files linked to assignments |
| Data Usage | • Files retrieved only when a teacher chooses to use AI-assisted grading
• Used solely to support marking workflows and return feedback to the school |
| Data Sharing | • Shared only within the contracted school organisation
• No third-party sharing beyond Google/Edlink processing |
| Data Storage & Protection | • Files stored in encrypted Azure storage
• Only stored if teacher explicitly requests AI grading • Role-based access ensures access only for authorised school users |
| Retention & Deletion | • Retained only during contract or teacher opt-in
• Deleted within 90 days after contract termination or school request • Teachers may request deletion anytime |
- Edlink (Integration partner for Google Classroom & Microsoft Teams)
| Category | Details |
| Data Accessed | • Student rosters, class metadata, assignment IDs, and submission links
Apart from Google Classroom (where Google Drive is used), Student submissions and Assignments plus other assignment materials are also accessed |
| Data Usage | • Used solely to sync students, classes, assignments and student submissions for SmartEducator workflows • No use for advertising, profiling, or analytics beyond school-approved functions |
| Data Sharing | • Data shared only between the school, Edlink, and SmartEducator • No sharing with external third parties |
| Data Storage & Protection | • Edlink securely stores integration metadata and access tokens • Transport encrypted; GDPR/FERPA compliant |
| Data Retention & Deletion | • Data retained only while integration is active • Removal occurs when school disables integration or contract ends |
- Microsoft Teams for Education
| Category | Details |
| Data Accessed | • Class roster data, assignments, submissions, and associated metadata • Access only with school authorization via Edlink or direct integration |
| Data Usage | • Accessed to retrieve and process student submissions for marking • Only teachers and authorised school staff can initiate transfers |
| Data Sharing | • No external sharing beyond school workflow • Access strictly limited to authorised school users |
| Data Storage & Protection | • Files stored only if teacher opts into AI marking • Stored securely in Azure with encryption and RBAC |
| Data Retention & Deletion | • Same as Google Drive: retained for contract term • Deleted within 90 days of termination or earlier on request |
- Kinde (Authentication Provider)
| Category | Details |
| Data Accessed | • User login details, school/teacher identity attributes, authentication tokens • No student work or assignment content |
| Data Usage | • Used solely to authenticate and authorize users • No profiling or marketing usage |
| Data Sharing | • No data shared outside Sendient and Kinde authentication flow • Tokens encrypted and access-scoped |
| Data Storage & Protection | • Encrypted credentials and tokens stored securely • Zero-trust and MFA security model enforced |
| Data Retention & Deletion | • Authentication data retained only while account is active • Deleted upon account termination or school request |
- 11. Yourrights
Under UK GDPR and DUAA 2025, you have the right to:
- Access your data (with “stop-the-clock” pause if clarification needed).
- Rectify inaccurate data.
- Erase data (“right to be forgotten”).
- Restrict or object to processing.
- Data portability.
- Withdraw consent at any time.
We will respond within one month, with extensions only where permitted.
- 12. Children’sdata
SmartEducator is used by children in education. We comply with the DUAA children’s design duty:
- Minimising identifiers.
- Clear, child-friendly explanations (provided via schools).
- Teacher/school oversight of student use.
- 13. Marketing
You may opt out of marketing communications at any time by contacting marketing@sendient.ai.
- 14. Updates tothispolicy
We may update this notice to reflect changes in law or practice, including DUAA 2025. Updated versions will be published on our website.