This Privacy and Data Policy outlines how Public Sector Analytics Ltd t/a askKira, a Limited Company registered in England and Wales (Company Number: 14889377) operating in the field of education technology, collects, uses, processes and safeguards data from users of our AI chatbot for organisations – askKira.com. We are committed to maintaining the privacy and security of your personal information.

Introduction and Overview Our Role as Data Controller or Processor

Depending on how you use askKira, Public Sector Analytics Ltd t/a askKira may act as either a data controller or a data processor.

• If your organisation (e.g. school, trust or institution) provides access, askKira acts as a data processor, processing personal data solely on behalf of the organisation and in accordance with their instructions, as outlined in the Order Form.
• If you sign up as an individual, askKira acts as the data controller of your personal data. In this case, we determine the purpose and means of processing your data, in line with this Privacy and Data Policy.

This policy applies to both types of user. Where relevant, we explain which terms apply depending on how you access our services.

Consent

As an individual using our AI educational chatbot, you consent to the collection and processing of your data as described in this policy. You can withdraw your consent at any time by discontinuing use of our services. You can also opt-out of marketing from askKira by clicking Unsubscribe at the bottom of any of our emails, declining cookies on our website or by completing this form.

Where your organisation signs up for askKira, consent is managed at the organisational level. Where you are an individual user, you may withdraw consent at any time.

Data Collection and Usage

Types of Data Collected

We collect user information such as name, email address, educational background and professional interests, as well as interactions and queries made with the AI chatbot. Additionally, we collect specific personal information including name, email address, job title and date of birth. This information is collected for the purpose of generating user accounts and enabling personalisation of our services.

Purpose of Data Collection

Your data is collected when you engage with our chatbot, subscribe to our services, download resources or contact us for support. This engagement allows us to gather the information necessary to provide you with our services and support. As you interact with our services, we automatically collect data regarding your device and usage patterns through cookies and similar technologies. This data enhances our service's functionality and user experience.

Additionally, we utilise your demographic data for marketing purposes, such as sending email newsletters to keep you updated on our latest products, services and industry insights.

We may fine-tune or train our AI models with our own proprietary inputs to enhance its utility and relevance to our users. This process is part of our commitment to providing a service that is responsive to the needs of our user base. We do not use user inputted data for fine-tuning or training our AI models.

The chat history feature is powered by a secure database that stores key-value pairs, linking a user ID to their submitted queries and responses. These records are accessible only to the individual user whose unique key matches the stored entry.

No Training or Sharing of User Data

No user-submitted data is used to train any language models, nor is it shared externally or made viewable by any third party, nor is any data passed into a system that would retain it outside the secured infrastructure.

Data Processing and Sharing

Data Processing

Public Sector Analytics Ltd (t/a askKira) enters into Data Processing Agreements (DPA) with all third-party service providers and external consultants who process anonymised data on our behalf. These agreements ensure that data is processed in compliance with UK GDPR, upholding stringent data protection and privacy standards.

Anonymised data is processed by our business intelligence platform and external consultants, under separate DPAs, to provision the Public Sector Analytics insights offering. This processing is conducted based on clients' opted-in selection in their order form for anonymised usage and behavioural analytics and is used to generate insight and intelligence reports. The DPA governs how data processors handle the data, including maintaining confidentiality, ensuring data security and adhering to the specified processing purposes. All processors are subject to regular audits to ensure ongoing compliance with these obligations.

Organisational users should contact their school or trust to make requests under UK GDPR and we will assist the organisation as required. If you are an individual user, you may contact us directly for any data rights requests at [email protected].

All data entered into the platform either through account set up or user input is processed in real time to generate responses, after which it is only stored for user-facing features (such as saved conversations, account profile data or automatic organisational insights). We apply a privacy-by-design approach, meaning we collect the minimum data required to deliver the service.

Formal Data Processing Agreement

A formal Data Processing Agreement can be issued for signing as part of your contract with us.

Data Sharing

We anonymise user data for analytics to understand service usage and improve educational outcomes. This approach ensures privacy while contributing valuable insights to the educational leaders. No raw or identifiable data shall be shared externally under any circumstances. No data from the platform is sold or shared with third-party products or services, either directly or through partnerships. askKira does not sell, share or transfer any user-submitted data to third-party products or services – either directly or through partnerships.

Public Sector Analytics Insights Dashboard

Public Sector Analytics provides an insights dashboard that shares anonymised usage and behavioural insights from across all of an organisation's askKira userbase. This dashboard informs a school of their users' behaviours benchmarked and compared to other similar organisations' userbase. It's important to note that no personal data is processed for the provision of this insights dashboard. All data used to generate insights has any identifiable traits or markers removed. We also implement a minimum sample size to generate insights to avoid bias and exposure.

Organisational users can opt-in to the Public Sector Analytics insights offering via the order form. This opt-in allows us to process anonymised usage and behavioural analytics data for the purpose of generating insight and intelligence reports, which are only visible to the Organisation themselves.

Third Party Services and Processing

We may engage third-party service providers to assist with data analysis and storage, but we ensure that they adhere to strict privacy and security standards. Our service providers include:

• Amazon Web Services – Provides secure cloud hosting and infrastructure to ensure the reliability and scalability of our platform.
• Microsoft Azure – Supports certain AI powered functionalities and secure data storage.
• OpenAI – Used for certain AI-powered functionalities. OpenAI does not use API data for training models, though it may temporarily log data for abuse prevention.
• Google – Includes Google Analytics for understanding website traffic and user interactions, as well as the Gemini model for AI-powered functionalities. Google does not use API data from Gemini for training their models.
• Anthropic – Used for AI-powered functionalities via the Claude model. Anthropic does not use API data for training their models.
• Perplexity – Used for certain AI-powered functionalities. Perplexity does not use API data for training their models.
• Hotjar – Provides heatmaps and behavioural analytics to optimise user experience. No personally identifiable information is collected.
• Stripe – Processes secure online payments. Stripe follows strict financial security protocols and does not share payment details with unauthorised third parties.
• Mailchimp – Manages our email communications. Subscribers can opt out at any time, and no data is shared beyond its intended use.
• Wonde – Securely connects with education platforms to enable data access while maintaining strict compliance with GDPR and other data protection laws.
• Cloudflare – Provides security and performance enhancements, including DDoS protection and traffic optimisation. No personal data is sold or shared.

We ensure that all our service providers comply with relevant data protection regulations, including GDPR and UK data protection laws. If we change or add a sub-processor, we will notify all users within a reasonable timeframe.

Data Security and Hosting

Our services are hosted on Amazon Web Services (AWS), with data stored primarily in the United Kingdom (London region). Some ancillary services may store or process data within the EEA. All transfers are subject to UK GDPR-compliant safeguards.

Our Information Security Policy includes:

• Access Control: Only authorised personnel have access to sensitive and anonymised data, with access granted strictly on a case by case and need-to-know basis.
• Encryption: All sensitive data is encrypted both in transit and at rest to protect against unauthorised access.
• Monitoring and Auditing: We continuously monitor our systems for vulnerabilities and conduct regular audits to ensure compliance with our security policies.
• Incident Response: In the event of a security breach, we have a well-defined incident response plan to mitigate damage, notify affected parties and resolve the issue efficiently.
• Training: All employees and contractors undergo regular security awareness training to ensure they understand their responsibilities in protecting sensitive data.

Data Breach Notification

In the event of a data breach, we are committed to notifying affected users and relevant authorities as soon as possible after becoming aware of the breach, and no later than 72 hours after discovery. We have procedures in place to detect, report and investigate suspected data breaches promptly.

Where we act as a processor on behalf of an organisation, we will inform the relevant data controller without undue delay, enabling them to notify the ICO and affected individuals if required. Where we act as a controller (e.g. for individual user data), we will notify affected users and the ICO within required timeframes and take all necessary steps to contain, report and resolve the incident.

Risk Assessment Strategy

Public Sector Analytics Ltd employs a comprehensive Risk Assessment Strategy to identify, evaluate and mitigate potential risks to data security and privacy. This strategy includes regular risk assessments, mitigation plans, ongoing reviews and compliance monitoring closely aligned with UK GDPR.

Cookies and Tracking

We use cookies and similar technologies to enhance your user experience, gather usage data for analytical purposes and for marketing initiatives. By using our AI educational chatbot, you consent to analytics tracking via Google, Hotjar and X to help us understand user behaviour, improve our services and provide personalised content and advertisements. You can manage your cookie preferences through your browser settings.

Data Retention

We retain personal data only for as long as necessary to deliver services and meet contractual or legal obligations. Chat history is stored solely to enable users to review past interactions and remains available unless deleted manually, by the organisation, or via an automatic deletion setting.

For individual users, personal data is retained only while the account is active and is deleted upon account closure or user request. For organisational users, data is retained for the duration of the contract and up to 12 months thereafter for compliance or audit purposes. All data will then be securely deleted or returned as instructed by the organisation. No user submitted data is retained for training purposes and chat history can be deleted on request.

User Rights and Legal Information

Access and Correction: You have the right to access, correct, delete and restrict processing of your personal data in accordance with UK GDPR.

Erasure: You can request the deletion of your data, and we will comply within a reasonable timeframe. Users can delete their own chat history via the interface. If administrators require content to be deleted at an organisational level, we can action this on request. This deletion is permanent.

Data Subject Access Request Process: To request access to your personal data, contact our Data Protection Officer at [email protected]. We aim to respond to all legitimate requests within a reasonable timeframe. There is no fee for making a request unless the request is clearly unfounded, repetitive or excessive.

Intellectual Property Rights

There is no transfer of intellectual property when content is submitted to askKira. The interaction is best understood as akin to a teacher reading a piece of work — in this case, the review is done by a model rather than a person. askKira processes user-submitted content solely for the purpose of generating a one-time AI-powered response. No content is retained or reused beyond that session unless required to provide a specific feature (e.g. saved chat history). Ownership of submitted content remains with the user or Organisation, and no IP rights are transferred to us. The original author or organisation retains full rights over any content submitted to the platform, including pupils who retain IP rights over their own work in compliance with DfE guidance.

Legal Disclosures

While interactions with the chatbot are anonymised, please be aware that Public Sector Analytics Ltd, our parent company, may be required to disclose information in cases where there is a legal safeguarding duty to report, such as instances involving danger to oneself or to others.

General Information

Changes to Policy: We reserve the right to modify this policy at any time. Changes will be posted on our website, and continued use of our services will indicate your acceptance of these changes.

Contact Us: If you have any questions or concerns about this policy or the data we hold, please contact our Data Protection Officer at [email protected].

By using our Services, you agree to the terms of this Privacy and Data Policy. Your privacy and the security of your data are of utmost importance to us.

The most current version of this policy will always be available on our website.

Last updated: 5 January 2026

This Cookie Policy explains what cookies are, which cookies Public Sector Analytics Ltd t/a askKira ("askKira", "we", "us") uses on askKira.com, why we use them, and how you can manage your preferences. This policy should be read alongside our Privacy and Data Policy.

What Are Cookies?

Cookies are small text files placed on your device (computer, tablet or mobile) when you visit a website. They allow the website to recognise your device and store information about your preferences or actions over time. Cookies are not harmful and do not contain personal information such as your name or payment details.

Similar technologies — including pixel tags, web beacons, local storage and session storage — may operate in a comparable way. References to "cookies" in this policy include these technologies unless stated otherwise.

Our Legal Basis for Using Cookies

We operate in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR). Under PECR, we require your consent before placing any cookies that are not strictly necessary for the operation of the website. You can provide, withdraw or manage your consent at any time via our cookie consent banner or your browser settings.

Categories of Cookies We Use

1. Strictly Necessary Cookies

These cookies are essential for the website and platform to function correctly. They cannot be disabled and do not require your consent under PECR. Without these cookies, services you have requested — such as logging into your account or maintaining a secure session — cannot be provided.

• Session cookies: Maintain your logged-in state during a browser session. Expire when you close your browser.
• Security cookies: Protect against cross-site request forgery (CSRF) and other security threats. Typically expire at session end or within 24 hours.
• Cookie consent cookies: Store your cookie preferences so you are not asked repeatedly. Retained for up to 12 months.
• Load balancing cookies: Ensure your requests are routed to a consistent server during your session. Expire at session end.

2. Functional Cookies

These cookies allow the website to provide enhanced functionality and personalisation. They may be set by us or by third-party providers whose services we have added to our pages. If you do not allow these cookies, some or all of these services may not function properly.

• Preference cookies: Remember your settings such as language preference, display options and region. Retained for up to 12 months.
• Accessibility cookies: Store any accessibility settings you have configured. Retained for up to 12 months.

3. Analytics and Performance Cookies

These cookies help us understand how visitors interact with the website, which pages are most visited, where visitors come from, and whether they encounter any errors. This information is collected in aggregate and is used solely to improve the performance and usability of our website and platform. All data collected is anonymised before analysis.

• Google Analytics (GA4): We use Google Analytics to measure website traffic and user behaviour. Google Analytics collects anonymised data including pages viewed, time spent on pages, referral sources and device type. We have configured Google Analytics to anonymise IP addresses. Data is retained for 14 months. Google may transfer data outside the UK/EEA under Standard Contractual Clauses. You can opt out using the Google Analytics opt-out browser add-on.
• Hotjar: We use Hotjar to understand how users interact with our website through heatmaps, scroll maps and session recordings. Hotjar does not collect personally identifiable information. Data is retained for 365 days. You can opt out at hotjar.com/policies/do-not-track.
• Internal analytics cookies: First-party cookies used to track page performance and error rates. Retained for up to 90 days.

4. Marketing and Targeting Cookies

We do not use advertising or behavioural targeting cookies on the askKira platform to serve personalised advertisements. We may use limited marketing measurement cookies on our public-facing marketing website (askKira.com) to understand the effectiveness of our marketing campaigns. These include:

• Google Tag Manager: Used to manage and deploy our analytics and marketing tags without modifying website code directly. Does not itself collect personal data.
• Campaign measurement cookies: Used to attribute website visits to specific marketing campaigns (e.g. email campaigns). No personal data is shared with third parties for advertising purposes. Retained for up to 90 days.

We do not sell cookie data to any third party. We do not use cookies to build advertising profiles or share data with advertising networks.

Third-Party Cookies

Some cookies on our website are set by third-party services we use. These third parties have their own privacy and cookie policies, and we encourage you to review them:

• Google LLC — Google Analytics, Google Tag Manager. Google Privacy Policy
• Hotjar Ltd — Behaviour analytics. Hotjar Privacy Policy
• Cloudflare Inc — Security, performance and DDoS protection. Cloudflare may set a security cookie (_cf_bm) for bot management. Cloudflare Privacy Policy

Cookie Retention Periods

Session cookies expire when you close your browser. Persistent cookies are retained for the periods stated against each cookie above. We review our cookie retention periods at least annually and remove or update cookies as our services evolve. Where a cookie is no longer necessary, it will be removed from our website at the next scheduled review.

How to Manage Your Cookie Preferences

Cookie consent banner: When you first visit askKira.com, you will be presented with a cookie consent banner. You can accept or decline non-essential cookies at that point, or choose to manage your preferences by category. You can change your preferences at any time by clearing your cookies and revisiting the site, or by using the "Manage consent" button available on the website.

Browser settings: Most browsers allow you to control cookies through their settings. You can set your browser to refuse all cookies, accept only certain types, or delete existing cookies. Please note that restricting strictly necessary cookies may affect the functionality of the website and platform. Browser settings for managing cookies can typically be found at:

• Chrome: Settings → Privacy and security → Cookies and other site data
• Firefox: Options → Privacy & Security → Cookies and Site Data
• Safari: Preferences → Privacy → Manage Website Data
• Edge: Settings → Cookies and site permissions

Opt-out tools: You can also opt out of analytics tracking through the tools provided by individual third parties, as listed above.

Cookies and the askKira Platform

The askKira application (app.askkira.com) uses strictly necessary cookies and functional cookies to maintain your session and ensure the platform operates securely. No advertising, behavioural targeting or third-party marketing cookies are used within the application itself. Analytics within the platform are conducted using aggregated, anonymised data and do not rely on tracking cookies.

Changes to This Policy

We may update this Cookie Policy from time to time to reflect changes in technology, regulation or our services. Material changes will be communicated via our cookie consent banner when you next visit the website. The most current version of this policy is always available on our website.

Contact Us

If you have any questions about our use of cookies or this policy, please contact our Data Protection Officer at [email protected] or write to: Public Sector Analytics Limited, Company No. 14889377, registered in England and Wales.

Last updated: April 2026

These Terms of Service ("Terms") outline the rules and regulations for the use of the askKira.com website ("the Website" or "the Service"), operated by Public Sector Analytics Ltd ("us," "we," "our," or "the Company").

By accessing this Website, we assume you accept these Terms in full. Do not continue to use the Website or Service if you do not accept all of the Terms stated on this page.

Use of the Service & Service Expectations

You must be at least 18 years old to use this Service.

Your use of the Service is subject to compliance with these Terms, as well as any additional terms, guidelines or rules published on the Website that relate specifically to optional features (e.g. beta trials or integrations). These shall not override or expand your core obligations under this Agreement unless expressly agreed in writing.

The service is intended as an AI assistant for educational and informational purposes only. It should not be construed as delivering real-time or the most current information. While we strive for accuracy, we cannot guarantee that all information provided by our AI service is accurate, complete or current; any developments after the last update of the underlying AI model may not be reflected.

We are committed to continuously exploring and implementing innovative solutions to enhance the AI's knowledge base. Users should be aware that there may be delays in incorporating the latest information due to the nature of AI model development and training.

Our service is designed to guide and assist you with expansive thinking and problem-solving. It is not intended to replace the need for professional advice or regulatory compliance. Users are encouraged to consult qualified professionals for advice on regulatory matters.

Service Level Agreement

We commit to maintaining 99.5% uptime of the askKira.com service each calendar month, excluding scheduled maintenance or issues outside our control (e.g., internet disruptions or force majeure events). Downtime refers to periods where the Service is inaccessible or significantly impaired.

If the Service fails to meet this uptime commitment in any given month, you have the right to:

• Receive service credits as compensation
• Terminate your contract without penalty in the event of repeated service failures, defined as failing to meet the 99.5% uptime commitment for three consecutive months.

We host our platform on Amazon Web Services (AWS) in the London (eu-west-2) region to ensure compliance with UK data residency requirements and to benefit from AWS's region-level infrastructure resilience and failover capabilities.

Role as Data Processor

askKira operates as a data processor, acting on the instructions of your institution (the data controller) when handling user-submitted content. A formal Data Processing Agreement will be provided as part of your contract.

Data Protection & Processing

When using our services, we advise that information entered avoids including personal or sensitive details, particularly relating to students, pupils, people under 18 or special category data where not necessary. Please make best efforts to remove or obscure identifying information that isn't essential for your query.

All data entered into the platform either through account setup or user input is processed in real-time to generate responses, after which it is only stored for user-facing features (such as saved conversations, account profile data or automatic organisational insights).

We apply a privacy-by-design approach, meaning:

• We collect the minimum data required to deliver the service
• All processing takes place within a secure UK-based environment hosted on Amazon Web Services (London region)
• Data is encrypted both in transit and at rest
• User access is managed through secure authentication protocols
• All backend services are protected through role-based access control, logging and strict permission boundaries

Data Retention and Deletion

Users can delete their own chat history via the interface. If administrators require content to be deleted at an organisational level, we can action this on request. All such deletions are permanent.

Chat history is retained for as long as a user has an active account, unless they or their organisation choose for it to be deleted. Upon request, we can implement automatic data deletion after a set period to support your organisation's records management policy.

Data Usage and Sharing

No user-submitted content is shared with third parties, used to train language models, viewed by others (except those authorised by your organisation), or sold or transferred to third-party products or services, either directly or through partnerships.

In the rare event that technical support requires access to user-submitted content, it would only be by an authorised individual who holds an up-to-date DBS check.

Intellectual Property

All intellectual property rights, including but not limited to copyrights, trademarks and patents, associated with the Website and its content, are either owned by the Company or have been licensed to the Company. This includes, but is not limited to, the design, text, graphics, images, video, information, software and other content available on or through the Service.

There is no transfer of intellectual property when content is submitted to askKira. The interaction is best understood as akin to a teacher reading a piece of work — in this case, the review is done by a model rather than a person. askKira processes user-submitted content purely to generate a response in the moment. No IP rights are reused or transferred to us. The original author or organisation retains full rights over any content submitted to the platform. Any materials, drafts or derivative outputs created using the Service, whether generated wholly or in part through interaction with the AI, shall be owned by the organisation submitting the input. The Company makes no claim over these outputs.

You may not reproduce, modify, distribute or otherwise use any of the Company's intellectual property without the prior written consent of the Company, unless expressly permitted by these Terms or applicable laws.

Limitation of Liability

The Website and its content are provided "as is" without any warranties, express or implied.

Nothing in these Terms shall limit either party's liability for death or personal injury caused by negligence, fraud or fraudulent misrepresentation, or breach of the terms implied by section 2 of the Supply of Goods and Services Act 1982.

The Company shall not be liable for any direct, indirect, incidental, consequential or punitive damages arising out of your use or inability to use the Service.

Governing Law

These Terms are governed by and construed in accordance with the laws of the UK, and any disputes will be subject to the exclusive jurisdiction of the courts of the UK.

By using the Website or Service, you agree to comply with these Terms. If you do not agree with these Terms, please do not use the Website or Service.

For any questions or concerns regarding these Terms, please contact us at [email protected]

Last updated: 11 June 2025

This Acceptable Use Policy ("AUP") governs how the askKira platform ("the Platform") may and may not be used by individuals and organisations ("Users"). It applies to all users of askKira, including individual subscribers, organisational account holders, staff members, and any other person accessing the Platform. This AUP forms part of your agreement with Public Sector Analytics Ltd t/a askKira ("we", "us") and should be read alongside the Terms of Service and Privacy and Data Policy.

By accessing or using the Platform, you confirm that you have read, understood and agree to comply with this AUP. If you do not agree, you must not use the Platform.

1. Purpose of the Platform

askKira is designed to assist education professionals and organisational staff with professional decision-support, planning, reflection, administrative tasks, and interpretation of policy and statutory guidance. It is an assistive tool intended to augment, not replace, professional judgement and expertise.

The Platform is designed for use by adults (18 and over) in a professional capacity. It is not designed or intended for use by pupils, students, or other individuals under the age of 18, unless expressly permitted by your organisation's account configuration and appropriate safeguards are in place.

2. Permitted Uses

You may use the Platform to:

• Interpret, summarise or apply statutory and regulatory guidance relevant to your professional role (e.g. KCSIE, Ofsted frameworks, DfE guidance, SEND Code of Practice).
• Draft, review or sense-check professional documents, reports, letters, policies and communications.
• Support planning, reflection, professional development and research activities.
• Explore approaches to complex professional scenarios and challenges, using the AI as a thinking partner.
• Reduce administrative workload and improve consistency in professional practice.
• Access your organisation's approved knowledge base, uploaded policies and documents (where enabled by your admin).
• Use the wellbeing and reflective support tools provided within the Platform, in line with their intended purpose.

3. Data Minimisation and Input Conduct

You must take responsibility for what you enter into the Platform. When submitting queries or uploading documents, you must apply the principle of data minimisation — only including information that is genuinely necessary for the response you require.

In particular, you must:

• Avoid inputting pupil names, dates of birth, or other information that directly identifies a child or young person unless this is strictly necessary and your organisation has made specific provision for this in its AI governance arrangements.
• Remove or anonymise personal identifiers (names, addresses, ID numbers, contact details) before submitting documents or case-related queries wherever possible.
• Not input special category data — including information about health conditions, disabilities, ethnicity, religion, sexual orientation or criminal matters — in a way that identifies an individual, unless strictly required by your professional role and your organisation has confirmed this use is within scope.
• Not upload or share documents that you do not have the authority to share, including confidential third-party documents, commercially sensitive information, or materials subject to legal privilege or confidentiality obligations.
• Not input content that belongs to another person and in respect of which you do not hold appropriate rights or permissions.

4. Safeguarding Obligations

askKira is not a safeguarding system and must not be used as the sole basis for any safeguarding decision, referral, assessment or action. All safeguarding concerns must be handled in accordance with your organisation's designated safeguarding procedures and statutory guidance (including KCSIE for schools).

You must:

• Not use askKira to make, record, or substitute for safeguarding decisions that require the involvement of a designated safeguarding lead (DSL) or statutory agencies.
• Not input identifying information about a child who is the subject of a safeguarding concern unless your organisation's DSL has specifically authorised this use and appropriate governance is in place.
• Follow your organisation's reporting procedures for any safeguarding concern that arises during or as a result of using the Platform — including if Kira raises a concern in its response to you.
• Be aware that where platform content indicates a serious risk to the safety of any individual, askKira may be under a legal obligation to disclose information to relevant authorities.

5. AI-Specific Use Requirements

Given the nature of AI-powered tools, the following requirements apply to all use of the Platform:

• Human oversight is mandatory. All outputs from the Platform are advisory only. You must review, validate and apply your own professional judgement before acting on any AI-generated response.
• Critical information must be independently verified. Do not rely on the Platform as your sole source for legal, regulatory, medical, psychological or statutory guidance. Always cross-reference with primary sources and qualified professionals where appropriate.
• AI outputs must not be presented as original professional work without appropriate review, editing and your own professional input. You remain responsible for any documents, communications or decisions that incorporate AI-generated content.
• Do not use the Platform to make high-stakes automated decisions. This includes, but is not limited to, decisions about disciplinary action, exclusion, grading, SEND assessments, performance management outcomes, or medical or psychological determinations.
• Accuracy is not guaranteed. The Platform may produce inaccurate, incomplete or outdated responses. AI models can "hallucinate" — presenting plausible but incorrect information with apparent confidence. You must not assume accuracy without verification.
• Bias awareness. AI outputs may reflect biases present in underlying training data. You should apply critical professional scrutiny to all responses, particularly those relating to individuals or groups.

6. Prohibited Uses

You must not use the Platform to:

• Generate, distribute or store any content that is unlawful, harmful, threatening, abusive, harassing, defamatory, obscene, offensive or otherwise objectionable.
• Generate, access or distribute any content that sexualises, exploits, or endangers children or young people in any way.
• Create or attempt to create content that facilitates discrimination on the basis of race, ethnicity, nationality, sex, gender, sexual orientation, disability, religion, age or any other protected characteristic.
• Circumvent, probe, test or attempt to disable any safety filters, content moderation systems, guardrails or security controls built into the Platform.
• Use the Platform for any purpose that violates applicable law, including UK GDPR, the Data Protection Act 2018, the Computer Misuse Act 1990, or any other relevant legislation.
• Impersonate any person or entity, or misrepresent your identity or affiliation when using the Platform.
• Attempt to extract, reverse engineer, or replicate the underlying model architecture, training data, system prompts or intellectual property of the Platform.
• Use the Platform to generate content intended to spread misinformation, disinformation or harmful conspiracy theories.
• Use the Platform for any commercial purpose other than the purposes for which your organisation's licence has been granted (e.g. you may not use the Platform to generate content for sale to third parties, or to build competing products or services).
• Share your login credentials with any person not authorised under your organisation's account, or allow access to the Platform by anyone other than authorised users.
• Use automated scripts, bots or other programmatic means to interact with the Platform in bulk or in a manner not intended for human use, unless expressly permitted by a separate written agreement.
• Upload, introduce or attempt to introduce malicious code, viruses, ransomware or any other harmful software.

7. Organisational Responsibilities

Where your organisation holds an account with askKira, the organisation (as data controller) has additional responsibilities:

• Ensuring that all staff who access the Platform have read and understood this AUP before use.
• Maintaining a current and appropriate AI use policy that covers the use of askKira and reflects your obligations under UK GDPR, DfE guidance and Ofsted expectations.
• Configuring the Platform's admin controls appropriately, including restricting access to relevant staff, applying content controls where necessary, and ensuring the Platform is used within your organisation's agreed governance arrangements.
• Notifying askKira promptly of any suspected misuse, data breach, security incident or safeguarding concern arising from use of the Platform.
• Ensuring that any documents or data uploaded to the Platform's knowledge base are appropriate for sharing, do not contain unauthorised personal data, and are within your organisation's authority to share.

8. Reporting Misuse

If you become aware of any use of the Platform that violates this AUP — including by other members of your organisation — you should report it promptly to your organisation's designated administrator or data protection officer, and to askKira at [email protected].

We take all reports of misuse seriously and will investigate promptly. Where a report relates to a safeguarding concern or potential criminal activity, we will take appropriate steps including escalation to relevant authorities as required by law.

9. Consequences of Breach

Breach of this AUP may result in:

• Immediate suspension or termination of your individual or organisational access to the Platform, without refund.
• Referral to your employing organisation, professional body or regulatory authority where appropriate.
• Disclosure to law enforcement or statutory agencies where required by law or in cases involving serious harm or safeguarding concerns.
• Legal action where the breach has caused or risks causing harm to askKira, its users, or third parties.

askKira reserves the right to investigate suspected breaches and to take any of the above actions at its sole discretion. We will act proportionately and with appropriate regard to due process, but safety and legal compliance will always take precedence.

10. Monitoring

The Platform operates an automated monitoring engine that detects content falling into high-risk categories (including content relating to harm, self-harm, sexual content, violence and threatening behaviour). Where flagged content is detected, alerts are sent to your organisation's designated administrator. Content is accessed by askKira staff only in the limited circumstances described in our Privacy and Data Policy and only with organisational consent, except where a legal safeguarding duty requires disclosure.

Use of the Platform constitutes consent to this automated monitoring.

11. Changes to This Policy

We may update this AUP from time to time to reflect changes in the law, our services, or best practice. We will provide reasonable notice of material changes via the Platform or by email to your organisation's designated contact. Continued use of the Platform after the effective date of any change constitutes acceptance of the updated AUP.

12. Governing Law

This AUP is governed by the laws of England and Wales. Any disputes arising from this AUP shall be subject to the exclusive jurisdiction of the courts of England and Wales.

Contact

If you have any questions about this AUP, please contact us at [email protected] or write to: Public Sector Analytics Limited, Company No. 14889377, registered in England and Wales.

Last updated: April 2026

Kira is here to assist with your enquiries, offer learning support, and facilitate productive discussions. AI technology has the potential to transform our lives, enhancing experiences in countless ways. However, it also comes with the risk of misuse. At askKira, we prioritise the responsible use of AI and adhere to the highest ethical standards for the greater good.

In addition to educational support, askKira offers wellbeing resources, providing a safe space for you to express your thoughts and concerns. Your questions are anonymised to protect your privacy, but we are legally obligated to address any serious risks to yourself or others. Your safety and wellbeing are our top priorities.

Always Verify Information

Your conversations are important to us. Kira strives for accuracy, but always verify critical information independently. Our goal is to support, not replace, your decision-making process. Review our privacy policy to understand how we respect and handle your data.

Protecting Our Users

At askKira, we prioritise user trust and safety above all else. All users' identifiable information, such as user emails or names, are removed to ensure anonymity and privacy in our day to day processing and maintenance of the askKira ecosystem.

Automated Monitoring for User Safety

To maintain a safe environment for all users, we have implemented an automated monitoring engine. This system is designed to automatically and privately detect content that falls into the following categories:

• Sexual
• Minors
• Harassment/Threatening
• Hate/Threatening
• Illicit/Violent
• Self-Harm/Intent or Instructions
• Violence/Graphic

How We Handle Flagged Content

If flagged content is detected, an automated email is sent both to askKira and to your organisation's designated trust admin contact (if your account is an Organisation account). Only at the explicit request and with the permission of the Organisation would we investigate a specific flagged input. At that stage, we can access details such as the user's email, name, timestamp and the flagged content. This process ensures that sensitive information is only accessed in extenuating circumstances and with the user's/organisation's consent.

Commitment to Data Protection Standards

At askKira, we are fully committed to ensuring compliance with data protection standards. Our processes are designed to minimise access to sensitive information, as we understand the importance of creating a trusted environment where users feel safe and supported. By combining robust automated monitoring with strict data protection practices, we strive to uphold the highest standards of privacy and security for all our users.

askKira is built to ISO 27001 information security principles, protecting your data with robust access controls, encryption and incident response procedures.

Whether you're a school, a trust or a business, you deserve to know what's under the hood. Our AI Nutrition Labels give you a clear, honest breakdown of how the platform works — from data handling and hosting to safeguarding and risk.

All outputs are advisory only. Staff must review and apply professional judgement before acting or sharing. Full interactive AI Nutrition Labels (Education & Organisations editions) available at our Transparency page.

1. System Overview

System name: askKira  |  System type: AI-powered professional decision-support assistant for education  |  Deployment context: Schools, Multi-Academy Trusts, education organisations

Primary purpose: askKira supports education professionals by interpreting policy and statutory guidance, supporting planning, reflection and professional judgement, reducing administrative workload, and improving consistency and confidence in decision-making.

Non-purpose (explicit exclusions): askKira does not make autonomous decisions, replace professional judgement, perform automated safeguarding determinations, diagnose pupils or staff, or grade, assess or label individuals.

2. Model & Architecture Summary

Model class: Large Language Model (LLM)–based conversational system with domain-specific constraints.

Model provenance: Built on commercially available foundation models. Models are not trained on customer content.

System architecture (high level): User prompt → safety checks → contextual orchestration → model inference → output filtering → user response. Optional retrieval of organisation-specific, permissioned content where enabled.

Data isolation: Customer data is logically isolated by organisation. No cross-organisation data sharing.

3. Training Data & Knowledge Sources

Foundation models are trained on a mixture of licensed data, data created by human trainers, and publicly available text. Customer prompts, documents and outputs are not used to train models. Data is processed solely to provide the service. Where enabled, askKira can reference internal policies, trust documentation and approved guidance — access is strictly permission-controlled.

4. Intended Users & Use Cases

Intended users: Teachers, school leaders, trust executives, central teams (SEND, safeguarding, HR, governance).

Intended use cases: Policy interpretation and clarification, drafting and sense-checking professional documents, scenario-based reflection and support, staff workload reduction.

Out-of-scope use cases: High-stakes automated decisions, live safeguarding judgements without human oversight, medical, psychological or legal determinations.

5. Guardrails & Safety Controls

All outputs are advisory only. Users are explicitly instructed to verify outputs. Automated detection and filtering for safeguarding-sensitive content, harmful or discriminatory language, and inappropriate sexual or violent content. Conservative defaults when discussing children, vulnerability or risk. Clear prompting to escalate safeguarding concerns through organisational procedures. Rate limiting, abuse prevention, role-based access controls and organisational admin oversight are all in place.

6. Known Limitations

Outputs may be inaccurate, incomplete or outdated. The system may hallucinate plausible but incorrect information. It cannot replace contextual knowledge of a school or pupil, cannot account for all local policies or professional nuance, and is not suitable for sole reliance in safeguarding or disciplinary decisions. Model outputs may reflect biases present in underlying training data — active professional scrutiny is required.

7. Monitoring, Evaluation & Improvement

Automated logging of system performance and safety signals (metadata-level). Monitoring for misuse, abuse or anomalous patterns. Defined escalation pathways for safety concerns, safeguarding issues and data protection incidents. Periodic review of guardrails and prompts, with updates informed by user feedback and incident analysis.

8. Privacy & Data Protection Summary

UK GDPR compliant. Privacy by design and by default. Data minimisation. Encryption in transit and at rest. No model training on customer data. Configurable retention and deletion controls.

9. Accountability & Governance

Human accountability retained by customer organisation. askKira provides technical and safety controls; professional judgement remains with users. Ethical use embedded in product design and onboarding. Alignment to UK Government Data & AI Ethics Framework.

10. Summary for Buyers

askKira is designed as a low-risk, assistive AI system for education, with strong privacy and safety foundations, clear limits on autonomy and decision-making, and conservative safeguards for safeguarding and vulnerable users.

This overview summarises how askKira aligns with the UK Government's Data & AI Ethics Framework and supports responsible, safe and lawful use of AI in education. It is designed to support due diligence by Trust Boards, Executive Leaders, DPOs and regulators.

Summary: askKira demonstrates strong alignment with the UK Government's Data & AI Ethics Framework in privacy, safety, accountability and human oversight. For organisations requiring deeper assurance or public-sector-grade documentation, please contact [email protected].