← Back to homepage

Privacy Policy

Last updated: 4 May 2026

Who we are

Send Dossier is currently operated as an early-stage UK beta product. Full company registration details, registered office address, and ICO registration information will be added before wider public launch where applicable.

For UK GDPR, the operator acts as the data controller for personal data you submit through this website and the Send Dossier app, pending final legal structure. This policy describes how we process that data; it is not legal advice.

ICO registration details will be added once confirmed. We do not claim ICO registration until then.

Contact
General and account support: hello@senddossier.co.uk
Privacy and data rights (including export and deletion): the same address, or use Contact, Request a copy of your data, or Account and data deletion. We may ask you to confirm your identity before acting.
Security reports: Email hello@senddossier.co.uk with subject "Security report" so we can prioritise it.

What data we collect

  • Account: name, email, password (stored using industry-standard hashing via our auth provider)
  • Child information: name, date of birth, school, year group, diagnosed needs
  • Case data: timeline events, diary entries, goals, provisions, deadlines, letters, documents, captures
  • Billing: during the Essentials beta, new signups do not go through paid checkout and we do not collect payment card details. When paid plans launch, payment processing is intended to be handled by Stripe; we will update this policy and will not store your full card number ourselves.
  • Usage: optional, aggregated page views via Vercel Analytics if you accept analytics cookies (see our Cookie Policy)

Optional marketing emails

If you choose to receive occasional emails from us (for example via a form on our website offering free SEND guides, checklists, or download links), we process your address on the basis of consent. You can withdraw that consent at any time.

  • What we store: your email address, where you signed up (source), what was offered (offer), whether you are still subscribed, the time you unsubscribed (if applicable), and the IP address submitted with the request when our systems record it.
  • Processor: Resend delivers these messages (resend.com). We do not use third-party marketing cookies for this list — see our Cookie Policy.
  • Unsubscribe: use /unsubscribe or the link in any marketing email we send you.
  • Separate from service email: account sign-in, security notices, subscription or billing messages, and in-app alerts (such as deadline reminders you enable) are handled under our service terms and are not the same as these optional marketing emails.

Free PDFs on our Downloads page remain available without subscribing to marketing email.

How we use your data

  • To provide the Send Dossier service
  • To send account and case alerts (deadline reminders, notices)
  • To send your weekly digest (opt-in)
  • To operate subscriptions when paid billing is live (during Essentials beta, paid signup is disabled)
  • Optional AI summaries when you opt in (where available on your plan)
  • To improve the product (usage patterns, not content of your case)

Send Dossier does not use AI on your records unless you explicitly choose an AI feature. Optional AI-assisted summaries, where offered on your plan, run only on material you choose after explicit opt-in. We do not sell your data. We do not use it for advertising.

Your child's data

We aim to align with the ICO's Age Appropriate Design Code (Children's Code) for services likely to be accessed by children:
Profiling is off by default
Send Dossier does not use AI on your records unless you explicitly choose an AI feature. Optional AI features require explicit opt-in.
Children's data is never shared with schools, LAs, or any third party without your deliberate action

Processors (subprocessors)

We use the following categories of supplier to run Send Dossier. They process data only as needed to provide the service, under appropriate terms. This list reflects what we use today; we will update it if we add or change suppliers.

  • Supabase — authentication, PostgreSQL database, and file object storage for account and case data (supabase.com).
  • Vercel — hosting and serverless application runtime (vercel.com).
  • Resend — sending transactional email (for example messages from our contact form to our team, and account-related email where enabled) (resend.com).
  • Vercel Analytics — privacy-oriented, aggregated page metrics only if you opt in via our cookie banner (vercel.com).
  • Stripe — payment processing when paid subscriptions are offered (stripe.com). During the current beta, paid signup is disabled; Essentials signup does not use Stripe Checkout. When billing is live, checkout is subject to Stripe's terms and privacy policy.
  • Anthropic — optional AI-assisted features only where available in the product and only when you explicitly opt in; requests are sent to Anthropic's API (anthropic.com). Not used for routine storage of your dossier. See Anthropic's policies for how they handle API data.

Primary database and file storage are configured in our Supabase project; ask hello@senddossier.co.uk if you need the current production region for your records.

How long we keep your data

We keep your account and case records while your account is active and you use the service.

You can request deletion of your account or stored records via /account-deletion (beta: handled manually; we may verify ownership). After we process a deletion, live data is removed or anonymised in line with our internal procedures.

Backups and logs: copies of data in backups or infrastructure logs may persist for a limited period before rotation or overwrite. Exact retention periods for backups, logs, and any billing records are being formalised before wider public launch and will be aligned with this policy and applicable law. We do not promise a specific purge date here during beta.

If you need the current production data region or have questions about how long something is kept, email hello@senddossier.co.uk.

Data export and access (beta)

You can ask for a copy of the personal data we hold about you in Send Dossier. During beta, use /data-export or Contact with subject "Data export / access request". Requests are handled manually; this is not an instant self-serve download. We may need to verify account ownership.

Please do not email SEND documents, medical reports, or large sensitive files unless we have agreed a secure approach with you. Describe what you need in plain text first.

Your rights (UK GDPR)

Access - request a copy of your data (handled manually during beta; not an instant download) or use the dossier summary PDF in the app where available
Correction - update your profile
Deletion - request account or data deletion (handled manually during beta — see that page)
Restriction - contact hello@senddossier.co.uk
Portability - request a copy of your data or the in-app dossier summary PDF
Withdraw consent - AI opt-out in Settings
Complain - ICO: ico.org.uk | 0303 123 1113

Cookies

We use essential cookies to run the site (including sign-in). Optional analytics cookies load only if you accept them in our banner. Details: Cookie Policy.

Security

We use HTTPS (TLS) for traffic between your browser and our service. Passwords are not stored in plain text. Database and file storage rely on our providers' security measures (including encryption at rest as described by those suppliers). No online service can guarantee perfect security; use a strong password and protect your devices.

Changes

We will email you about significant changes.

Contact

hello@senddossier.co.uk

Request a copy of your dataRequest account or data deletion