Back to C3NTR

Trust & Compliance

Everything a school’s procurement officer needs to attach C3NTR to a compliance file. The artefacts on this page are designed to be downloaded and circulated together.

Who you’re dealing with

  • Operating entity: andBeyond.digital Ltd (registered as ANDBEYOND.DIGITAL LTD) — the company that develops and operates C3NTR.
  • Registered in: England & Wales.
  • Company number: 17260951.
  • ICO registration number: registration pending.
  • Registered address: 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom.

Data Protection Lead

The Data Protection Lead is the single point of contact for any privacy, GDPR, or data-protection question.

  • Email: info@c3ntr.app
  • Response window: one calendar month, as required by UK GDPR Article 12.

Compliance artefacts

Each of these is versioned and dated. The DPA and DPIA Summary render as printable A4 pages — press ⌘P from your browser to save as a signable PDF.

  • Privacy Policy — UK GDPR / DPA 2018 alignment, controller identity, breach SLA.
  • Terms of Service — the agreement between schools and C3NTR.
  • Data Processing Agreement — UK GDPR Art. 28-compliant DPA naming C3NTR as Processor and your school as Controller.
  • Sub-processor list — current Sub-processors with locations, with 30-day change-notification subscribe form.
  • DPIA summary — redacted public summary of the C3NTR Data Protection Impact Assessment for the processing of children’s data.

Schools Compliance Pack

A single zip containing all five compliance artefacts plus a one-page cover sheet with the current version + dates of each document — the file a procurement officer can attach to your school’s compliance file in one shot.

The Compliance Pack is generated on demand from the C3NTR portal (Settings → Trust & Compliance) once you are signed in as a school leader.

Coming soon — in the meantime, download each artefact individually from this page.

Where your school’s data lives

  • Primary region: Google Cloud europe-west2 (London, United Kingdom).
  • Encryption in transit: TLS 1.2 or higher across every connection.
  • Encryption at rest: AES-256 in Cloud Firestore and Cloud Storage.
  • Authentication: phone-number one-time code for the mobile app; magic-link email for the web portal; multi-factor on all internal administrative access.

If something goes wrong

If a personal-data breach occurs that creates a risk to the rights and freedoms of natural persons, we will notify your school leader within 72 hours of becoming aware, per UK GDPR Articles 33–34. We will also notify the Information Commissioner’s Office (ICO) where required.

If you believe we have handled personal data unlawfully, you may lodge a complaint with the ICO at ico.org.uk. We would, however, appreciate the opportunity to address your concern directly first — email info@c3ntr.app.