DfE Generative AI Product Safety Standards — LESSO mapping

LESSO is teacher-facing only (target users: UK qualified teachers and school leaders across all ages and subjects; there are no pupil accounts and no plan for them). Content safety on the primary relax.ai path (Civo LON1, UK) is application-layer: a constrained educational system prompt, intent classification, hard routing rules the model cannot override, and a two-pass self-critique pipeline. Stated honestly: there is no dedicated third-party moderation API call on the relax.ai path. Azure OpenAI content filtering is active on the Azure fallback path. No AI-generated output is shown directly to pupils; the teacher reviews and approves every artefact before classroom use.

Mrs J is positioned as a draft-author, not an authority. Every generated artefact carries a canonical "drafted by Mrs J in seconds; review before adoption" disclaimer; the product UI never auto-sends and never frames Mrs J output as a final assessment artefact. A published bias / quality audit is committed for Year 2 of meaningful adoption (founder position §13.7, target 2027).

LESSO is teacher-facing only. There are no pupil accounts and no plan for them. Mrs J does not introduce new pupil-facing channels, does not interfere with school filtering or monitoring, and does not produce material that bypasses the school's safeguarding controls. Schools using LESSO continue to satisfy KCSIE 2025 expectations through their existing filtering / monitoring stack.

LESSO publishes a school-counter-signable Article 28 UK GDPR DPA, a signed and dated DPIA, a dated sub-processor list with a change-notification subscription, and a binding no-training commitment. Compliance is handled by Luke, our co-founder, who can be reached on support@lesso.co.uk. LESSO does not process pupil data; the lawful bases for the teacher-facing processing are documented in the Privacy Policy.

Teachers retain ownership of the prompts they enter and the artefacts Mrs J drafts for them, as set out in the LESSO Terms. LESSO does not assert ownership of teacher prompts or outputs, does not use them to train any AI model, and does not on-license them. The underlying foundation models are licensed from their providers (Llama 4 Maverick, DeepSeek-V4-Pro, Kimi 2.6, Mistral-7B-Embedding, and Voxtral via Civo / relax.ai; gpt-4.1-mini and text-embedding-3-large via Microsoft Azure OpenAI Service) under their respective published terms.

LESSO runs internal evaluation against UK curriculum prompts before model-version changes, and disclosure of model and host on the AI Transparency page is updated when versions change. Independent third-party penetration testing is annual; an externally-published bias / quality audit is committed for Year 2 of meaningful adoption (target 2027). We will name the third party once the engagement is signed.

LESSO Ltd is the data controller for its B2C accounts and the data processor for school B2B accounts. Luke, our co-founder, handles all compliance and can be reached on support@lesso.co.uk. Locked founder positions on age, no-training, no AI marking, no pupil-facing surface and recommend-not-mandate disclosure are published in plain English on the AI Transparency page and reflected in the contract. Schools may contact support@lesso.co.uk for complaints, escalations, or audit requests.

The AI Transparency Statement at /ai-transparency tells teachers the model name and host, what Mrs J sees, what Mrs J won't do (no pupil accounts, no marking, no surveillance, no training on prompts), how to control AI learning, and the regulatory framework the statement is written against. The Disclosure to Pupils and Parents section sets out our recommend-don't-mandate position aligned to EU AI Act Article 50 and UNESCO guidance.

TLS 1.3 in transit; AES-256 at rest in Civo LON1; least-privilege access; admin endpoints behind a server-side requireAdmin guard; audit logging; weekly SAST scans and dependency audits; annual third-party penetration test; documented incident-response procedure with controller notification within 72 hours of becoming aware of a breach. Sub-processor security inheritance is documented (ISO 27001, Cyber Essentials Plus, SOC 2 / 27017 / 27018 as applicable). Known roadmap item: HTTP application-layer security headers (CSP, HSTS, X-Frame-Options) are not yet set at the Next.js application layer; transport-layer TLS is enforced at the NGINX ingress. These headers are committed for the next infrastructure sprint.

Schools report concerns to support@lesso.co.uk; safety-relevant feedback is triaged by LESSO's compliance lead and tracked to closure with the controller informed. LESSO operates an admin fan-out broadcast for material sub-processor or safety changes (double-opt-in subscription on the sub-processor page). Post-incident review summaries are shared with affected controllers.