Back

Trust Hub

Everything a school DPO needs to evaluate LESSO, in one place.

Most AI vendors quietly hope you don't ask the data-protection questions. We put the answers on a page and link to them from the footer. None of this is marketing — all of it is in the contract.

The Trust Hub is the documents below plus the legal pages they reference. Each has its own URL so you can email it straight to your IT team or your Data Protection Officer.

UK data sovereignty

Customer and personal data are stored and processed in the United Kingdom on Civo Ltd (LON1) with Microsoft Azure UK South pinned as fallback for AI inference.

Binding no-training commitment

We do not use your prompts, conversations, or generated content to train AI models — not our own, not Civo's, not relax.ai's, not Microsoft's. The commitment is in our DPA.

Teacher-facing, never pupil-facing

Mrs J is teacher-facing only — no pupil accounts, no pupil-data processing, no AI marking. There is no pupil account today and there is no plan for one.

The spine of the Trust Hub

Sub-processors

Every supplier we use to process LESSO data, where they sit, what they do, and an email subscription so your DPO is told before anything changes.

See sub-processors

Data Processing Agreement

Article 28 UK GDPR DPA, downloadable and ready for school counter-signature. Includes the binding no-training clause and 30-day data export on termination.

Read the DPA

DPIA summary

Our Data Protection Impact Assessment in plain English, signed and dated, with the AI-specific risks the ICO Generative AI guidance asks for.

Read the DPIA

Security overview

How we encrypt data in transit and at rest, how we control access, our incident-response posture, and the certifications we inherit from Civo (ISO 27001, Cyber Essentials Plus).

See the security page

DfE Product Safety Standards mapping

Point-by-point mapping of LESSO to each DfE Generative AI Product Safety Standard (19 January 2026), with linked evidence — designed for a MAT compliance lead to lift verbatim into procurement paperwork.

Read the DfE mapping

Related legal pages

The hub sits alongside the legal pages every LESSO user is bound by. The wording in those pages is the same wording you will find in the DPA, the DPIA, and the sub-processor list — by design.

Talk to a human

General questions: hello@lesso.co.uk

Privacy and data-protection matters: Luke, our co-founder, handles all compliance and can be reached directly at support@lesso.co.uk.

LESSO Ltd | Registered in England and Wales