Security and Compliance

Security built in, not bolted on

Schools handle some of the most sensitive data there is: information about children. SafeSchool is built with data protection and legal compliance as a core design principle, not an afterthought.

Technical security

Six pillars protecting your data

Each pillar is an active design decision, not a checkbox ticked after the fact.

Data stored in Sweden

All data is stored in Microsoft Azure Sweden Central. Student records never leave Sweden and are always processed within the EU data protection framework. No third-country transfers.

GDPR-compliant by design

Built-in support for data rights, access control, and retention periods. No third-party tracking tools. A Data Processing Agreement (DPA) is signed with every school. Ready for supervisory authority audits.

Encrypted communication

All traffic uses an encrypted HTTPS connection, the same technology banks use. Parent links are unique, personal, and time-limited. No sensitive information is ever sent unencrypted.

Education Act compliant

Documentation flows follow Swedish Education Act chapters 5 and 6 on safety and offensive treatment. Schools are legally required to begin investigating within 24 hours. SafeSchool tracks that deadline automatically.

Role-based access control

Every user sees only what they are authorised to see. Teachers see their cases, principals see their school's cases, and municipality administrators see their district, with granular access control at every level.

Complete, tamper-proof history

Every action is automatically logged with a timestamp and the name of who did it, and can never be deleted or changed afterwards. If a case ever ends up before an authority, the full history is there.

Regulatory compliance

Laws and regulations we cover

SafeSchool is designed to help Swedish schools meet their statutory obligations.

Education Act Ch. 6

Offensive treatment and harassment. Schools are legally required to investigate promptly and take action. SafeSchool documents the full investigation workflow, including the statutory 24-hour deadline.

GDPR

Student data constitutes sensitive personal data. SafeSchool handles legal basis, retention periods, access restrictions, and data processing agreements in accordance with GDPR requirements for the public sector.

Discrimination Act

Covers reports of discrimination based on gender, ethnicity, religion, disability, sexual orientation, gender identity, and age.

Want to learn more about how we handle your data?

Book a call with us. We'll walk you through the security architecture and answer any questions.

Book a pilot call