⚠️ Draft for review — not legal advice.
This is a working draft. It must be reviewed and approved by a qualified data-protection / education-law professional and the responsible Data Protection Officer before it is published or relied upon. Placeholders in [square brackets] need real values.
Safeguarding & Child Protection
Last updated: Draft — not yet published
Storyjar holds the work of children aged 3–7. Keeping them safe is our first principle — every design decision is made to protect the child.
Our safeguarding principles
- Children are never account-holders. No child logins, emails or passwords. Children sign in only with a class code and by tapping their own name.
- We hold as little as possible. First names and their work — no surnames, birthdays, addresses or contact details.
- An adult always checks first. Every moment a child makes waits in the teacher's approval queue and is never shown to anyone until the teacher approves it.
- Access is need-to-know. A child's work is visible only to staff who teach that child and to a linked parent/carer (read-only). School admins do not see children's work unless they teach the class. Media (photos and drawings) is access-controlled, never at a public link.
- No tracking, no profiling, no advertising. Ever.
- Data stays in the UK/EU.
How this supports schools
Storyjar operates within a school's safeguarding regime under Keeping Children Safe in Education. The school remains responsible for safeguarding; Storyjar provides teacher moderation, private-by-default content, least-privilege staff roles, and clear data-handling so the school can meet its duties. It is not a communication tool — there is no child-to-child messaging and no unmoderated contact.
Photographs of children
Photos are captured by staff on school devices and only stored when a teacher chooses to keep a moment. Schools should ensure their existing photography/consentarrangements cover use in Storyjar. Approved images are shown only to the child's teacher(s) and linked family.
Raising a concern
If you have a child-safety concern, contact your school's Designated Safeguarding Lead (DSL) in the first instance. If you believe there is a problem with how Storyjar itself is handling content or data, contact us at [safeguarding@storyjar.co.uk]and we will work with the school. In an emergency where a child is at immediate risk, contact the police or your local authority's children's services.
Incidents
If we become aware of a personal-data breach or a safeguarding issue, we notify the affected school(s) without undue delay so they can meet their statutory duties (including the ICO's 72-hour reporting requirement where applicable). [Named contacts and the full incident procedure to be confirmed with the DPO/DSL.]