For Data Protection Officers
Data residency. By default.
The DPIA that doesn't need a transfer-impact assessment.
KeystoneOps runs on infrastructure you control — or, if you'd rather, on UK single-tenant servers we run for you. Either way: no vendor cloud, no shared multi-tenant, no third-country transfer, no AWS-Ireland question. Every byte of pupil and staff data stays in the UK, on a server dedicated to your trust. The audit log records every change, encrypted-at-rest covers the sensitive fields, and the export of every entity is one click away.
What you're dealing with
The jobs nobody bought a platform to solve.
DPIA on every SaaS renewal
Each vendor brings its own data-flow map, its own sub-processor list, its own transfer mechanism. Renewals turn into archaeology.
KCSIE part 5 evidence in five places
Safeguarding training records here, DBS in HR, prohibition checks in a spreadsheet, references in the CV folder. You can't answer "show me everything for this person" in under an hour.
No audit trail when you need one
When a parent or an inspector asks "who edited this and when?", the answer is "let me check the email backup". This is a known governance gap.
Pupil data on someone else's servers
Most school SaaS stores child personal data in AWS, GCP, or Azure — typically in the EU, sometimes not. Every transfer is a question.
What KeystoneOps does about it
The products that matter for your role.
Governance & risk
KCSIE / GDPR / Cyber Essentials / ISO 27001 controls with evidence per control, owner, last-reviewed.
See the product →
Single Central Record
Statutory checks per staff member with full audit trail of every modification — who, when, what.
See the product →
Helpdesk + ITSM
Audit log on every ticket field change. Pupil-data tickets routed to safeguarding pipeline.
See the product →
What this looks like in practice
Outcomes you can quote in your next board pack.
Zero
Third-country data transfers. Whether self-hosted on your servers or managed by us in UK single-tenant, the data never leaves the UK.
Every change
Audited. owen-it/laravel-auditing on every record. Read-only via UI + API. Retention configurable.
PII redaction
Optional PII filter on AI features (KB suggestions, auto-summary). Triggered by data class, not by hand.
Drop us an email.
We'll spin up a private instance, seed it with your trust's structure, and send you a link to explore at your own pace. All correspondence is by email — it suits the procurement pace and lets you forward threads to colleagues without rewriting them.