Privacy Policy
Last updated: 28 February 2026
1. Who we are
KeepSafe is operated by Love the Idea Digital Observatory ("we", "us", "our"). We are the data controller for information collected through the KeepSafe website (keepsafe.report) and the KeepSafe mobile application (together, the "Service").
If you have questions about this policy or your data, contact us at:
- Email: privacy@keepsafe.report
- Website: keepsafe.report/contact
2. What this policy covers
This policy explains how we collect, use, store, and protect personal data when you:
- Visit the KeepSafe website
- Download and use the KeepSafe mobile app
- Submit a safeguarding report (anonymously or with contact details)
- Register an organisation on the platform
- Contact us for support
3. Data we collect
3.1 Anonymous reporters
When you submit an anonymous report, we collect only the information you choose to provide in the report itself. We do not collect:
- Your name or email address
- IP addresses
- Device fingerprints or unique identifiers
- Location data
Anonymous reports are encrypted end-to-end and cannot be traced back to you.
3.2 Identified reporters
If you choose to sign in when submitting a report, we may collect:
- Your name and email address
- The content of your report
- Any follow-up messages you exchange with the safeguarding team
3.3 Organisation administrators
When an organisation registers with KeepSafe, we collect:
- Organisation name and Companies House registration number
- Contact name and email of the designated safeguarding lead
- Organisation logo and branding preferences
- Billing information (processed securely by our payment provider)
3.4 Website visitors
When you visit our website, we may collect:
- Pages visited and time spent on site
- Browser type and operating system
- Referring website
We use this data in aggregate to improve our website. See our Cookie Policy for more detail.
4. How we use your data
We use personal data for the following purposes:
| Purpose | Legal basis (UK GDPR) |
|---|---|
| Delivering safeguarding reports to organisations | Legitimate interest / Substantial public interest |
| Providing follow-up communication between reporters and safeguarding teams | Consent / Legitimate interest |
| Managing organisation accounts and billing | Contract performance |
| Responding to support enquiries | Legitimate interest |
| Improving the Service | Legitimate interest |
| Complying with legal obligations | Legal obligation |
5. Safeguarding report data
Safeguarding reports may contain sensitive personal data (known as "special category data" under UK GDPR), including information about a person's health, wellbeing, or experiences of abuse. We process this data under Article 9(2)(g) — substantial public interest — and in accordance with the Data Protection Act 2018, Schedule 1, Part 2 (safeguarding of children and individuals at risk).
5.1 Encryption
All safeguarding reports are encrypted end-to-end. Only the designated safeguarding team within the recipient organisation can decrypt and read report contents. KeepSafe staff cannot access the content of reports.
5.2 The 90-day holding policy
If a report is submitted to an organisation that has not yet verified their KeepSafe account:
- The report is held encrypted for up to 90 days
- The organisation is notified that a report is waiting
- No one can read the report until the organisation verifies
- If verification does not occur within 90 days, the report is securely and permanently deleted
5.3 Audit trail
We maintain a tamper-proof audit trail that logs when reports are submitted, viewed, assigned, and actioned. This trail does not contain report contents — only metadata about actions taken. It is retained for compliance and regulatory purposes.
6. Data sharing
We do not sell, rent, or trade your personal data. We share data only in the following circumstances:
- With the recipient organisation: Safeguarding reports are delivered to the designated safeguarding lead within the organisation you selected.
- Service providers: We use trusted third-party providers for hosting, email delivery, and payment processing. These providers are bound by data processing agreements and process data only on our instructions.
- Legal requirements: We may disclose data if required by law, court order, or regulatory authority. In cases involving imminent risk of serious harm, we may share data with law enforcement or child protection services.
7. Data storage and security
- Location: All data is stored on servers located in the United Kingdom.
- Encryption: Data is encrypted at rest and in transit using industry-standard protocols.
- Access controls: Access to systems is restricted to authorised personnel only, using multi-factor authentication and role-based permissions.
- Regular audits: We conduct regular security reviews and vulnerability assessments.
8. Data retention
| Data type | Retention period |
|---|---|
| Anonymous reports (verified org) | Retained by the organisation per their own policy |
| Anonymous reports (unverified org) | 90 days, then securely deleted |
| Identified reporter data | Retained by the organisation per their own policy |
| Organisation account data | Duration of contract + 12 months |
| Audit trail logs | 7 years (regulatory compliance) |
| Website analytics | 26 months |
| Support enquiries | 24 months after resolution |
9. Your rights
Under UK GDPR, you have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Ask us to correct inaccurate data.
- Erasure: Ask us to delete your data (subject to legal obligations).
- Restriction: Ask us to limit how we process your data.
- Portability: Request your data in a machine-readable format.
- Objection: Object to processing based on legitimate interest.
- Withdraw consent: Where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, contact us at privacy@keepsafe.report. We will respond within 30 days.
Note: Anonymous reports cannot be linked to an individual. If you submitted a report anonymously, we have no way to identify or retrieve your data, and these rights cannot be exercised in relation to that report.
10. Children's privacy
KeepSafe is designed to be used by people of all ages, including children. We take extra care to ensure that children's data is protected:
- The app does not require registration or an account to submit a report
- Anonymous reporting ensures children can raise concerns without fear of identification
- We do not knowingly collect personal data from children except where they voluntarily provide it in an identified report
- We comply with all requirements under the Children's Code (Age Appropriate Design Code) issued by the ICO
11. Cookies
Our website uses a limited number of cookies to ensure functionality and understand usage patterns. For full details, please see our Cookie Policy.
12. Changes to this policy
We may update this privacy policy from time to time. When we make significant changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you via the app or email.
13. Complaints
If you are unhappy with how we have handled your data, you have the right to complain to the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Telephone: 0303 123 1113
We would appreciate the chance to address your concerns first — please contact us at privacy@keepsafe.report before escalating to the ICO.