Online Safety Framework (DfE-aligned)
How LearnarooHub identifies and manages online safety risks, aligned to Keeping Children Safe in Education 2025, the DfE digital and technology standards (including filtering and monitoring), and the DfE’s expectations for generative AI.
1. The four areas of online risk (the “4 Cs”)
- Content โ being exposed to harmful or inappropriate material, including misinformation, disinformation and conspiracy theories. We use curriculum-aligned content reviewed before publication, controls over user-visible and AI-assisted content, and prompt removal of anything reported as harmful.
- Contact โ harmful interactions with other people, including adults seeking to contact children. Role-based permissions bind who can interact with whom; there is no open contact between unconnected users; and there is a clear reporting route.
- Conduct โ a child’s own behaviour increasing risk. We provide an Acceptable Use Policy, age-appropriate prompts, data-minimised design that discourages oversharing, and moderation of reported conduct.
- Commerce / contract โ commercial pressures, scams or inappropriate marketing. There is no advertising to children and no use of children’s data for marketing; payment is handled by a secure regulated processor away from children’s journeys.
2. Filtering and monitoring
- Children’s journeys are confined to curriculum learning content; the platform does not provide open web browsing.
- Content is reviewed before publication and can be withdrawn quickly if a concern is raised.
- [Describe any keyword/AI-output filtering applied to user-visible or generated content, and who reviews flags.]
- Concerns identified through use are escalated to the DSL and, for school users, to the school’s DSL.
3. Safe use of artificial intelligence
Where the platform uses AI features (for example to help generate practice questions), we apply the DfE’s Generative AI: product safety expectations. Children’s personal data is not exposed to third-party AI models in a way that would put it at risk; AI-assisted outputs shown to children are subject to safety controls; and we are transparent about where AI is used. [Confirm the specific AI services used and the data-handling design, and record this in the DPIA.]
4. Security underpinning online safety
Online safety depends on sound security. LearnarooHub maintains encryption in transit and at rest, role-based access control, hardened configuration and secure HTTP headers, a tamper-evident audit log, and multi-factor authentication for administrators. These measures support our alignment with the DfE cyber-security standard and the Cyber Essentials controls.
5. Responding to online safety incidents
Any online safety incident is reported through our safeguarding route, triaged by the DSL, and โ where a child may be at risk โ escalated to the relevant school, statutory agencies or the police. Personal-data breaches are handled under our breach-response procedure, including notification to the ICO within 72 hours where required.
6. Roles, training and review
Senior leadership and the DSL understand how our safety and monitoring measures work and how to escalate concerns. Staff receive online-safety awareness appropriate to their role. This framework is reviewed at least annually and whenever KCSIE or DfE guidance changes.