Enterprise-grade security designed for higher education. Your data stays protected, compliant, and under your control.
Servers located within the European Union
All data encrypted in transit and at rest
Independently audited security controls
UK and EU data protection requirements
BAA available for healthcare training
Your data is never used to train models
All conversation data is processed and stored on servers located within the European Union. We use enterprise-grade infrastructure with EU data residency to ensure your data never leaves the region. This supports compliance with UK and EU data protection requirements.
Yes. Our platform and practices are designed to align with GDPR requirements, including lawful data processing, adherence to data subject rights, and appropriate security measures. We have a Data Processing Agreement available for institutional customers.
Our infrastructure providers (Google Cloud, Vercel) are SOC 2 Type 2 certified and ISO 27001 compliant.
Yes. All data transmitted to and from the platform uses end-to-end encryption. This protects conversation audio and transcripts both in transit and at rest.
Only authorised users within your institution can access recordings. Lecturers can review conversations for students enrolled in their classes. Students can access their own recordings for self-reflection. We do not access conversation content except where required for technical support or legal compliance.
By default, conversation recordings and transcripts are retained for the duration of your subscription plus a reasonable period for assessment purposes. You can request earlier deletion at any time. We also offer zero-retention configurations for institutions with stricter requirements.
Yes. As a data controller, you can request deletion of any student data at any time. We honour data subject access requests and deletion requests in accordance with GDPR. Contact us at info@hied.ai to initiate a deletion request.
Yes. The platform is designed to handle professionally sensitive training scenarios—such as safeguarding conversations, mental health discussions, or confidential client interactions. Our security measures ensure this content is protected. However, we recommend not using real personal data in practice scenarios; fictional case studies work best.
No. Conversation content submitted through the platform is not used to train our AI models. Your data remains yours and is used solely to deliver the service to you.
We maintain incident response procedures aligned with GDPR requirements. In the unlikely event of a personal data breach, we would notify affected institutions within 72 hours and work with you to fulfil any regulatory reporting obligations.
Yes. We provide a standard DPA for institutional customers that covers GDPR requirements, data processing purposes, security measures, and sub-processor details. Contact us at info@hied.ai to request one.
Our infrastructure supports healthcare compliance requirements. We can provide Business Associate Agreements (BAAs) and configure enhanced privacy settings for healthcare training contexts. Contact us to discuss your specific requirements.
Data Controller: HigherEd-AI Ltd
Location: Belfast, Northern Ireland, United Kingdom
Contact: tony@hied.ai
Founder & Director: Tony McGinn
For data protection enquiries, data subject access requests, or to exercise your rights under GDPR, please contact us at the email address above.
Our team is happy to discuss your institution's specific security and compliance requirements.