top of page

Data Security Policy

Last Updated: 31st October 2023

1. Policy Statement

Bucephalus Ltd. is committed to ensuring the security, integrity, and confidentiality of all data handled by Interactive Tutor, our AI-enhanced educational platform. We adhere to the highest standards of data protection, following the principles laid out in the UK’s Data Protection Act 2018 and the EU’s General Data Protection Regulation (GDPR).

2. Scope

This policy applies to all data, including personal and sensitive information, processed, stored, or transmitted by Interactive Tutor.

3. Data Protection and Security

3.1 Encryption and Data Storage: We employ end-to-end encryption for all data transmissions and use secure cloud storage solutions provided by AWS RDS databases to protect the data under our care.

3.2 Server Location: Our servers are located within the United Kingdom, ensuring data is protected under stringent UK data protection laws and the GDPR.

3.3 Access Controls and Audits: Strict access controls are in place to ensure only authorised personnel have access to user data. Regular security audits are conducted to enhance our protective measures continually.

3.4 Data Usage: As per OpenAI's confirmation on March 1st, 2023, data from API calls, including those from Interactive Tutor, are not used for training their machine learning models.

4. Organisational Measures

4.1 ICO Membership: Bucephalus Ltd. is a registered member of the Information Commissioner’s Office (ICO), affirming our commitment to data protection and compliance with UK data protection laws.

4.2 Training and Awareness: All employees and contractors are provided with data protection training, ensuring awareness and adherence to this policy.

5. User Data Rights

We recognise and uphold users' rights over their personal data, ensuring they can exercise their rights to access, correct, and erase their data as provided by applicable data protection laws.

6. Data Breach Response

In the unlikely event of a data breach, we will promptly take remedial actions and notify affected parties and the ICO, in accordance with legal requirements.

7. Policy Review and Updates

This policy will be reviewed regularly and updated as necessary to reflect changes in our practices or the legal landscape.

8. Contact Information

For any inquiries or concerns regarding data security, please contact us at

bottom of page