Security & trust

Trusted AI infrastructure, built on transparency.

Governance wasn't added later. It was the reason askKira exists. askKira was created because the organisations that needed AI most — schools, charities, public sector bodies — had no safe way to deploy it. Every design decision, every infrastructure choice, every policy we publish reflects that founding purpose: AI that organisations can actually trust.

Compliant

UK GDPR · Article 28 DPA

Full contractual data protection. Signed copies provided within 5 working days on request.

Verified

UK data residency

All processing within the United Kingdom. AWS London (eu-west-2). Your data never leaves UK jurisdiction.

Certified

Cyber Essentials & ISO 27001

Cyber Essentials certified. Built to ISO 27001 information security principles.

Registered

ICO Registered

Public Sector Analytics Limited (Co. No 14889377). ICO Registration ZB622646.

Zero model training on customer data

Nothing you upload is used to train any AI model that benefits another customer. Your corpus is a private workspace, not training fuel.

"No user-submitted data is used to train any language models, nor is it shared externally or made viewable by any third party."

UK data residency

Primary hosting is AWS London (eu-west-2). Your project content, uploaded documents and account data are processed and stored exclusively within UK jurisdiction.

Encrypted in transit and at rest

TLS for every connection. At-rest encryption for project data and uploaded documents. Role-based access controls and MFA on every infrastructure surface.

Article 28 Data Processing Agreement

Full UK GDPR Article 28 DPA in place. askKira operates as data processor on the instructions of your organisation (the data controller). Signed copy of the master DPA available on request.

72-hour breach notification

If a data-protection incident is detected, affected data controllers are notified within 72 hours of discovery with the minimum context required to exercise their obligations.

You own the output

The synthesised system prompt, values list, and full source corpus belong to you. The hand-off bundle is portable to any LLM. No proprietary format. No lock-in.

"The original author or organisation retains full rights over any content submitted."

Sub-processors

A complete list of the third parties involved in delivering askKira services. Each sub-processor is contractually bound to UK GDPR equivalent terms.

Amazon Web ServicesPrimary hosting · London (eu-west-2)

Microsoft AzureSecondary infrastructure

OpenAIAPI only — no model training on customer data

AnthropicAPI only — no model training on customer data

Google (Gemini)API only — no model training on customer data

CloudflareEdge security and DDoS mitigation

StripePayments · PCI-DSS compliant

WondeEducation MIS integration (askKira platform)

Insurance cover

Public Liability£2,000,000

Professional Indemnity£2,000,000

Employers' Liability£10,000,000

Certificates available on request for procurement and compliance teams.

Service-level commitment

99.5% uptime each calendar month, excluding scheduled maintenance, third-party internet disruption, and force majeure. Remedy is service credits, escalating to termination without penalty after three consecutive months of failure.

Registered entity

Legal namePublic Sector Analytics Limited

Trading asaskKira

Company number14889377

ICO registrationZB622646

JurisdictionEngland and Wales

Data Protection Officerdpo@askkira.com

Security disclosuressecurity@askkira.com

More detail on request

For procurement teams and DPOs we can provide: a signed copy of the master DPA, a completed security questionnaire, a copy of the platform-level DPIA, our System Transparency Pack (system card), and the AI Nutrition Labels — covering model providers, training data, retention, escalation, hallucination risk and guardrail summaries. Email compliance@askkira.com.