Safety & Security Statement
This Safety & Security Statement was last updated on 24 June 2026 and applies to oracy21.com and the EVA teaching resources.
1. Introduction
Grey Gecko Educational Technology Ltd (EVA) builds oracy teaching resources for UK schools. Keeping children safe, keeping data secure, and using AI responsibly are central to how we work. This statement sets out our approach at a high level. For details of how we handle personal data, see our Privacy Notice.
2. Child safety
- Teacher-mediated by design. EVA resources are lessons delivered by a teacher in the classroom. They are not an open, pupil-facing chatbot, and pupils do not interact with an unsupervised AI.
- No pupil accounts or pupil data. Using EVA does not require pupils to create accounts or provide personal information, and we do not collect pupil data (see Privacy Notice).
- Age-appropriate, curriculum-aligned content. Lessons are written for specific key stages, aligned to the National Curriculum, and reviewed for age-appropriateness.
3. Content safety and quality
Every lesson passes through our internal quality-assurance process before release. This includes checks for pedagogical soundness, curriculum coverage, and bias/representation, so that content is accurate, balanced and suitable for the intended age group. Lessons that do not pass are revised and re-checked.
4. Responsible use of AI
- AI is used at the authoring stage, not as a live pupil tutor. We use AI to help generate lesson materials, which are then constrained by fixed templates and gated by our quality checks before any human sees them in a classroom.
- Human oversight. AI-assisted content is reviewed against our pedagogical and quality criteria; teachers remain in full control of how lessons are used.
- Aligned to national standards. Our approach is designed to align with the Department for Education’s Generative AI product safety expectations for education.
5. Data security
- Connections to oracy21.com are encrypted using HTTPS.
- We limit access to personal data (such as enquiry and pilot correspondence) to those who need it, and use reputable, security-maintained service providers for hosting and email.
- We hold no pupil data and minimise the personal data we collect to what is necessary (see Privacy Notice).
6. Cyber security
We take proactive steps to manage and minimise cyber-security risks, including keeping our website platform and components up to date, using strong access controls and authentication on our accounts, and relying on established providers that maintain their own security standards. We review our practices as EVA grows.
7. Reporting a concern
If you have a safety, content or security concern about EVA, please contact us at faye@greygecko.ai and we will respond promptly.
