Safeguarding & AI Policy

1. Purpose

This Safeguarding & AI Policy outlines how Curious Minds Lab (CML) approaches child safety, educational moderation, AI governance, and responsible platform usage within its educational technology services.

2. Commitment to Safeguarding

CML is committed to building educational technology that prioritises student safety, responsible content generation, moderation oversight, and governance controls. Safeguarding considerations are embedded into product design, moderation workflows, and platform governance processes.

3. Platform Scope

At the current pilot stage, the platform is designed for authorised teachers, administrators, school staff, educational organisations, approved partners, and controlled teacher-managed student access for assigned missions.

Broader student-account launch remains subject to Vercel DPA completion and Student / Parent Privacy Notice review/distribution. DPIA v0.6 records DPO sign-off, ICO registration confirmation, formal retention periods, and operational testing of the Data Subject Rights Workflow as complete.

4. AI Usage

CML uses artificial intelligence technologies, including OpenAI services, to generate curriculum-aligned educational content and support lesson creation workflows.

• Interactive educational stories with branching narrative choices.
• Educational prompts and learning activities.
• AI-generated educational illustrations.
• Curriculum-aligned narrative content.
• Quiz and checkpoint content.

5. Human Oversight

All AI-generated educational content is subject to human review and moderation workflows before publication or classroom use. Teachers and administrators retain responsibility for reviewing educational suitability and safeguarding considerations.

Teacher moderation decisions, including approvals, rejections, edits, and safeguarding overrides, are logged as structured educational events to support accountability and platform improvement.

6. Moderation & Safeguarding Controls

• Human moderation approval workflows; no content reaches pupils without teacher sign-off.
• Audit logging and review history.
• Moderation flags and escalation processes.
• Content review tracking.
• Governance review procedures.
• Restricted access controls.
• Teacher safeguarding override logging with reason capture.
• Role-based access with AAL2 MFA enforcement for admin roles.

7. Student Safety Controls

• No student-to-student communication functionality.
• No unrestricted chat systems.
• No unrestricted student free-text submissions.
• No student image uploads.
• Controlled educational workflows with structured branch choices only.
• Teacher and admin oversight of all educational content.
• Assignment-aware access control; students access only assigned missions.
• Pseudonymous student records; minimal personal data collected.

8. Educational Event Telemetry and Safeguarding

CML captures structured educational event telemetry to support safeguarding accountability and platform improvement. Events captured include learner interaction signals such as branch choices, quiz responses, and mission progress, as well as teacher moderation signals such as approvals, rejections, edits, and safeguarding overrides.

• Telemetry is stored in an append-only, RLS-secured table.
• Telemetry is linked to organisation, learner, and mission context.
• Telemetry is accessible only to authorised teachers, org_admin, and cml_admin roles.
• Telemetry is never accessible by students.
• Telemetry is retained for governance, safeguarding, and educational improvement purposes.

9. Appropriate Use

• Do not generate harmful or unlawful content.
• Do not upload inappropriate educational material.
• Do not submit unnecessary sensitive personal data into AI prompts.
• Do not create discriminatory, abusive, or unsafe educational experiences.
• Do not attempt to bypass moderation or governance workflows.

10. Educational Responsibility

CML is designed to support educational environments but does not replace professional educational judgement, safeguarding responsibilities, or school governance obligations. Schools and authorised staff remain responsible for reviewing suitability for classroom use.

11. Data & Moderation Logging

CML retains moderation records, safeguarding review notes, approval history, AI-generated outputs, prompts, and audit logs for governance, safeguarding, security, and operational purposes. This includes structured educational event telemetry capturing learner and teacher interactions.

12. Access Control and Authentication

Administrative access to safeguarding data, moderation queues, and governance records requires Authenticator Assurance Level 2 (AAL2), a verified TOTP second factor in addition to password authentication. This is enforced at the database layer via Row Level Security policies.

Teacher and student classroom access does not require MFA. The additional authentication requirement applies only to cml_admin and org_admin roles accessing sensitive governance data.

13. Incident Management

Safeguarding or AI-related concerns may be reviewed, escalated, investigated, restricted, or removed where necessary. Future platform phases may introduce additional escalation procedures and formal IT service management processes.

14. Governance & Compliance

• UK GDPR principles.
• ICO Children's Code.
• Educational safeguarding expectations.
• AI governance best practices.
• Cyber security standards.
• School procurement expectations.

15. Future Platform Development

• Broader rollout of PIN-based teacher-managed student accounts after DPIA approval and completion of open data-protection actions.
• Parent reporting systems.
• Speech-to-text accessibility features.
• Enhanced moderation systems.
• School analytics and governance tools.
• MCP server integration for Claude ecosystem.
• Adaptive learning intelligence based on educational telemetry.