How It Works
The primary purpose of Safeguarding 24 is to provide a method for users
(predominantly students or staff) to report any online concerns to an authority
within their school, college or other organisation.
The browser extension allows quick access to the reporting form along
with the ability to take a screenshot of the current user's browser window
to send with their report. The extension is written to be efficient with
as little overhead as possible. This means it has a very small download
size, uses very little memory and should not use up unnecessary bandwidth.
It will not have any noticeable impact on browser speed as it only runs
when the extension is clicked on. It requires the minimum permissions
necessary to work. It uses a standard web port for communication so there
is no configuration necessary regarding firewalls or antivirus software.
All data is transmitted over a secure, 256 bit encrypted HTTPS connection
which passes SSL security tests with grade A status.
The embedded web form works in the same way as the browser extension with
the exception of the ability to take a screenshot of the browser window.
Emails are transmitted between the Safeguarding 24 server and the recipient
organisation using the encrypted TLS protocol (as long as the recipient's
email system supports it, such as GMail and Office 365). This ensures that
no third party can overhear or tamper with any messages as they travel from
the sending server to the recipient server. More details about TLS encryption
is available from Google here: https://transparencyreport.google.com/safer-email/overview
In order to prevent abuse, ensure access is only by authorised users, and
to detect which organisation the report should be sent to, the user must
authenticate themselves with a supported system, e.g. Google or Microsoft,
before being able to submit a report.
What data is, and is not, stored?
The Safeguarding 24 system DOES NOT store any personal information submitted
from users. As soon as a report comes in, the details are automatically
packaged up into an email and sent to the relevant address at the users
organisation - usually a safeguarding representative.
The user's email address is obtained when they authenticate in order to
know which domain/organisation they belong to and therefore who to send
the report to. Their email/ID, along with their choice from the customised
drop-down list (optional), their message, browser screenshot (optional),
current browser tab title (optional) and current browser tab URL (optional)
is sent to their organisation's representative via email. No log is kept
of those details by the Safeguarding 24 server. A general count of the number
of reports sent to an organisation is kept based on the choice from the
drop-down list, but these contain no personal or identifiable information
and is purely a total figure for sending a report to the organisation once
a month. Those total count figures are kept for a maximum of 2 years.
The only details stored by us are for the subscribing organisation (e.g.
their contact details, domain name, subscription expiry date) and the email
address to receive reports.
We do log access to our website (just like all web servers do) in order
to monitor usage, server load, help diagnose any issues and to monitor security.
We comply with all current legislation related to data protection and privacy,
including the GDPR and US privacy laws, and are committed to protecting
any personal data which might be collected. We do not sell, rent or give
away any contact information to any third parties. As with any email communication,
we cannot guarantee 100% delivery. Our email system will try 22 times to
deliver messages over 48 hours in the event of a problem before giving up.
This can happen for a number of reasons outside of our control, for example
the recipients email server could be particularly busy, they may have a
full mailbox, anti-spam filters may detect a false positive, or there may
be a fault in their internet connection.