Youth Worker Hub is built on a Zero-PII architecture — no personal data about young people is ever stored. Here is exactly how we protect the young people in your care.
Our approach to safeguarding goes beyond compliance. Personal data about young people is not anonymised after the fact — it is never collected in the first place.
When a young person is added to the platform, the system auto-generates a unique "Colour Animal" pseudonym (e.g., "Blue Falcon", "Crimson Otter"). This alias is the only identifier stored — never a real name.
The platform stores only broad demographic age bands (e.g., "13–15") rather than dates of birth. This makes re-identification impossible even in the event of a data breach.
Youth profiles display auto-assigned avatar icons generated from their pseudonym. No photos, no selfies, no biometric data of any kind.
Every database table enforces Postgres Row-Level Security (RLS). A worker from Organisation A can never query, view, or discover data belonging to Organisation B — enforced at the database layer, not the application layer.
We take UK GDPR seriously. Here is how the platform is designed to keep your organisation compliant.
UK-hosted infrastructure — your data never leaves England & Wales
Configurable retention periods (default 84 months, adjustable per organisation)
Named Data Protection Officer field per organisation
RLS-enforced data boundaries — no cross-organisation data leakage
Comprehensive audit trail via system_audit_log
GDPR-compliant data deletion via archive_expired_youth_data() scheduled job
Built on enterprise-grade cloud infrastructure with multiple layers of protection.
All traffic is encrypted in transit via TLS 1.3. No HTTP connections accepted.
All data is encrypted at rest using AES-256 encryption managed by Supabase infrastructure.
PostgreSQL RLS enforced across every table. No application-level bypass possible.
Hosted on hardened Supabase cloud infrastructure with automated backups, WAL archiving, and point-in-time recovery.
JWT sessions expire automatically. Refresh token rotation is enforced on every request.
Every sensitive action is written to the system_audit_log table for investigation and compliance.
Your organisation controls how long data is retained. When the retention period expires, youth profile data is automatically archived and anonymised beyond recovery.
Get started free and see how Zero-PII safeguarding works in practice.
Safeguarding or data protection enquiries? safeguarding@youthworkerhub.com