What is Tapestry’s approach to data security?

by Ben on April 25

Ben Case, from our product support and education teams, takes a closer look at data security on Tapestry, and answers some FAQs.

What is Tapestry Learning Journal?

Since Tapestry began in 2012, the market for online journals has grown considerably. Starting out as a way to build links between settings and families, Tapestry now offers in-depth monitoring of children’s development, ways to share messages with relatives through observationsmemos, or the comments tool included in the Care Diary, set activities for the children to complete by logging in themselves, and even create bookingsinvoices and take registers for your children. All with partnership with parents remaining at its heart. And every feature in Tapestry is included in the price of your package – no extra charge. With all of this, you can be assured that Tapestry takes data security very seriously.

When you sign up for a Tapestry account, you have the tools to ensure that your data is secure. Some software companies claim that they do all the worrying for you – ‘we take care of your data so you don’t have to’. This would be a risky decision though – you have a responsibility to ensure that you are GDPR compliant. This does not mean you need to have a full understanding of what encryption is for and how it works, for example, but it does mean that you should follow some basic safety standards, such as not sharing passwords, and considering what data you are collecting and why. You want your parents and carers to trust you to do this.

Data processing and how you store your data was a real focus a few years ago when the new GDPR rules came into force. Whether people are more confident about data now, or whether there is some complacency creeping in, this focus on data protection seems to be discussed less than before.

Graphic showing 3 stylised images of 3 people using technology and data.

FAQs about data security on Tapestry

Where does Tapestry keep my data?

Tapestry Learning Journal stores your data within the EU. Under the current laws, it is your legal responsibility to make sure your data subjects’ rights are protected. If your data is not being stored in the UK/EU, you would need to be making sure that the country it is going to is covered by the UK’s adequacy regulations. This may mean checking that the contract you have with a company includes standard contractual clauses (SCCs).

What checks are made on Tapestry employees who have access to my data?

Every member of the team here at Tapestry has a full DBS check completed, which is renewed annually. This is part of our contract with our customers.

Who controls my data on Tapestry?

In an ideal situation, you want to be the sole data controller, with the software supplier being the data processor. With Tapestry, each customer is the only controller of their data. This is why when a non-manager or relative contacts customer services, we are unable to help them further without permission from a manager.

Why is it important that I am the sole data controller?

Knowing who can access your personal data, and when, is important so that you know that no-one is going to be using the data that you’ve added to their financial advantage. For example, if you were to add relatives to your account so that they can access things you want to share with them, it’s a fair expectation that these relatives won’t then have their information sold on to another company that can target them with adverts about things for children. If you’re not the only one in control of your data, you have no guarantee that this won’t be happening at some point in the future. When you add someone to your account, you want to be confident that no one else will contact them on your behalf offering something that you may not be aware of, and may not want to be associated with. This is why Tapestry Learning Journal ensures that the customer is the sole controller of their data.

How long does Tapestry keep my data?

With Tapestry accounts, once a manager deletes some data, or an account expires, that data remains on the servers for 90 days. This allows managers a period of time in which they can request access to this data easily should they realise that they need it again. After the 90 days, the data is then kept for a further 90 days on our backup servers, after which it is deleted forever.

At Tapestry, we are confident that each setting is fully in control of all their data and that we will never access this data unless we have permission from the data controller, and even then, only if it is completely necessary. When adding a child to Tapestry, the only information required is their name, and date of birth. Everything else is optional. When adding staff for full accounts (not PIN only), and relatives, all that is required is a name and email address. As the data controller, you can decide what data you want to collect and add to your Tapestry account, and how you want to use it.

Can I see a copy of the contract between Tapestry and the customer?

The contract between Tapestry (the data processors) and the data controller for each setting can be viewed on our Security page. When you’re completing your own data impact assessment, you need to be as sure as you can be that you know and understand what any company you are sharing the data with does with that information, and that they take their responsibility for data security seriously.

Do you have some more questions?

As always, our customer service team are more than happy to answer any further questions that you may have.

Ben

Education Advisor and Setting Liaison Specialist

Ben is a key figure within the Tapestry Education team, leveraging over a decade of experience as a primary and Early Years teacher. As a former, dedicated Tapestry user, he brings a valuable first-hand perspective on the platform's potential for driving child-centred teaching and reducing educator workload. In his current role, Ben leads engagement with settings around the world, advising them on effective Tapestry implementation strategies and showcasing innovative features. He is committed to providing ongoing support and regularly contributes to the range of free webinars and training offered to support practitioners. Outside of work, Ben enjoys following Formula 1 and listening to music.

Related Articles

7 things you didn’t know about Tapestry

4 min read Since Tapestry’s humble beginnings way back in 2012 it has grown exponentially… and continues to do so. This means there is a high chance that Tapestry does a few things you’re not aware of. Here is a collection of 7 functions of Tapestry that you should definitely...

How you can use Tapestry journals to support your provision

5 min read: Observations – why and how One question I see asked on a regular basis when looking at early years conversations on social media is “How many observations do you write for a child per week?”. Each time the responses are wide ranging, showing that people have taken...