Demo: Internal use only
TST Demo
Governance, Safeguarding & Data Protection
ApplyPal × The Sutton Trust

Governance, Safeguarding & Data Protection

Designed to support Sutton Trust's safeguarding, GDPR and data governance requirements across students, ambassadors, partner universities and programme staff.

Policy-led implementation

ApplyPal is designed to support organisation-specific safeguarding, GDPR and data governance requirements. During implementation, retention periods, access permissions, consent wording, escalation routes and reporting processes would be configured in line with Sutton Trust policies and procedures.

Data Governance Model

Organisation (e.g. Sutton Trust)
Data Controller
  • Determines why data is collected
  • Defines programme objectives
  • Defines safeguarding requirements
  • Defines retention requirements
  • Defines reporting requirements
  • Defines partner university access rules
  • Defines student onboarding requirements
ApplyPal (The Apply Group Ltd)
Data Processor
  • Processes data on behalf of the organisation
  • Provides platform infrastructure
  • Provides analytics and reporting tools
  • Provides role-based access controls
  • Implements agreed safeguarding workflows
  • Implements agreed governance controls
  • Supports data export and administrative requests

Controller and processor responsibilities may vary depending on the agreed implementation and contractual arrangements. Final responsibilities would be confirmed during onboarding and implementation.

Organisation Information

The Apply Group Ltd
Trading Platforms: ApplyPal, ReferPool
ICO Registration: ZB327179

The Apply Group Ltd is registered with the UK Information Commissioner's Office (ICO). No claims are made regarding certification, accreditation or regulatory approval beyond ICO registration.

Safeguarding

Conversation monitoring
All conversations recorded and visible to authorised safeguarding users.
Reported messages
Flag and escalate concerning messages for review.
Escalation workflows
Configurable escalation routes aligned with Sutton Trust procedures.
Flagged keywords
Automated keyword detection with configurable severity levels.
Ambassador suspension
Immediate suspension capability with full audit trail.
Audit trail
Every action logged with timestamp, user and context.
Exportable records
Conversation exports available for safeguarding review.
TST oversight
Network-level visibility across all partner universities.

All student-ambassador conversations can be recorded and made visible to authorised safeguarding users according to Sutton Trust's agreed access model.

Data Protection & GDPR

Data access requests
Subject access request workflows.
Data correction
Right to rectification processes.
Deletion / anonymisation
Right to erasure with safeguards.
Data export
Portable data exports in standard formats.
Consent history
Full consent record with versioning.
Communication preferences
Opt-in / opt-out management.
Retention policy
Configurable retention aligned with policy.
Role-based visibility
Data access scoped by role and purpose.

Data rights workflows would be configured in accordance with Sutton Trust's GDPR processes. Where safeguarding or legal retention requirements apply, deletion and anonymisation would follow agreed organisational policy.

Privacy & Data Management

Data Ownership
Customer organisations retain ownership and control of their programme data.
Data Processing
ApplyPal processes data in accordance with agreed customer requirements and governance controls.
Data Residency
Hosting and data residency requirements can be configured according to customer requirements during implementation.
Data Processing Agreement
Data Processing Agreements (DPAs) can be provided as part of implementation and contractual onboarding.

Access Controls

TST Org Admin
  • View network-wide data
  • Manage partner universities
  • View safeguarding escalations
  • Access aggregate research insights
  • Configure governance settings
TST Programme Manager
  • Manage cohorts
  • View programme data
  • View relevant safeguarding items
  • Export programme-level reports
University Sub-Admin
  • Manage their own ambassadors
  • View their own student engagement
  • Review local content
  • View university-level analytics only
Ambassador
  • Manage profile
  • Respond to students
  • Submit content
  • View own activity
Student
  • Browse ambassadors
  • Send messages
  • View FAQs / content
  • Access privacy information

Permissions are scoped so partner universities can access their own data while Sutton Trust maintains appropriate network-level oversight.

Research & Insights Governance

Aggregated reporting
Network-level insights without individual exposure.
Anonymised insights
Default anonymisation for all research outputs.
Student voice repository
Controlled access to student feedback and quotes.
Sensitive data handling
Special handling for sensitive categories.
Research export controls
Permission-controlled research exports.
Quote anonymisation
Automatic or manual quote redaction tools.

Research & Insights functionality is intended to operate on aggregated and anonymised information wherever possible. Reports should be designed to support programme evaluation and social mobility analysis without exposing unnecessary personally identifiable information.

Aggregated Reporting Anonymised Insights Role-Based Access Controls Audit Logging Export Controls Governance Oversight

Closed Group Access

Invite-only access
Students cannot self-register without approved credentials.
School / cohort upload
Bulk import of approved students by school or cohort.
Programme-based access
Access scoped to specific Sutton Trust programmes.
Partner university scoping
Universities only see their own students and ambassadors.
Student credential upload
Pre-approved student lists with verified credentials.
Access expiry controls
Automatic access expiry after programme completion.

Sutton Trust can control who enters the platform by importing approved students, cohorts, schools and programme participants.

Implementation Checklist

To be agreed with Sutton Trust during implementation

Safeguarding escalation process
Staff permission model
Partner university access rules
Student onboarding wording
Consent wording
Data retention periods
Data export process
Deletion / anonymisation process
Research reporting rules
Salesforce data sync permissions
Hosting / data residency requirements
Incident response process

Demo Governance Status

AreaDemo StatusProduction Approach
Safeguarding dashboardDemonstratedConfigured to TST workflow
Conversation recordsDemonstratedRetained per TST policy
Role permissionsDemonstratedFinalised during implementation
GDPR requestsPlaceholderLinked to agreed TST process
Research anonymisationDemonstratedDefault for reporting
Data exportsPlaceholderPermission-controlled
Salesforce syncDemo / mockConfigured with approved credentials

Conversation Safety & Moderation

Profanity detection
Inappropriate language alerts
Slur / abuse detection
Bullying and harassment indicators
Safeguarding keyword detection
Student report button
Ambassador report button
Admin moderation queue
Escalation workflow
User suspension
Ambassador suspension
Audit trail
Exportable conversation records

ApplyPal is designed to support a layered moderation approach, including profanity detection, user reporting, safeguarding escalation and admin review workflows. Moderation rules, alert thresholds and escalation processes would be configured in line with Sutton Trust's safeguarding policies.

Moderation features shown in demo mode. Production rules and escalation workflows would be configured according to Sutton Trust safeguarding requirements.

Accessibility & Inclusion

Larger text controls
Contrast controls
Dyslexia-friendly reading options
Motion reduction
Cursor enhancement
Link highlighting
Image suppression
Inclusive design principles
Configuration aligned to Sutton Trust requirements

Accessibility settings can be tailored during implementation to align with Sutton Trust's accessibility and inclusion requirements.

Policy Alignment

ApplyPal is designed to be configured around the organisation's safeguarding, GDPR, data governance and operational requirements. Final retention policies, access controls, escalation workflows, consent processes and reporting rules would be agreed and implemented in accordance with Sutton Trust policies and procedures.