Security & GDPR

How we protect data and support UK GDPR compliance.

At Oakline, we take the security of your data and the privacy of your families extremely seriously. We have designed our platform from the ground up to be secure, resilient, and designed with UK GDPR requirements in mind.

Security Measures

All data transmitted between your browser and our servers is encrypted using TLS/SSL (HTTPS). Sensitive data is protected using industry-standard security controls, including encryption where appropriate.

We do not store credit card details. All payments are processed securely via Stripe, a Level 1 PCI Service Provider. Your funds are routed directly to your connected Stripe account.

We perform regular automated backups to support service continuity and recovery in the unlikely event of system failure.

GDPR & Privacy

Under GDPR, you (the Forest School/Organization) act as the Data Controller for the personal data of your customers (parents/children). Oakline acts as the Data Processor, processing this data on your behalf to provide the booking service.

A Data Processing Agreement (DPA) is available to customers and governs how we process data on your behalf, supporting GDPR Article 28 obligations.

You remain in control of your data. You can export your bookings, registers, and customer lists from your dashboard at any time. If you choose to leave Oakline, we will delete your tenant data upon request in accordance with our retention policies.

We engage trusted third-party sub-processors to deliver our service:
  • Stripe: Payment processing
  • Hosting Consumer: Cloud infrastructure
  • Email Service Provider: Transactional emails

Still have questions?

We are happy to answer any specific security or compliance questions you may have.

Email privacy@oakline.app