Home / Data Security
Technical Whitepaper

How Our Interactive Tools Work

A plain-English explanation of how the Safeguard Hub's decision tools handle — and do not handle — your data. Written for supervisors, data protection officers, and IT leads who need to understand the technical detail before recommending these tools to their teams.

The short answer

No information you type into any Safeguard Hub tool is ever transmitted to our servers. No case details, no child information, no decisions, no names — none of it leaves your device.

All tool logic runs entirely in your browser using standard JavaScript. Our server is never involved after the page loads.

1 How the interactive tools work

When you load a page such as the Section 17/47 Threshold Checker, the Police Referral Threshold Tool, or the Information Sharing Decision Tool, your browser downloads a single HTML file. That file contains:

  • All the question logic (written in JavaScript)
  • All the statutory guidance text and decision rules
  • All the output text and recommended actions

Once that file is in your browser, no further network requests are needed to operate the tool. Your answers to questions are stored only in the browser's working memory (JavaScript variables) and are discarded the moment you close the tab or click "Start Again". Nothing is written to disk, sent to a server, or logged anywhere.

# What happens when you answer a question:

1. You click an answer button

2. A JavaScript function runs in your browser

3. The function updates a local variable (e.g. harmed = true)

4. The next question or result is shown

# Network activity: NONE

# Your answer never leaves your device

2 What data is collected — and what is not

NOT collected — ever

Answers you select in any decision tool
Text you type into form fields (case references, concern summaries)
The outcome/result produced by any tool
Any information about the child or family
Your name, force, employer, or location
Your IP address (beyond what is standard for any web page load — see Analytics below)

IS collected

Google Analytics page views. We use Google Analytics (property ID G-C45EFZX1C6) to count how many visitors view each page and which tools are used most. This records the page URL and approximate location (country/region level) — not any of your inputs. Google's privacy policy applies: policies.google.com/privacy. You can opt out using the Google Analytics Opt-out Browser Add-on.
Newsletter email address (only if you voluntarily subscribe). If you choose to enter your email address in the newsletter signup form, that address is submitted to our API and stored securely in our database. This is the only personally identifiable information we collect, and only when explicitly provided. You can unsubscribe at any time.

3 Browser session storage

The site uses browser sessionStorage (not cookies) for two purposes only:

  • sh_bar_d — records that you have dismissed the newsletter signup bar, so it is not shown again during the same browser session
  • sh_bar_s — records that you have subscribed, so the bar is not shown again

Session storage is cleared automatically when you close your browser tab. It is not shared with any third party. It contains no personal data and no case-related information.

4 Third-party services

Google Analytics

Page views only

Loaded on every page. Records page URL, approximate geographic location, browser type, and session duration. Does not receive any tool inputs or outputs. Data is processed by Google LLC under their Data Processing Terms.

Google Fonts

Stylesheet only

The Inter typeface is loaded from fonts.googleapis.com. This is a standard font delivery request. No user data is passed in this request beyond your browser's standard HTTP headers.

Replit (hosting infrastructure)

TLS / hosting

The Safeguard Hub is hosted on Replit's infrastructure with TLS (HTTPS) enforced for all connections. Standard web server logs (IP address, page requested, timestamp) are retained in accordance with Replit's privacy policy. This is identical to any other HTTPS website.

5 How to verify this yourself

You do not need to take our word for it. Any person with access to browser developer tools can independently verify that no tool inputs are transmitted:

  1. 1 Open any tool page (e.g. threshold-checker) and press F12 (Windows) or Cmd+Option+I (Mac) to open developer tools.
  2. 2 Click the Network tab and check the box labelled "Preserve log".
  3. 3 Use the tool normally — answer every question and reach a result.
  4. 4 Filter the network log to show only XHR / Fetch requests. You will see requests to safeguard-hub.org only for the initial page load and Google Analytics page-view events. No requests will contain your answers.
For IT security leads: The source code for every interactive tool is visible by right-clicking the page and selecting "View Page Source". All decision logic is written in plain JavaScript with no obfuscation. The code is freely auditable.

6 Offline / air-gapped use

Because all tool logic is self-contained in a single HTML file, the tools can be saved locally and used offline. To do this:

  • Open the tool page in your browser
  • Press Ctrl+S / Cmd+S and save as "Webpage, Complete"
  • The saved file can be opened from a local drive, a shared network drive, or an intranet without any internet connection

Note: the styling relies on an external Tailwind CSS file so the saved version may render without full styling — but all tool logic will work correctly. For force intranet deployment, please contact us.

7 Recommendations for your organisation's data governance

For organisations considering making these tools available to staff, the following points may assist your Data Protection Officer or Information Governance lead:

No DPIA required for tool use

Because no personal data relating to children, families, or casework is processed by our systems, the use of these tools does not require a Data Protection Impact Assessment under UK GDPR Article 35. The tool is equivalent to a member of staff consulting a printed checklist.

Printed outputs are your organisation's records

If staff print or save a PDF of a tool's decision output, that document becomes your organisation's record and should be handled in accordance with your records management policy. The Safeguard Hub retains no copy of that output.

No data sharing agreement required

Because no data is shared with us, no Data Sharing Agreement or Data Processing Agreement is required to use these tools. There is no controller-to-controller or controller-to-processor relationship between your organisation and The Safeguard Hub in relation to tool use.

8 Questions or concerns

If you are an IT security lead, data protection officer, or supervisor wishing to ask technical questions about how these tools work, please use the contact form at safeguard-hub.org/contact/. We are happy to provide additional technical detail, answer specific questions from your IG team, or discuss intranet deployment options.

Contact us → ← For Police tools

This page was last updated June 2026. If you have found an inaccuracy, please let us know.