BRASI
BRASISafeguarding Policy

Institutional partnership framework

Building safer institutions,
together.

BRASI partners with universities and institutions to provide privacy-first wellbeing infrastructure for students. Our safeguarding framework is proactive, trauma-informed, and built on one non-negotiable principle: survivor consent and anonymity come first — always.

Trauma-informedPrivacy by designAnonymous by defaultNon-surveillance
Request a DemoExplore Partnerships

This policy was last reviewed in May 2026 · Subject to periodic revision

Our approach

A safeguarding philosophy built
around dignity.

Effective safeguarding is not about surveillance — it is about creating the conditions in which people feel safe enough to seek help. BRASI is designed around three core principles that inform every decision we make.

Proactive, not reactive

Safeguarding works best before a crisis. BRASI is embedded into everyday campus life so that students have a trusted resource long before they need urgent support. We give institutions the infrastructure to be present — quietly and consistently.

Supportive, not surveillant

BRASI does not monitor students. We do not track behaviour, flag individuals, or report to institutions without explicit survivor consent. Our platform is a safe space, not a reporting mechanism. Institutions receive only anonymised, aggregate wellbeing insights.

Consent-first, always

Every interaction on BRASI is driven by survivor choice. Nothing is shared, escalated, or forwarded without the explicit, informed consent of the person using the platform. This principle is non-negotiable and is enforced at every layer of our architecture.

Student safety

Six principles that
protect every student.

These commitments are structural — they are built into how BRASI works, not written as aspirations. No institutional partner can override or bypass any of these principles.

Structurally enforced

These are not policy statements — they are enforced at the database, API, and application layers. Institutional partners have no technical capability to circumvent them.

01

No student is required to disclose

BRASI never pressures students to report, disclose, or escalate their experience. The platform is designed for processing and support — disclosure is entirely the student's choice, made on their own terms and timeline.

02

Anonymity is the default state

Students are never required to provide their real name, institutional email, or any identifying information. A private alias is sufficient. No institutional partner can link a BRASI account to a real student identity.

03

Students control their own records

Journal entries, support conversations, and uploaded documents belong entirely to the student. They may export, share selectively, or permanently delete their records at any time, with immediate effect.

04

Support access is always available

Students can browse and contact verified support providers at any stage — before, during, or independently of any formal institutional process. BRASI is a standalone resource, not a gateway to reporting.

05

Crisis pathways are human-first

Where a student indicates they may be in immediate danger, BRASI surfaces emergency resources and trained crisis support. No automated escalation occurs without informed consent. Humans are always in the loop.

06

No data is shared for institutional compliance

BRASI will never provide student data to an institution to satisfy audit requirements, compliance metrics, or safeguarding reporting obligations. Student data and institutional reporting are entirely separate concerns.

Privacy & anonymity

Our commitments to
every student on the platform.

These are not aspirational promises. They are hard technical constraints built into every layer of the BRASI platform.

No survivor identification

BRASI never collects, stores, or transmits any information that could identify a survivor to their institution, to a third party, or to anyone outside their explicit consent circle.

End-to-end encrypted records

Journal entries and personal records are encrypted in transit and at rest. Institutional partners do not hold decryption keys and cannot access journal content under any circumstances.

Conversations are private

Support conversations between a student and a verified provider are confidential. BRASI staff, institutional administrators, and third parties cannot read, access, or retrieve conversation content.

Data portability & deletion

Students can export all their data or request permanent deletion at any time. Deletion requests are actioned within 72 hours and are irreversible. No backups are retained after deletion.

Institutional boundaries

What institutional partners cannot access

These restrictions apply to all institutional partners without exception.

  • Access a student's journal entries or private records
  • Read conversations between a student and a support provider
  • Identify which students are registered on BRASI
  • Link a BRASI account to a student's institutional identity
  • Export or download individual student data
  • Override a student's consent or privacy settings
  • Request data disclosure outside of a lawful court order

Compliance with the above is enforced architecturally — it is not dependent on contractual agreements alone. BRASI's infrastructure does not permit institutional access to the above data by design.

Provider standards

Every provider is
manually verified.

No provider appears on BRASI without completing a rigorous, multi-stage vetting process. We do not use automated screening. Every approval is made by a qualified human reviewer.

Step 01

Application & documentation

All providers submit professional credentials, registration numbers, and relevant qualifications. Trauma-informed training certificates are mandatory for anyone working with survivors.

Step 02

Qualification verification

BRASI verifies credentials directly with licensing bodies and professional associations. Unverifiable credentials result in automatic rejection.

Step 03

Safeguarding & DBS checks

Enhanced DBS (Disclosure and Barring Service) checks or equivalent international vetting are required for all providers. Checks must be current within 3 years.

Step 04

Trauma-informed assessment

Providers undergo a structured assessment to confirm trauma-informed practice. This is not a self-declaration — it is evaluated by a qualified BRASI reviewer.

Step 05

Approval & platform activation

Approved providers receive a verified badge and are activated on the platform. All verification status is visible to students before any contact is made.

Step 06

Ongoing review

Verification is not a one-time event. BRASI conducts periodic re-verification and responds to any concerns raised by students or partner institutions.

Verified provider categories

All providers must hold current professional registration in their category.

  • Therapists & counsellors

    BACP, BPS, UKCP or equivalent registered

  • Independent legal advisors

    Specialist in sexual violence & employment law

  • Independent sexual violence advisors (ISVAs)

    Accredited ISVA training required

  • Peer support workers

    Lived experience + formal safeguarding training

  • Crisis support specialists

    Qualified in crisis intervention & risk assessment

Crisis support

Crisis escalation that
centres the survivor.

BRASI takes crisis indicators seriously — and responds to them without compromising anonymity. Our escalation model is always human-led, always consent-driven, and never automated beyond the platform.

Stage 01

Platform-level signals

BRASI monitors anonymised distress indicators within journal content — not individual accounts, but platform-wide signals that may indicate heightened need. No individual is flagged or identified. Aggregate patterns inform the support resources we surface.

No individual identification occurs at this stage.

Stage 02

In-platform support surfacing

When a student's activity suggests they may be in crisis, BRASI surfaces targeted resources — crisis lines, emergency contacts, and immediate support options — within the platform experience. This is proactive and non-intrusive.

Triggered contextually, never shared with institutions.

Stage 03

Human-led crisis response

If a student explicitly requests urgent help, they are connected with a crisis-trained support specialist. Escalation beyond the platform — to emergency services or institutional safeguarding — only occurs with the student's informed, explicit consent.

External escalation requires survivor consent.

Mandatory reporting and institutional duty of care

BRASI is not a mandatory reporting service. We operate as a support infrastructure platform — not as an extension of an institution's safeguarding obligations. Where mandatory reporting requirements apply (e.g., under local legislation), those obligations rest with the institution, not with BRASI. Our platform does not substitute for institutional safeguarding processes; it supplements them.

Partnership framework

Mutual responsibilities
in every partnership.

A BRASI institutional partnership is a shared commitment. Institutions bring their safeguarding expertise and duty of care; BRASI provides privacy-first infrastructure and verified support access. Both parties have defined responsibilities.

Institutions must

  • Designate a named safeguarding lead responsible for the BRASI partnership
  • Maintain their own independent safeguarding and complaints procedures
  • Provide students with clear, prominent information about BRASI as a supplementary resource
  • Respond appropriately to any welfare concern a student explicitly escalates to the institution
  • Renew their partnership agreement annually and confirm continued compliance
  • Notify BRASI promptly of any significant changes to their safeguarding infrastructure
  • Not market BRASI to students as a replacement for formal institutional support channels

Institutions must not

  • Attempt to identify individual students through BRASI platform data
  • Request individual student records from BRASI under any circumstances
  • Use BRASI data to satisfy mandatory safeguarding reporting obligations
  • Represent BRASI as an institutional reporting tool or reporting mechanism
  • Grant third parties access to BRASI partnership dashboards without BRASI approval
  • Use aggregate platform insights to make decisions about individual students

BRASI commits to institutional partners

Aggregate insights only

We provide institutions with anonymised, aggregate wellbeing data — never individual student data.

Prompt incident notification

We notify institutional leads of platform-wide incidents or outages that may affect student support access.

Policy transparency

Our safeguarding, privacy, and data policies are publicly available and updated whenever material changes occur.

Partnership review process

All partnership agreements are reviewed annually. Institutions are informed of policy changes with reasonable notice.

Compliance & governance

Governance you can
rely on.

BRASI is built on a foundation of robust data governance, regulatory compliance, and transparent accountability. We hold ourselves to high standards — and we publish those standards openly.

UK Data Protection Act 2018

BRASI operates in full compliance with the UK Data Protection Act 2018 and the UK GDPR. Data subject rights — including access, erasure, and portability — are fully supported.

GDPR (EU) 2016/679

For institutions operating within or serving students in the European Economic Area, BRASI maintains GDPR compliance. We do not transfer personal data to third countries without adequate safeguards.

ISO 27001 aligned

Our information security management practices are aligned with ISO/IEC 27001 standards. Periodic penetration testing and security audits are conducted by independent third parties.

Policy review cycle

This safeguarding policy is reviewed at least annually, and following any significant regulatory change, incident, or material change to the BRASI platform or partnership model.

Governance reference

Data Controller
BRASI Ltd
Data Protection Lead
Designated DPL — contact via hello@brasi.io
Policy version
2.1 — reviewed May 2026
Regulatory framework
UK GDPR, DPA 2018, ISO 27001
Supervisory authority
Information Commissioner's Office (ICO), UK
Complaints process
hello@brasi.io — acknowledged within 5 working days

For data subject requests, compliance queries, or safeguarding concerns, contact us at hello@brasi.io. Requests are acknowledged within 5 working days.

For universities & institutions

Partner with BRASI to build
safer campus environments.

BRASI institutional partnerships are designed to supplement — never replace — your existing safeguarding infrastructure. We bring privacy-first wellbeing technology; you bring your duty of care. Together, students have somewhere safe to turn.

  • Anonymised wellbeing insights for administrators
  • Verified support access for every enrolled student
  • No student data shared with institutional partners
  • Dedicated safeguarding lead and onboarding support

Ready to get started?

Request a personalised demo or explore our partnership options. Our team will respond within 2 working days.

Request a DemoExplore Partnerships

No student data is shared with BRASI at the demo stage. All discussions are confidential.