Markable logoBack to home

Data Processing Agreement

Last updated: April 2026

This Data Processing Agreement forms part of the Terms of Service between Markable (Data Processor) and the subscribing teacher/school (Data Controller).

1. Definitions: Personal data has the meaning given in UK GDPR. Processing means any operation performed on personal data.

2. Nature of processing: Markable processes data on behalf of the Data Controller for the purpose of providing AI-assisted marking feedback for BTEC Applied Law student scripts.

3. Data minimisation: Markable requires that only initials or reference codes are used to identify students. Full names or other personal identifiers must not be uploaded.

4. Security measures: Markable implements appropriate technical and organisational measures including encrypted data storage, access controls, and secure authentication.

5. Sub-processors: Markable uses the following sub-processors: Supabase (data storage, UK/EEA), Anthropic (AI processing, anonymised content only), Stripe (payment processing).

6. Data subject rights: Markable will assist the Data Controller in responding to data subject rights requests within 72 hours.

7. Breach notification: In the event of a personal data breach, Markable will notify the Data Controller within 72 hours of becoming aware.

8. Deletion: Upon termination of the service, all data will be deleted within 30 days upon request.

Contact: support@markable.uk

ICO Registration Number: C1917001