Security

Security and data handling

How Usage Register handles survey responses, AI usage records, and organisation data.

Ask a security question Book a discovery call

By default, Usage Register does not collect customer files, passwords, browser activity, device activity, or third-party AI chat history.

What Usage Register collects

  • Organisation details
  • Survey invite status
  • Department and role group
  • AI tools reported by staff
  • AI use cases
  • Data categories involved
  • Risk indicators
  • Policy acknowledgement and review records where used
  • Guidance or evidence records where enabled
  • Incident and review records where used

What Usage Register does not collect by default

  • Customer files
  • Full client records
  • Passwords or credentials
  • Raw AI prompts unless deliberately provided
  • Live monitoring of employee activity
  • Browser activity
  • Device activity
  • AI chat history from third-party tools

Confidential responses, not anonymous responses

Survey responses are confidential, not fully anonymous. The organisation can see who was invited and who completed the survey, but individual answers are not shown to management by name. Results are reported in aggregate by department and risk area.

Small-group suppression

Department-level detail is suppressed where response groups are too small, reducing the risk of individuals being identified from aggregated data.

Access controls

Access is role-based. Organisation users only see data for their own organisation. Admin access is restricted.

Data minimisation

Usage Register collects the information needed to understand AI usage and risk. It is not designed to collect customer files or monitor staff behaviour.

Survey links and email

Survey invitations use unique links. Production email is configured to use a verified sending domain so staff can trust that messages are legitimate.

Evidence records

Where the Managed plan includes staff guidance and evidence support, the platform can record evidence of completion. These records are held at the organisation level and are only accessible to authorised users within that organisation.

Data retention

Retention depends on the service agreement and organisation requirements. Data can be reviewed or removed on request where appropriate.

Not surveillance software

Usage Register is structured discovery and governance support. It is not employee monitoring or automatic AI usage surveillance.

Security questions

If your organisation has security, data protection, or procurement questions, raise them during the discovery call or contact us before starting.

Questions about how your data is handled?

Raise security, data protection, or procurement questions during the discovery call or before you start.

Book a discovery call