TripPA Security Statement

At TripPA, we understand the importance of protecting student and school data, not just as developers, but as qualified teachers who have personally led many school trips ourselves. Our commitment to data security is grounded in this first-hand experience.

Every member of the TripPA team is DBS-checked, and our platform is built with a clear understanding of schools’ safeguarding responsibilities. We prioritise security in both our technology and our team practices.

Data Security Commitment

Our approach to security includes best practices in cloud infrastructure, access control, and data handling to ensure compliance with UK GDPR and the Data Protection Act 2018.

Cloud Security & Infrastructure

The TripPA apps and their data are hosted on Google Cloud Platform, a leading provider of secure cloud services. We use Google Cloud Security Command Center to monitor for threats and vulnerabilities. All data is encrypted at rest and in transit, ensuring that sensitive information remains protected at all times.

Secure Data Sync & Third-Party Handling

We partner with Wonde, a leading data sync platform in the education sector, which follows Secure by Default principles. This partnership ensures that data transfers are managed securely and in line with strict security guidelines.

Access Control & Authentication

To protect user accounts and prevent unauthorised access:

  • We support Single Sign-On (SSO) for ease of access and security.
  • Multi-Factor Authentication (MFA) is required for account creation, adding an extra layer of identity protection.
  • We use Role-Based Access Control (RBAC) and the Principle of Least Privilege (PoLP) to manage permissions:
    • RBAC ensures that users are assigned appropriate access based on their role: EVC, staff, or parent.
    • PoLP ensures that users and systems only have access to the specific data they need, reducing security risks and limiting exposure to potential threats.
Ongoing Protection
  • The TripPA development team runs regular security tests to identify and address potential vulnerabilities, ensuring our systems remain robust and resilient against emerging threats.
  • We work to reduce our attack surface by limiting exposed access points, securing APIs, and keeping all software up to date.
  • Our security framework is continuously reviewed and improved to adapt to evolving risks.

We’ve stood where you stand, as teachers leading trips. With this first-hand experience, we’ve designed TripPA to meet the practical and legal expectations of UK schools. Security, safeguarding, and ease of use are core to our product and our values.

If you have any security concerns or questions, please contact us at tech@trippa.net.

Plan educational visits effortlessly with our school trip app. Perfect for busy teachers and EVCs, streamlining planning and admin for trips.