Safeguarding reviewer handoff
Focus on learner safety, escalation ownership, high-risk input handling, moderation timing and younger-learner acknowledgement.
Trust controls
Aristotle is designed for learning, not crisis support, medical advice, secret data storage or unsupervised safeguarding decisions.
Safety/privacy sign-off campaign
Coordinate the two external production review tracks, their packets, return templates and validation records without exposing learner data.
Focus on learner safety, escalation ownership, high-risk input handling, moderation timing and younger-learner acknowledgement.
Focus on learner data rights, child-specific notices, access controls, retention policy, export/delete controls and minimisation.
Safety/privacy launch pack
Use this handoff before Aristotle claims production safety, safeguarding or learner-data readiness.
This launch pack does not create external sign-off. Production safety readiness remains open until both safeguarding and legal/privacy validation records are accepted with external or real-world attestation.
Safety/privacy reviewer work order
Use this packet when asking safeguarding and legal/privacy reviewers to inspect the evidence, return a decision and create accepted validation evidence without exposing learner data.
This work order helps an external reviewer return a decision. It does not itself create safeguarding, legal/privacy or production safety sign-off, and it must not be used as evidence of real-world review until the validation registry contains accepted category-specific records with external attestation.
The work order includes aggregate safety/privacy readiness, checklist labels, commands, route references and validation draft summaries only. It excludes learner names, raw answers, guardian details, emails, session keys and access codes.
Accepted safety/privacy returns must include external or real-world attestation, not synthetic-only confirmation, EYFS through A-Level age-scope review, packet review, scope match, readiness confirmation and the category-specific controls below.
reviewer_confirmed_external_or_real_worldreviewer_confirmed_not_synthetic_onlyreviewer_confirmed_age_scope_reviewedreviewer_confirmed_work_order_and_pack_reviewedreviewer_confirmed_scope_matches_gatereviewer_confirmed_ready_for_acceptancesafeguarding_controls_reviewed - Safeguarding reviewer confirms guardian acknowledgement, escalation, moderation, safety-log and unsupported-input controls were reviewed.safeguarding_owner_and_policy_ready - Safeguarding reviewer confirms owner, policy, SLA and escalation responsibilities are ready for the release claim.reviewer_confirmed_external_or_real_worldreviewer_confirmed_not_synthetic_onlyreviewer_confirmed_age_scope_reviewedreviewer_confirmed_work_order_and_pack_reviewedreviewer_confirmed_scope_matches_gatereviewer_confirmed_ready_for_acceptanceprivacy_controls_reviewed - Legal/privacy reviewer confirms learner data, export/delete, adult access, retention and minimization controls were reviewed.legal_privacy_release_ready - Legal/privacy reviewer confirms privacy and child-safety legal risk is acceptable for the submitted release claim.Focus on learner safety, escalation ownership, high-risk input handling, moderation timing and younger-learner acknowledgement.
Focus on learner data rights, child-specific notices, access controls, retention policy, export/delete controls and minimisation.
Reviewer handoffs
Safeguarding and legal/privacy reviewers share some controls, but each sign-off has its own owner, evidence focus and open-item count.
Focus on learner safety, escalation ownership, high-risk input handling, moderation timing and younger-learner acknowledgement.
Focus on learner data rights, child-specific notices, access controls, retention policy, export/delete controls and minimisation.
External sign-off checklist
These items make reviewer ownership explicit before Aristotle can claim production safety or privacy readiness.
External reviewer confirms who owns triage, escalation and learner-safety decisions.
External reviewer checks policy version, escalation route, training expectations and emergency boundaries.
External reviewer checks whether urgent/caution events have an operational review window.
External reviewer checks that urgent/caution items are not left open beyond the agreed response window.
Legal/privacy reviewer confirms who owns DSAR, deletion, retention and access-control decisions.
Legal/privacy reviewer checks lawful basis, learner data categories, sharing and child-specific notices.
Legal/privacy reviewer checks retention windows for profiles, evidence, safety events and audit records.
Legal/privacy reviewer verifies the implementation against data-rights policy.
Safeguarding reviewer verifies redaction, no-mastery handling and learner-facing support copy.
Safeguarding/legal reviewers verify consent language and adult responsibilities.
Moderation SLA
Run python manage.py run_safety_sla_check --json --fail-on-error before safeguarding review to prove urgent and caution events are not left beyond the configured response window.
Review rehearsal
Run python manage.py run_safety_privacy_rehearsal --json --fail-on-error after changing consent, safety handling, export/delete, adult access or learner records.
Validation drafts
Create non-counting drafts in the validation registry from the current safety/privacy evidence pack. External reviewers still need to accept the records before they count toward production readiness.
This draft does not count toward production readiness until accepted in the validation registry. 0 control check(s), 1 rehearsal gate(s), and 4 External safeguarding reviewer checklist item(s) are still open before this pack is ready for acceptance. Moderation SLA breached events=0.
Sign in to draft safeguarding evidence.
This draft does not count toward production readiness until accepted in the validation registry. 0 control check(s), 1 rehearsal gate(s), and 3 Legal/privacy reviewer checklist item(s) are still open before this pack is ready for acceptance. Moderation SLA breached events=0.
Sign in to draft legal/privacy evidence.
When a learner writes something that looks like self-harm, abuse, urgent safeguarding risk, medical advice seeking or sensitive personal data, Aristotle pauses ordinary assessment.
Those answers are recorded as safety evidence and do not increase mastery.
Aristotle stores learner profile details, selected curriculum pathway, concept progress, ordinary answers, scores, rubric signals, confidence, scaffolding, safety flags and review timing. Safety-triggering answers are minimized to a redacted marker with flags rather than kept as ordinary answer text.
Student answers may include sensitive content, so export and delete controls are visible from the account page.
Parents, teachers and school admins can use a learner access code to view educator progress, misconceptions, evidence and review timing.
Access codes should only be shared with adults who are allowed to support that learner.
High-risk inputs create open safety audit events. A parent, teacher or admin can review the safety log, add a resolution note and close the item once trusted adult action has happened.
EYFS, Key Stage 1, Key Stage 2 and younger age bands require parent or guardian acknowledgement before Aristotle stores a profile, progress map or safety workflow record.
This implementation is not a complete safeguarding programme. Production Aristotle still needs external policy review, moderation tooling, content accuracy review and operational ownership.