Adminished

← Back to home

Security & data protection

Last updated: 2026-05-30.

Adminished is built for organisations that look after children. We treat the data you store — especially safeguarding, medical and consent records — as the most sensitive thing in the system. Here's exactly how it's handled. For the full legal detail, see our Privacy Policy.

Who runs it

  • Operated by Slashbit Ltd, a company registered in England & Wales.
  • Registered with the ICO (UK Information Commissioner's Office); our registration number is available on request.
  • For your members' personal data, you (the club) are the data controller and Adminished is your data processor under UK GDPR.

Where your data lives

  • UK / EU hosting — your data is held on UK/EU infrastructure, never shipped to a region with weaker protection.
  • Encrypted in transit with TLS everywhere, and access-controlled at the query layer: every record is scoped to your club, so one club can never read another's data.
  • Passwords are hashed with bcrypt — never stored in plain text.
  • Production access is restricted and logged; we take regular database backups.

Sub-processors

We use a deliberately small list of trusted providers to run the service:

  • Stripe — card payments (PCI-DSS Level 1). Full card numbers never touch our servers.
  • Resend — transactional & reminder email.
  • Cloudflare — CDN, DNS and DDoS protection.
  • A UK/EU hosting provider for the application and database.

We never sell your data, and we never use children's data for advertising.

Safeguarding & compliance, built in

  • E-signed consent & waivers — legally valid under the UK Electronic Communications Act 2000, stored against each member with a timestamped audit trail.
  • Emergency contacts & medical / SEND notes on every member record, visible to coaches at check-in.
  • Photo consent tracked per member.
  • Multi-guardian support so the right adults — and only the right adults — can access a child's record.
  • DBS / safeguarding tracking for your team, and role-based permissions (owner / coach / parent).
  • Gift Aid declarations and VAT handling for charity-registered and VAT-registered clubs.

Your rights & data requests

Under UK GDPR you (and your members) can request access, correction, export or deletion of personal data. We action Data Subject Access Requests and deletions promptly.

  • Account deletion is available in-app at any time, and parents can delete their own accounts from the parent portal — see deleting your account.
  • On deletion we remove personal data within 30 days, except where law requires retention (e.g. financial records for HMRC).
  • Data questions or DSARs: [email protected]. You can also complain to the ICO at ico.org.uk.

Reporting a security issue

Found a vulnerability? Please email [email protected] — we'll acknowledge and investigate promptly. Please don't disclose it publicly until we've had a chance to fix it.

Full privacy policy → · Terms of service →