> ## Documentation Index
> Fetch the complete documentation index at: https://docs.puddin.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Puddin Admissions Security, Privacy, and Data Protection

> Understand how Puddin protects applicant data, covering encryption, access controls, GDPR compliance, data retention, and audit logging.

Puddin Admissions handles sensitive personal data — applicant names, contact details, personal statements, and document creation histories. Protecting that data is a shared responsibility: Puddin provides a secure, compliant platform, and your institution is responsible for how it configures access, how long it retains data, and how it meets its obligations to applicants under applicable data protection law. This page explains what Puddin does to protect data and what your institution needs to do in turn.

## Applicant data storage and encryption

All applicant data stored in Puddin — including personal details, personal statement content, and writing process evidence — is encrypted at rest using AES-256 encryption. Data in transit between applicants, your admissions team, and Puddin's servers is encrypted using TLS 1.2 or higher.

Puddin's infrastructure is hosted in ISO 27001-certified data centres. Logical separation between institutional accounts ensures that your applicant data is never accessible to users from other institutions.

<Info>
  If your institution has specific data residency requirements — for example, a requirement that data is stored within the UK or EU — contact your Puddin account manager to confirm the hosting configuration available to you.
</Info>

## Access controls by role

Puddin enforces role-based access controls to ensure that each user can only see the data they need to do their job.

| Role                   | What they can access                                                                                                                                                             |
| ---------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Administrator**      | All institution settings, all cycles, all applicant records, all user accounts, full audit log                                                                                   |
| **Admissions Officer** | All applicant records and submissions within assigned cycles; can manage applicants, send invitations, and assign reviewers; cannot modify institution settings or user accounts |
| **Reviewer**           | Only the submissions explicitly assigned to them; can view personal statements and writing process evidence; can record decisions and notes; cannot view other applicants        |

Applicants access only their own writing environment through a unique, single-use link. They cannot view any other applicant's data.

<Warning>
  Grant access based on the principle of least privilege. Only assign the Administrator role to staff who genuinely need to manage institution settings and user accounts. Use the Admissions Officer and Reviewer roles for operational staff.
</Warning>

## GDPR and data protection compliance

If your institution is based in the UK or EU, or processes data relating to UK or EU applicants, Puddin's processing of applicant data falls within the scope of UK GDPR and/or EU GDPR. Puddin acts as a **data processor** on your behalf; your institution is the **data controller**.

As the data controller, your institution is responsible for:

* Establishing the lawful basis for collecting and processing applicant personal data through Puddin.
* Informing applicants about how their data is processed — including that their writing process is recorded — through your privacy notice.
* Handling applicant requests to access, rectify, or delete their personal data.
* Maintaining records of processing activities as required by Article 30 UK GDPR / EU GDPR.

Puddin supports your compliance obligations by providing:

* A Data Processing Agreement (DPA) for your institution to countersign.
* Tools to export and delete applicant records on request (see below).
* A full audit log for accountability purposes.

<Note>
  Contact your Puddin account manager to obtain a copy of the Data Processing Agreement. This document should be in place before you begin processing applicant data through the platform.
</Note>

## Applicant data handling and consent

Applicants should be informed — before they begin writing — that Puddin will record their writing process as part of the authorship verification process. This disclosure is typically included in your institution's application privacy notice and/or in the invitation email sent through Puddin.

Puddin's writing environment displays a brief notice to applicants when they first open it, confirming that their writing process is being recorded. This notice does not replace your institution's obligation to inform applicants through your own privacy documentation.

<Tip>
  Work with your institution's Data Protection Officer (DPO) to ensure that your admissions privacy notice covers the collection of writing process evidence through Puddin. Your DPO can help you identify the correct lawful basis — typically legitimate interests or the performance of a task in the public interest — for this processing.
</Tip>

## Retention periods and deletion policy

Puddin retains applicant data for as long as your institution requires, subject to a maximum retention period set in your agreement. Your institution is responsible for defining how long applicant records should be kept in line with your own data retention policy and applicable legal requirements.

To delete applicant records:

1. Navigate to the applicant's record in the relevant cycle.
2. Select **Delete Applicant Record** from the actions menu.
3. Confirm the deletion. This removes the applicant's personal details, personal statement content, and writing process evidence from Puddin permanently.

<Warning>
  Deletion is irreversible. Once an applicant record is deleted, the personal statement and writing process evidence cannot be recovered. Ensure you have completed all review and compliance activities before deleting records.
</Warning>

You can also delete all records within a closed or archived cycle by navigating to **Cycle Settings → Delete All Applicant Data**. This action requires Administrator privileges and must be confirmed twice.

## Exporting applicant records

You can export applicant records for compliance, audit, or data subject access request purposes. Navigate to the relevant cycle, apply any filters you need, and select **Export** from the bulk actions menu.

Exports include:

* Applicant personal details (name, email address).
* Submission status and submission timestamp.
* Reviewer decisions and notes.
* Audit log entries relating to that applicant.

Writing process evidence can be exported as a structured report for individual applicants from their applicant record page.

## Audit logging for compliance

Puddin maintains a comprehensive audit log that records all significant actions taken within the platform. The audit log is available to Administrators under **Settings → Audit Log**.

Logged events include:

| Event                                          | Detail recorded                          |
| ---------------------------------------------- | ---------------------------------------- |
| User login                                     | User, timestamp, IP address              |
| Applicant record created or deleted            | User, timestamp, applicant identifier    |
| Invitation sent                                | User, timestamp, applicant(s)            |
| Submission received                            | Timestamp, applicant identifier          |
| Submission reviewed                            | Reviewer, timestamp, decision recorded   |
| User account created, modified, or deactivated | Administrator, timestamp                 |
| Institution settings changed                   | Administrator, timestamp, fields changed |
| Applicant data exported                        | User, timestamp, export scope            |

The audit log is read-only and cannot be modified or deleted by any user. It is retained for a minimum of three years from the date of each entry.

## Institutional data governance responsibilities

Puddin provides the technical controls described on this page, but the governance of applicant data is your institution's responsibility. As a minimum, your institution should:

* Designate a named Data Protection Officer or data protection lead responsible for Puddin-related processing.
* Ensure the Puddin Data Processing Agreement is countersigned and on file.
* Include writing process evidence collection in your admissions privacy notice.
* Establish and document a data retention schedule for applicant records held in Puddin.
* Train admissions staff on their obligations when handling applicant personal data.
* Review access permissions regularly and deactivate accounts for staff who no longer need access.

<Info>
  If you have questions about Puddin's security certifications, sub-processors, or data residency options, contact your Puddin account manager or email the Puddin security team at the address provided in your onboarding documentation.
</Info>
