Least privilege access
Access should be limited to the people who need it for their role, rather than exposing records or files more widely than necessary.
Security / Trust
Designed to support secure, structured handling of learner and organisational information.
Pathway is a secure multi-tenant SaaS platform for 18+ specialist providers.
It is built to help organisations manage learner records, evidence, reporting, user accounts, and organisation data in a more controlled way.
This page explains Pathway's security and trust approach at a high level, in plain English, without exposing sensitive implementation detail.
Security principles
Pathway is designed around practical controls that help organisations manage sensitive information more carefully and more consistently.
Role-based access
Permissions are structured around organisation and user role so different users can see and do what is appropriate to their responsibilities.
Organisation separation
Pathway is built as a multi-tenant platform with separation between organisation data at the application level.
Controlled integrations
External connections are approached cautiously and used where they support a clear operational need, not as open-ended data sharing.
Cautious change approach
Product changes are approached carefully so operational reliability, data handling, and staff workflows stay aligned as the platform develops.
Plain-English accountability
We aim to explain trust and data handling clearly so organisations can make sensible decisions about fit, setup, and responsibilities.
Data storage and ownership
Pathway uses a multi-tenant application model. In the current operating model, customer file storage is connected through Google Workspace.
- Pathway provides the application layer used to organise records, evidence, reporting workflows, and related operational data.
- Customer file storage is connected through Google Workspace in the current model rather than being presented as an open, unmanaged file store.
- Organisations remain responsible for the Google Workspace environment they control, including their own configuration, access, and governance decisions.
- This page intentionally stays at a high level and does not describe internal architecture in sensitive detail.
Access and authentication
Pathway is intended for authenticated use, with access shaped by organisation context and user role.
Authenticated access
Pathway is designed for signed-in users rather than public access to learner or organisation information.
Role and responsibility boundaries
Access is structured around what a user needs to do, with admin and tutor responsibilities separated where appropriate.
Operational control
Customer organisations remain responsible for managing their own users, roles, and wider organisational controls in the environments they operate.
AI and human review
AI features in Pathway are limited. They are intended to support reporting workflows, not replace professional judgement or review.
Supportive, not autonomous
AI-assisted reporting is intended to help staff organise or draft content from information already held in the workflow. It should not be treated as a substitute for professional oversight.
Human checking remains essential
Organisations remain responsible for checking outputs before they are relied on, shared, or used in reporting.
Privacy and compliance
For legal and privacy details, use the public documents below alongside this trust overview.
Privacy
How Pathway explains personal data handling at a public policy level.
Terms
The public terms governing use of the Pathway service.
Data Deletion
Information about deletion requests and account-related data removal routes.
Registered with the Information Commissioner's Office (ICO), reference ZC132277.
Contact Pathway about trust and setup
If your organisation has questions about setup, security, Google Workspace boundaries, or data handling, contact Pathway and we can talk through the current model.