What personal data does Loci hold (if any)?
Loci holds a limited set of personal data needed to operate the platform. This currently includes a user’s email address, first name, surname and date of birth.
Email address is required for account creation and passwordless authentication. First name and surname are collected to support basic personalisation and to allow for future identity checks where needed, for example in chats or groups. Date of birth is collected to enforce age restrictions where relevant and to support future demographic targeting, such as age-based communications or polling.
We only collect the data needed to run the service properly and support safe, relevant use of the platform.
How is data minimisation applied?
Data minimisation is built into how Loci works. We only collect the personal data needed to operate the service and support its intended features, which currently means core details such as email address, name and date of birth.
We also limit how that data is used and accessed. Most functionality is handled through backend services, with access to personal data tightly controlled through role-based, relationship-based and attribute-based access controls. Access follows the principle of least privilege, and direct manual access to user data is avoided except in rare, tightly controlled break-glass support situations.
GDPR roles: are you a data processor or controller?
Loci acts as both a data processor and a data controller, depending on the type of processing involved.
When councils use Loci to communicate with residents and manage engagement through the platform, Loci acts as a data processor on the council’s behalf, with the council acting as the data controller.
For core platform functions such as account management, authentication and service security, Loci acts as a data controller for the data needed to operate and maintain the service.
Where is data hosted and secured?
Loci application data is hosted in AWS within the eu-west-2 London region and replicated across at least two availability zones to support resilience and availability.
Data is encrypted both in transit and at rest. Authentication-related data is managed through Stytch, our third-party identity provider. Access to infrastructure and data is tightly controlled through least-privilege access policies, with automated access points logged and audited.