Please enable JavaScript.  This webapp requires JavaScript to work.

Security on Tapestry

Security is our main priority

We are very proud of the trust placed in us by so many schools, settings, childminders, and families to take care of the data added to Tapestry. We take our responsibility to look after it very seriously. 

This takes form in a number of ways, including being careful about who we employ, ensuring all of the software we use is up to date and fully tested, encrypting your data on our servers and the connections between you and our servers, and hiring independent companies to check our systems are secure (this is known as penetration testing). 

We also back up your data in a completely separate location. This means that in the unlikely event that your data is lost or corrupted on the main servers, we can restore your data from those.  

We don’t sell the data added to Tapestry, use it for advertising, or make it visible to anyone who hasn’t been authorised by the school, setting, or childminder who owns the account. 

Despite all of that, security is only as strong as the weakest link. We therefore need to work with you, the people accessing and adding to the account, to ensure the overall system is secure. This means, for example, making sure you set safe passwords that you do not share with others, and that you know exactly who you are giving access to. 

If you’re thinking about taking out a subscription to Tapestry or if your child’s teachers already use it, please feel free to click on the link below to download and look through the contract we ask Tapestry customers to agree to. In it you can find out a bit more about what you can expect from us, what we expect from you, and how we make sure data is kept securely. Please note that if your child care provider is based in Australia they may be under a slightly different contract, although how we keep the data secure remains the same. Staff there will be able to download a copy of it from within their Tapestry account. 

Tapestry Contract 2021-09-30.pdf

You can find the latest changes to the contract at the end of it, and we also have a PDF that highlights all the changes from the previous version of our contract.

Below you can find the answers to some of the questions we’re frequently asked about security.


To keep our price down, we do not enter into bespoke contracts or fill out security checklists. However, we hope that our contract, including its annexes, include all the answers you need and cover all the events that you are concerned about and that you can use them to fill out whatever paperwork you require for your own systems.

If you have questions about our service that aren’t covered then do get in touch.

To keep our price down, we do not. However, we take fulfilling our obligations to you very seriously and will do our utmost to ensure our service is there whenever you need it.

Yes. A manager on your Tapestry account can set the stipulations for a password including it’s minimum length and whether any special characters are needed.

Yes, we back data up in a completely separate physical location. These should be, at most, 24 hours old and we should have 90 days of backups.

Only you, and those you authorise, will have access to your Tapestry accounts. You can restrict the people you authorise to only be able to view data about some children.

Yes, managers can control what individuals are able to do and see in the ‘user permissions’ section.


Here are some of the comments we’ve had about our approach to security:

"I just wanted to say how impressed I am with your GDPR Contract, I've had a few parents waiting to hear about the final draft after keeping them up to speed regarding how it's coming along, I feel completely confident in sharing any of the information written within it to assure them they should have no concerns regarding security etc."

"Thank you again for being so stringent about both Data Protection and Safeguarding."

Load More