Journey holds your apprentices' special-category data, the evidence behind your funding claims and your audit trail. We protect it with externally-audited standards, defence-in-depth engineering and a security model designed for multi-tenant scale.
Journey is built and operated by TechGeek, a UK company certified to ISO 9001, ISO 27001 and Cyber Essentials — the same externally-audited standards expected of enterprise software.

ISO 9001 & ISO 27001
An externally-audited Integrated Management System governs how Journey is designed, built and supported, and how your learners' special-category data is protected end to end.

Cyber Essentials
Independently certified under the UK government and NCSC scheme that verifies our defences against the most common internet-based cyber attacks.
Security is built into the architecture, not bolted on. These are the controls that protect every tenant.
Every read is filtered and every write is stamped with your tenant. Cross-tenant access is impossible by design — a request for another provider's data returns nothing.
Permissions are catalogue-defined and granted per role. Staff and learners see only what their role allows, and sensitive PII is gated behind specific permissions.
Every significant action is recorded in a tamper-evident, append-only log — who did what, when. History cannot be rewritten, even by administrators.
Data is hosted in the UK / EU, encrypted in transit and at rest, with encrypted backups. We do not sell personal data, ever.
AI prompts are scrubbed of personal data and scoped to your tenant, every call is metered, and features degrade safely if a model is unavailable.
Funding, gateway, EPA and ILR figures are computed server-side against versioned DfE/ESFA rule packs, with concurrency-safe state machines.
Everything we publish, in one place. Need a signed DPA, a security questionnaire completed or evidence for your due diligence? We are ready.