Instructors will trust Driive with diaries, pupil records and payment history. That trust is earned with engineering, not adjectives — here is how we work.
All traffic to and from Driive is encrypted in transit with TLS, and data is encrypted at rest (AES-256) by our infrastructure providers.
Waitlist and, at launch, customer data is hosted in UK/EU data-centre regions with providers operating under UK GDPR-compliant terms.
Production data access is restricted to the people who need it to operate the service, protected by strong authentication, and logged.
We collect the least data the product needs. Today that is one email address per waitlist signup — nothing more.
Last updated: 1 June 2026
This website and waitlist run on Vercel (hosting), Supabase (database) and Resend (email delivery) — established providers whose platforms maintain independent security certifications such as SOC 2. Driive itself is pre-launch and does not yet hold its own certifications; our practices are aligned with recognised standards, and we will pursue formal certification as the product and team grow. We will not claim a badge we have not earned.
When lesson payments launch, card processing will be handled by a regulated, PCI DSS-compliant payment provider. Full card numbers will never touch Driive's servers or be stored by us.
Code is version-controlled and peer-reviewed before release, dependencies are kept patched, secrets are stored in managed environment configuration rather than code, and access to production systems requires strong authentication.
If a security incident affects personal data, we will investigate, contain and remediate it, notify the ICO where the UK GDPR requires it (within 72 hours of becoming aware), and inform affected individuals without undue delay when the breach is likely to result in a high risk to them. What personal data we hold and why is set out in our privacy policy.
If you believe you have found a vulnerability in this website or in Driive, email security@driive.app with enough detail to reproduce it. Please give us reasonable time to fix the issue before any public disclosure, and do not access, modify or exfiltrate data that is not yours. We respond to genuine reports, will not pursue legal action against good-faith research conducted within these rules, and will credit reporters who want it once a fix has shipped.
Access opens in waves from the waitlist — founding instructors get in first.
Free to join · No spam · By joining you agree to our Privacy Policy.