Skip to main content
Bell Path
Bell Path

Risk assessment

School Risk Assessment Summary

A printable summary for schools reviewing Bell Path data residency, privacy, security, procurement, and operational risks.

Operator
Dimitrios James Gregory Hooke ABN 59 429 101 462 trading as Bell Path Timetabling
Effective date
6 May 2026
Contents01–10
  1. 01Purpose
  2. 02Current residency position
  3. 03Data entered by schools
  4. 04Data minimisation guidance
  5. 05Key risks
  6. 06Bell Path controls
  7. 07Subprocessors
  8. 08School review actions
  9. 09Residual risk
  10. 10Questions and written commitments

Purpose

This page is a printable risk assessment summary for schools reviewing Bell Path before entering live school data. It is intended to support school procurement, privacy, and leadership review. It is not legal advice and does not replace a school, sector, or Department of Education assessment.

Schools may print this page from the browser and attach it to their internal approval records.

Current residency position

Bell Path is operated from Australia but uses cloud infrastructure providers. The current application deployment configuration targets Railway infrastructure in Southeast Asia/Singapore. Schools should treat Bell Path as involving offshore processing unless Bell Path has separately agreed and verified an Australian-only residency arrangement in writing.

Application runtime, database, Redis, file/export storage, email, monitoring, and payment providers can have different regions. A school that requires Australian-only data residency should request written confirmation covering each relevant service before entering live data.

Data entered by schools

  • School identity, account, workspace, billing, and operational setup records.
  • Staff names, roles, emails where entered, availability, meetings, duties, constraints, timetable records, and saved versions.
  • Class, room, subject, bell time, timetable structure, generated timetable, validation, export, and daily operations records.
  • Student-related records only where the school chooses to use features that require them, such as education support planning or funded-minute assignments.
  • Support requests, screenshots, exports, and issue context where a user provides them to Bell Path.

Data minimisation guidance

Core timetable generation does not require student names. Schools should avoid entering unnecessary student-identifying information and should use class, year level, group, or staff records where that is enough for the workflow.

Where student-related information is entered, the school remains responsible for authority, notices, consents, retention decisions, and compliance with its own policies and applicable law.

Key risks

  • Offshore processing or storage may not satisfy a school or sector data residency requirement.
  • A user may enter more personal information than the workflow requires.
  • PDF exports, public links, screenshots, or email attachments may be shared outside the intended school audience.
  • Incorrect roles or stale staff accounts may allow access by someone who no longer needs it.
  • A provider outage, application defect, or failed export may interrupt a school workflow at a busy operational time.
  • Generated timetables and cover outputs still require leadership review before publication or distribution.

Bell Path controls

  • Users authenticate before accessing a school workspace.
  • School membership and role checks are enforced server-side for protected workspace requests.
  • Administrative access to sensitive operational areas is limited and logged for review.
  • Production traffic uses HTTPS through the active hosting and deployment providers.
  • Passwords are not stored in plain text.
  • Stripe-hosted checkout is used so Bell Path does not store card numbers.
  • Exports are generated on demand and should be handled by the school as controlled operational records.
  • Monitoring and error records are used to diagnose reliability and security issues.

Subprocessors

Bell Path uses service providers where reasonably needed to operate, support, secure, monitor, and bill for the product.

  • Railway for application hosting, database, Redis, deployment, and infrastructure services
  • Stripe for payment processing, hosted checkout, invoices, and subscription records
  • Resend for transactional email delivery where configured
  • Sentry for application error monitoring where configured
  • Google for optional Google sign-in and related authentication services

School review actions

  • Confirm whether the school or sector requires Australian-only data residency before entering live data.
  • Complete any required procurement, privacy impact, security, ST4S, or Department approval process.
  • Limit the information entered to what the school needs for timetabling and operational planning.
  • Review user access regularly and remove staff who no longer need the workspace.
  • Keep exported PDFs and shared links inside the school’s normal records and communication controls.
  • Review generated timetables, daily cover, yard duty, and education support outputs before publication or action.

Residual risk

After the controls above, Bell Path still carries residual risk around offshore processing, provider dependence, user-entered personal information, exported documents, and operational reliance on generated outputs. Schools that cannot accept those residual risks should not enter live data until the relevant written commitments, approvals, and technical arrangements are in place.

Questions and written commitments

Schools can request written responses, data residency confirmation, deletion assistance, or procurement information by contacting hello@bellpath.com.au. Any special residency, certification, subprocessor, security, service level, retention, or deletion commitment must be agreed in writing before the school relies on it.

School Risk Assessment | Bell Path