We’d like to assure you that data protection is of paramount importance here at Tapestry.
We also regularly review our security protocols here at Tapestry and given the recent news of a nursery chain being been hacked, we are monitoring all of our logs very closely.
All information about how we keep data added to Tapestry accounts secure can be found within our security contract, but below we have bullet pointed some key security points:
- Your data is kept physically secure by our hosting partner, Amazon Web Services (AWS), in data centres within Europe. That means people can’t get to the physical computers where the data is stored and attempt to steal it directly from there.Â
- We keep the software we use up to date. This means that any security vulnerabilities are fixed as soon as possible after they are discovered. They are tested regularly by us, the people who make the software, and the larger technical community.
- Tapestry databases are not directly accessible from the internet. They can only be accessed via a specific route and with specific authorisation.Â
- The data is encrypted at rest and in transit. This means even if someone managed to get hold of it, it would be nonsense.Â
- We proactively monitor Tapestry for suspicious activity.
- We have MFA and IP restrictions for all access points to Tapestry data on our end.
- We have penetration tests every year – these are essentially professional hackers who try to break in. Our penetration testers are CREST accredited and our latest test was carried out in August 2025. Â
- The data for each account is partitioned – which means the data for one school, nursery, or childminder is stored separately from the data of another. This means that if hackers were able to access one account, they would not be able to then access anyone else’s account from there.Â
- All Tapestry accounts have brute force protection (to stop hackers using computers to try lots of passwords very quickly until they get it right).
It is important to note that although we do all we can to keep your data safe, a significant amount of ‘hacks’ are down to insecure passwords/authentication methods from users. Whilst we do prevent people from using very short passwords, any of the most common passwords, or easily guessable passwords, we cannot stop users from using the same password for lots of systems for example. Therefore we have some practical advice for you as a parent/relative:
- Consider how strong your current passwords are;Â are you using the same password across multiple accounts? You can see advice on what makes a good password here and if you would like to, you can update your password on Tapestry by following these instructions.Â
- Never share your individual password with anyone.
- If the device you use to access Tapestry supports it, as long as you don’t share the device, you can enable biometric unlocking for the app. Linked below you can find the tutorials on how to do this:
How to enable Face ID/Touch ID on the iOS app
How to enable fingerprint unlocking on the Android app
If you have any specific questions after reading through the post, do get in touch with us by emailing customer.service@eyfs.info.
