Security & Data Protection at Lexa

Lexa is built with security as a foundational principle. This article explains the technical measures we use to protect teacher and student data.

Encryption

All data is encrypted both in transit and at rest:

• In Transit: All connections use TLS 1.2+ encryption. Data traveling between your browser and our servers is always encrypted.
• At Rest: Database storage uses AES-256 encryption. Your worksheets, student answers, and feedback are encrypted when stored.

Data Isolation (Row Level Security)

We use Row Level Security (RLS) at the database level. This means:

• Teachers can only access their own classes and students
• Students can only see their own work and feedback
• One teacher's data is completely invisible to another teacher
• Even if there were a bug in our application code, the database itself blocks unauthorized access

This is enforced by our database (PostgreSQL via Supabase), not just application logic.

Authentication & Access Control

• All API endpoints require authentication
• Session tokens are securely managed via Supabase Auth
• Rate limiting protects against brute force attacks
• Sensitive operations (account deletion, payments) have additional verification

Infrastructure Security

Lexa runs on enterprise-grade infrastructure from trusted providers:

*Supabase is SOC 2 Type II certified and audited annually. All Lexa data benefits from Supabase's security controls and compliance framework.

By building on these platforms, Lexa inherits their rigorous security standards and compliance certifications.

Monitoring & Auditing

• We use Sentry for real-time error monitoring and alerting
• Database queries are logged for security auditing
• Suspicious activity triggers automated alerts

Security Testing

We conduct regular security audits of our codebase, including:

• Authentication and authorization checks
• Input validation and sanitization
• API endpoint security reviews
• Database policy verification