Built on SOC 2 certified infrastructure with PDPA compliance. Your students' data is protected by the same security standards used by Fortune 500 companies.
All data encrypted in transit (TLS 1.2+) and at rest (AES-256). Your worksheets and student work are always protected.
Database-level isolation ensures teachers can only access their own classes. Even a bug in our code can't breach this protection.
Built for Singapore schools. We act as a Data Intermediary while you remain the Data Controller with full control.
Powered by Supabase, Google Cloud, and Vercel—all SOC 2 Type II certified. Your data is hosted by industry leaders.
Your worksheets and student answers are never used to train public AI models. Your content stays yours.
Full disclosure of all third-party services and data processing. We publish our subprocessor list publicly.
Lexa inherits enterprise-grade security and compliance from our infrastructure partners
| Component | Provider | Certifications |
|---|---|---|
| Database & Auth | Supabase | SOC 2 Type II, ISO 27001 |
| AI Processing | Google Cloud | SOC 2, ISO 27001, ISO 27017 |
| Web Hosting | Vercel | SOC 2 Type II |
| Payments | Stripe | PCI DSS Level 1 |
PDPA Compliance: Lexa operates as a Data Intermediary. You (the teacher or school) remain the Data Controller, meaning you decide what data to collect and for what purpose.
Your Responsibilities: As the Data Controller, you are responsible for obtaining necessary parental consent for students under 13 (or as required by your institution).
Our Commitment: We only collect data necessary for educational purposes (grading, feedback, progress tracking) and never sell or share student data with third parties.
Comprehensive articles covering every aspect of our security and privacy practices
Technical details on encryption, RLS, authentication, and infrastructure security
How we use Gemini AI, what data is processed, and our no-training guarantee
Complete list of all services that process data on behalf of Lexa
Detailed guidance on roles, consent, and data subject rights under PDPA
How to report vulnerabilities and our breach notification procedures
Our team is happy to answer any security questions or provide additional documentation for your institution's compliance review.
Contact Us: contact@lexa.sg