Last updated: August 4, 2025.
This Compliance Policy explains how Kanexon, Inc. and the Kannect Platform ("Kannect", "we", "our", or "us"), are committed to safeguarding data in accordance with the highest standards of privacy and regulatory compliance. We understand that our platform may be used by educational institutions, healthcare-related organizations, nonprofits, and government agencies, and we take that responsibility seriously.
We comply with the Family Educational Rights and Privacy Act (FERPA), ensuring that any education records or student information provided by educational institutions are securely stored and managed. We do not access, use, or share student data for any purpose other than delivering services explicitly requested by the institution. Student data remains under the control of the educational organization at all times.
We do not knowingly collect or store information from children under the age of 13 without verifiable parental consent. If we become aware that we have inadvertently received such information, we will take steps to delete it promptly. Organizations serving children are responsible for obtaining the necessary parental or guardian consents before using the platform with minors.
Although Kannect is not a covered entity under HIPAA, we recognize that some organizations may use the platform in contexts where health-related information is discussed or stored. We implement safeguards that align with the Health Insurance Portability and Accountability Act (HIPAA) to protect sensitive health information and prevent unauthorized access or disclosure. If an organization is subject to HIPAA and requires a Business Associate Agreement (BAA), we are happy to explore that need during onboarding.
We are committed to following all applicable local, state, and federal regulations related to data collection, storage, and transmission, including but not limited to those issued by the Federal Trade Commission (FTC), the National Institute of Standards and Technology (NIST), and other U.S. government compliance standards. We can support public-sector organizations in meeting internal data governance requirements and will provide additional documentation or security reviews upon request.
All user and organizational data is stored in secure data centers located in the United States. We may offer region-specific data hosting options upon request for enterprise or government clients with data localization requirements. Please contact our team to explore dedicated hosting or sovereign cloud environments.
While Kannect has not yet completed formal SOC 2 or ISO 27001 certification, our platform is developed and maintained using principles aligned with these frameworks. We implement controls for data security, availability, and confidentiality, and are open to supporting vendor security assessments and due diligence processes.
We work with carefully vetted third-party service providers to support the operation and performance of the Kannect Platform (such as cloud storage, analytics, and customer service tools). A complete list of subprocessors is available upon request, and we require all vendors to meet strict data protection standards and enter into appropriate data processing agreements (DPAs).
We are continually reviewing and updating our compliance policies to reflect changes in legislation and best practices. If you are an organization with additional requirements or certifications (e.g., SOC 2, ISO 27001), please contact our team to discuss how Kannect can support your needs.
Questions? For questions related to data compliance or legal documentation, please reach out to our Privacy Officer at policy@kannect.co.
This policy is reviewed and updated annually or as necessary to reflect changes in laws, best practices, or platform functionality.