Compliance Policy

This Compliance Policy explains how Kanexon, Inc. and the Kannect Platform ("Kannect," "we," "our," or "us") safeguard data in accordance with the highest standards of privacy and regulatory compliance. Kannect is used by schools, healthcare-adjacent organizations, nonprofits, government agencies, public safety teams, and other regulated communities, and we take that responsibility seriously. This policy covers every Kannect product: the dashboard, the mobile app, public community pages, and Kannect Discover.

Plain English: A lot of communities running on Kannect operate under specific regulations — FERPA for schools, COPPA for kids, HIPAA-adjacent for health, GDPR for the EU, CCPA for California. Here's how we align with each.

FERPA — Education

Kannect aligns with the Family Educational Rights and Privacy Act (FERPA) principles for handling personal data on behalf of educational institutions. Importantly, Kannect is not a Student Information System. We do not store or maintain formal education records (grades, transcripts, official student data). A school using Kannect can communicate with families, run events, share resources, and add information to member profiles — that data is controlled by the school, not maintained by Kannect as an education record. If grades or similar information happen to be attached to a member profile or shared between a school and a member, that is data the school controls.

If your institution has specific FERPA documentation requirements (data processing agreements, security questionnaires, designation-of-school-official forms), email hello@kannect.co and we'll work with you.

COPPA — Children's privacy

We do not knowingly collect or store information from children under the age of 13 without verifiable parental consent. If we become aware that we have inadvertently received such information, we will delete it promptly. Organizations serving children are responsible for obtaining the necessary parental or guardian consents before using the platform with minors.

HIPAA — Healthcare

Although Kannect is not itself a covered entity under HIPAA, we recognize that organizations may use the platform in contexts where health-related information is discussed or stored. We implement safeguards that align with the Health Insurance Portability and Accountability Act to protect sensitive health information and prevent unauthorized access or disclosure. If your organization is subject to HIPAA and requires a Business Associate Agreement (BAA), we're happy to explore that during onboarding — email hello@kannect.co.

Government & public sector data requirements

We follow all applicable local, state, and federal regulations related to data collection, storage, and transmission, including those issued by the Federal Trade Commission (FTC), the National Institute of Standards and Technology (NIST), and other U.S. government compliance standards. We can support public-sector organizations in meeting internal data governance requirements and will provide additional documentation or security reviews upon request.

Data localization & sovereignty

All user and organizational data is stored in secure data centers in the United States, hosted on Amazon Web Services (AWS). AWS maintains SOC 2, ISO 27001, and GDPR compliance certifications, providing the foundation we build on top of. We may offer region-specific data hosting options on request for enterprise or government clients with data localization requirements. Contact our team to explore dedicated hosting or sovereign cloud environments.

SOC 2 & ISO 27001 readiness

Kannect has not yet completed formal SOC 2 or ISO 27001 certification, but the platform is developed and maintained using principles aligned with these frameworks. We implement controls for data security, availability, and confidentiality, and we're open to supporting vendor security assessments and due diligence processes.

Other applicable regulations

GDPR (General Data Protection Regulation). For users and organizations in the EU/EEA, we abide by the GDPR and respect the rights of data subjects to access, correct, and delete their information.
CCPA (California Consumer Privacy Act). For California residents, we comply with the CCPA and honor consumer rights related to data access, deletion, and disclosure.
LGPD (Lei Geral de Proteção de Dados). For users in Brazil, we comply with the LGPD and treat personal data in accordance with applicable Brazilian law.

Third-party subprocessors

We work with carefully vetted third-party service providers to support the operation and performance of Kannect — cloud storage, analytics, customer service, payment processing. A complete list of subprocessors is available on request, and we require all vendors to meet strict data protection standards and enter into appropriate data processing agreements (DPAs).

The Verification principle

One additional protection that's specific to Kannect: every organization that joins the platform does so through a credit-card-verified trial. The card is a spam filter, not a paywall — it stops bots and fake organizations from reaching the Kannect Discover network. The result is a verified, real network of organizations that members and partners can trust by default.

Plain English: Beyond the laws we comply with, we add one layer most platforms don't: every organization on Kannect is real, because every organization paid to verify with a card before they got on the network.

Updates

We continually review and update our compliance practices to reflect changes in legislation and best practices. This policy is reviewed annually or as necessary.

Contact

If you're an organization with additional requirements or certifications (SOC 2, ISO 27001, FedRAMP, HIPAA BAA, custom DPAs, subprocessor lists), please reach out to hello@kannect.co to discuss how Kannect can support your needs.

Education, health, and government.