Trust Center
Security Overview
Last updated July 16, 2026
Security approach
MissionK12 products are designed around school-authorized access, limited collection, and practical controls appropriate to the information each workflow requires. Controls are reviewed as the platform and customer requirements evolve.
Identity and access
- School Google accounts are used for primary user authentication where configured.
- Server-validated sessions limit repeated exposure of identity credentials.
- Role-based permissions separate student, teacher, coordinator, and administrator capabilities.
- Authorization is checked on protected server routes, not only hidden in the user interface.
- Administrative access is limited to authorized personnel and school-designated administrators.
Data protection
- Public connections use HTTPS encryption in transit.
- Application data is stored in controlled databases and is not made publicly accessible.
- Secrets and session-signing material are kept outside public web assets.
- Products collect and expose information according to the needs of the user’s authorized role.
- Backups and recovery procedures are used where appropriate to the product and deployment.
Monitoring and operational controls
- Important administrative and data-changing actions are recorded in audit logs where supported.
- Authentication, application, and infrastructure errors are reviewed during troubleshooting and incident response.
- Dependencies and systems are updated as security and compatibility needs are identified.
- Service providers are limited to operational functions such as authentication, networking, and email delivery.
Incident response
When LesserLabs receives a credible security report, it will work to contain the issue, preserve relevant information, evaluate affected systems and records, remediate the cause, and notify affected schools as required by law or agreement.
Schools should provide an appropriate security contact in their service agreement so time-sensitive notices reach the correct person.
Report a security concern
Email hello@lesserlabs.com with “MissionK12 Security Report” in the subject. Describe the affected product, date, and observed behavior. Do not access additional records, disrupt service, or include unnecessary student information.
Report a concern