Trust Center
Student Data Commitments
Effective July 16, 2026 · Last updated July 16, 2026
These commitments apply when LesserLabs processes student information for a school or district through MissionK12, HallBeat, Flow, Control, or Rubric Insights. A signed Data Processing Agreement may provide more specific requirements and will control if it conflicts with this page.
Our commitments
School and LesserLabs roles
The school or district determines the educational purpose, authorized users, data supplied, and appropriate student access. LesserLabs acts as a service provider processing information under the school’s direction to operate the Services.
LesserLabs does not claim ownership of school-provided education records. Schools remain responsible for determining which records may be disclosed and which users have a legitimate educational interest.
FERPA support
When a school relies on FERPA’s school-official exception, LesserLabs processes education records for the institutional service requested by the school, remains under the school’s direct control regarding use and maintenance of those records, and does not redisclose them except as directed by the school, permitted by contract, or required by law.
LesserLabs assists participating schools with reasonable requests to inspect, correct, export, restrict, or delete records in the Services.
COPPA and younger students
For students under 13, a school may authorize collection on a parent’s behalf only for an educational service used for the school’s benefit and not for an unrelated commercial purpose. LesserLabs provides schools notice of its data practices and supports review, deletion, and prevention of further collection where required.
LesserLabs does not place responsibility for its own COPPA compliance solely on teachers or schools. Direct-to-consumer student accounts are not offered through the MissionK12 school Services.
Data access and school control
- Authorized administrators control staff and student access.
- Role-based views limit information based on the user’s school function.
- Schools may request an export of available institutional records.
- Schools may request correction or deletion, subject to operational, contractual, and legal requirements.
- Parents and students should generally make education-record requests through their school, which LesserLabs will support.
Current service-provider categories
| Provider/category | Purpose | Information involved |
|---|---|---|
| Cloudflare | DNS, secure networking, traffic protection, and content delivery | Standard network and request information |
| School-account authentication | Name, email address, account identifier, and authentication response | |
| Authorized email provider | Service notifications and school-requested messages | Recipient address and message content needed for delivery |
| Controlled application infrastructure | Application, database, backup, and operational hosting | Records necessary to provide the selected MissionK12 products |
LesserLabs will update this page when a material new service-provider category is introduced. A district agreement may require advance notice or an institution-specific subprocessor list.
Security and incidents
LesserLabs uses controls designed to protect student information and will investigate suspected unauthorized access. Participating schools will be notified without unreasonable delay when LesserLabs determines that a security incident affects their protected information, subject to applicable law and the school agreement.
End of service
When a school ends its use of the Services, LesserLabs will provide a reasonable opportunity to request an export and will delete or return school data according to the applicable agreement. Protected backups may retain limited copies temporarily until they are overwritten through the normal backup cycle.
Email hello@lesserlabs.com. Do not include sensitive student records in an initial email.
Contact LesserLabs