For Schools & IT

How Hanlexon protects student data

Hanlexon helps students learn Mandarin Chinese. We take the privacy of your students seriously. This page explains how we protect student data, what we commit to, and what your district needs for procurement — all self-serve, no NDA required.

Our commitments

WE DO
  • Use student data only to provide and improve the educational service
  • Encrypt data in transit and at rest
  • Give parents and schools access, correction, and deletion rights
  • Sign data privacy agreements (FERPA, COPPA, SOPPA, GDPR, APP)
  • Notify schools within 7 days of any confirmed data breach (or stricter if your DPA requires)
  • Return or delete student data within 60 days when an institution agreement ends
  • Provide configurable controls so teachers can manage their classroom
WE DO NOT
  • Sell student personal information — ever
  • Show advertisements to students
  • Build behavioral profiles for non-educational purposes
  • Use student-submitted content (writing, voice, chat) to train AI models
  • Share student data with third parties except as needed to provide the service
  • Track students across other websites or apps
  • Provide public messaging or open-network social features

Recognitions & frameworks

Hanlexon signs the SDPC National Data Privacy Agreement state-by-state on request from any LEA.

We comply with FERPA, COPPA, SOPPA, UK GDPR, and the Australian Privacy Principles — full details in our Privacy Policy §11 and Terms of Service §7.

Responsible AI

Purpose-driven. AI is invisible infrastructure that helps a student learn Mandarin — not a feature for its own sake.

Privacy-focused. Student-submitted content (writing, voice recordings, chat) is never used to train AI models. We configure commercial-API settings to disable training where supported.

Transparent. The human teacher remains in control. AI-generated content is labeled as such where relevant.

Reliable. Fair-use limits prevent abuse and maintain quality for all students.

Configurable. Schools can opt out of AI features per class or globally.

Downloadable agreements

We publish our privacy and contractual artifacts so your district's procurement team can self-serve. No NDA, no signup, no email capture.

Hanlexon Data Processing Agreement (pre-signed)

For UK GDPR, EU GDPR, AU APP, and any institution outside US K-12. Includes Article 28 clauses, Standard Contractual Clauses, and UK IDTA.

View / print HTML version
SDPC National Data Privacy Agreement v2.2 STANDARD

For US K-12 districts. Hanlexon signs the SDPC NDPA v2.2 STANDARD with Exhibit E (General Offer of Privacy Terms) — one signed agreement covers all 50 states. Other districts in any state countersign Exhibit E to adopt the same terms; their state-specific Exhibit G is auto-attached by SDPC.

Pending first LEA signing. Use our inquiry form to initiate — we typically sign within 5 business days.

Sub-processors

We engage the following third-party processors to provide the Service. All are bound by data-protection terms at least as protective as those in our agreement with you.

Service Purpose Region Data sent
Amazon Web Services Hosting, storage, content delivery us-east-1, US All Service data
Stripe, Inc. Payment processing US Billing data only (no student data)
Anthropic AI processing (Claude) US Per-request prompt; no PII; no training
Google AI processing (Gemini) US/Global Per-request prompt; no PII; no training
OpenAI-compatible providers Specialized AI capabilities (DeepSeek, Groq, others) varies Per-request prompt; no PII
Microsoft Azure Text-to-speech voice synthesis US Text strings only (no PII)

Material changes (new sub-processor, scope change) get 30 days' notice via this page and email to subscribers. Subscribe: admin@hanlexon.com

Contact

Privacy or data-protection questions: admin@hanlexon.com

Account / subscription / renewal: admin@hanlexon.com · or manage your account

To request a signed agreement (Hanlexon DPA or SDPC NDPA v2.2): use our inquiry form

For Schools Full Privacy Policy Terms of Service