Skip to main content
Heronix PassTrack pilot applications are open for the 2026 school year. Apply for a pilot slot
For IT & Security

Runs inside your network. Tokenized at the edge.

Heronix products don't require cloud connectivity to operate. They run on your infrastructure. Student PII is tokenized at the network boundary before any external integration receives data. No vendor can flip a switch and expose your district's records.

Read the architecture Request a technical call

The security posture

On-premise by default

Products are designed to run entirely inside the district network. No required outbound cloud connectivity for core operation. Kiosks and classroom tools are offline-first and reconcile when reachable.

Guardian tokenization

Student PII is tokenized at the integration boundary before any data leaves the district. Each external vendor gets a unique, non-reversible token namespace. A breach at one vendor cannot reconstruct the district's roster.

No vendor-held master keys

The tokenization master key never leaves district infrastructure. Heronix does not hold a copy. A vendor breach at Heronix does not expose tokenized data at districts running Heronix.

Auditable locally

Guardian logs every integration that received data, which fields, for which tokens, and when. Logs stay on district infrastructure — no telemetry pipeline to a vendor's cloud.

Integrates with your identity layer

Works with existing district identity providers (LDAP/AD, SAML). Heronix does not require a separate user directory it controls.

No silent updates

Software updates are available; applying them is a district decision. No forced background upgrades that can change behavior mid-semester. You control the patch cycle.

What we hand to your team

  • Deployment guide for on-premise installation
  • Network boundary diagram — where tokenization happens
  • Threat model document — what Guardian does and does not protect against
  • Data flow diagram for every external integration
  • Audit log schema — what gets logged, retention options

Security teams get the documents before signing anything. Bring your most adversarial threat model.

Request a technical call

We'll walk your IT and security team through the tokenization boundary, master-key handling, and integration flows. 45 minutes, no sales ambush.

Request a call Read the architecture