Trust
Plain answers before you trust Greta with the details.
Last updated: July 15, 2026
Greta is a personal teacher tool. This page gathers the controls and provider commitments that support that promise, with a date and source for each pass-through claim.
What Greta commits to today
- No model training. Greta does not use teacher notes, voice memos, or drafts to train models. Provider terms are listed and dated below.
- No ads or selling. Greta does not sell student context or use it for advertising.
- Deletion stays in the teacher’s hands. Individual kids, notes, and class memories can be removed from live storage. Provider backups follow a retention window of up to 30 days.
- Export is available by request. Email privacy@teachgreta.com to request a copy of a record or a full account deletion. There is no in-app export screen in this alpha.
Security controls
- Per-teacher tenant isolation. Greta scopes data access to the teacher who owns it.
- Schema-enforced forbidden fields. Greta rejects SSNs, full dates of birth, and student ID numbers as data fields.
- Server-side-only keys. Provider credentials stay on server-side execution paths.
- Signed URLs. Stored media is accessed through time-bounded signed links rather than public file URLs.
- Infrastructure encryption.Greta’s infrastructure providers attribute encryption at rest and in transit to their own controls.
Service providers
These providers help Greta operate features a teacher requests. Optional connectors and text messaging are not required for core use. Provider claims are attributed and dated; the source links open their documentation.
Anthropic
Purpose: Claude drafts and other language-model features
Data touched: Teacher-provided notes, memos, and the minimum context needed for the requested draft
Provider note: Per Anthropic's commercial documentation, as of 2026-07-15, API inputs and outputs are not used to train models by default.
Verified 2026-07-15 · Source
OpenAI
Purpose: Whisper transcription and text embeddings for search
Data touched: Voice recordings for transcription and the text needed to create search embeddings
Provider note: Per OpenAI's API data-controls documentation, as of 2026-07-15, API inputs and outputs are not used to train models by default; default abuse-monitoring logs may be retained for up to 30 days.
Verified 2026-07-15 · Source
Convex
Purpose: Database, file storage, and backend functions
Data touched: Teacher account data, notes, records, drafts, and files stored for the teacher
Provider note: Convex is an infrastructure provider; encryption and storage controls are attributed to the provider rather than presented as a Greta-operated facility.
Verified 2026-07-15 · Source
Vercel
Purpose: Web application hosting and delivery
Data touched: Requests needed to serve the Greta web application
Provider note: Vercel hosts and delivers the web application; infrastructure encryption is attributed to Greta's infrastructure providers.
Verified 2026-07-15 · Source
Twilio and participating mobile carriers
Purpose: Optional SMS/MMS capture, verification, and compliance messages
Data touched: Verified teacher phone number, message text, images, delivery metadata, and consent signals
Provider note: SMS/MMS content and phone numbers pass through Twilio and downstream carriers; carrier retention, inspection, and jurisdictional handling are outside Greta's control.
Verified 2026-07-15 · Source
Composio
Purpose: Optional Gmail, Calendar, Drive, Outlook, and OneDrive connector actions
Data touched: Only the connector context and permissions needed for the action a teacher requests
Provider note: Connector data passes through Composio only when a teacher connects a service and requests that action; Greta does not require connectors for core use.
Verified 2026-07-15 · Source
Postmark
Purpose: Inbound email capture
Data touched: Inbound message metadata and message content sent to a teacher's Greta capture address
Provider note: Postmark receives inbound email needed for the capture path; Greta records provider authentication results and avoids putting raw message bodies in application logs.
Verified 2026-07-15 · Source
Sentry
Purpose: Error tracking and performance monitoring
Data touched: Scrubbed error metadata, stack traces, and performance measurements
Provider note: Greta scrubs classroom content before Sentry receives error events.
Verified 2026-07-15 · Source
PostHog
Purpose: Privacy-conservative product analytics
Data touched: Allowlisted operational fields such as source, surface, status, counts, booleans, and latency
Provider note: Greta sends only allowlisted operational fields; autocapture and session replay are off.
Verified 2026-07-15 · Source
| Provider | Purpose | Data and dated claim |
|---|---|---|
| Anthropic | Claude drafts and other language-model features | Teacher-provided notes, memos, and the minimum context needed for the requested draftPer Anthropic's commercial documentation, as of 2026-07-15, API inputs and outputs are not used to train models by default.Verified 2026-07-15 · Source |
| OpenAI | Whisper transcription and text embeddings for search | Voice recordings for transcription and the text needed to create search embeddingsPer OpenAI's API data-controls documentation, as of 2026-07-15, API inputs and outputs are not used to train models by default; default abuse-monitoring logs may be retained for up to 30 days.Verified 2026-07-15 · Source |
| Convex | Database, file storage, and backend functions | Teacher account data, notes, records, drafts, and files stored for the teacherConvex is an infrastructure provider; encryption and storage controls are attributed to the provider rather than presented as a Greta-operated facility.Verified 2026-07-15 · Source |
| Vercel | Web application hosting and delivery | Requests needed to serve the Greta web applicationVercel hosts and delivers the web application; infrastructure encryption is attributed to Greta's infrastructure providers.Verified 2026-07-15 · Source |
| Twilio and participating mobile carriers | Optional SMS/MMS capture, verification, and compliance messages | Verified teacher phone number, message text, images, delivery metadata, and consent signalsSMS/MMS content and phone numbers pass through Twilio and downstream carriers; carrier retention, inspection, and jurisdictional handling are outside Greta's control.Verified 2026-07-15 · Source |
| Composio | Optional Gmail, Calendar, Drive, Outlook, and OneDrive connector actions | Only the connector context and permissions needed for the action a teacher requestsConnector data passes through Composio only when a teacher connects a service and requests that action; Greta does not require connectors for core use.Verified 2026-07-15 · Source |
| Postmark | Inbound email capture | Inbound message metadata and message content sent to a teacher's Greta capture addressPostmark receives inbound email needed for the capture path; Greta records provider authentication results and avoids putting raw message bodies in application logs.Verified 2026-07-15 · Source |
| Sentry | Error tracking and performance monitoring | Scrubbed error metadata, stack traces, and performance measurementsGreta scrubs classroom content before Sentry receives error events.Verified 2026-07-15 · Source |
| PostHog | Privacy-conservative product analytics | Allowlisted operational fields such as source, surface, status, counts, booleans, and latencyGreta sends only allowlisted operational fields; autocapture and session replay are off.Verified 2026-07-15 · Source |
What Greta does not have yet
Greta is not currently SOC 2 certified and does not hold district-specific NDPA or DPA agreements. Those are future work if Greta begins pursuing school-purchased deals. Greta does not publish an AFT-alignment claim while the reference standard is unpublished.
Greta also does not publish a breach-notification or subprocessor-change time promise yet. Those commitments wait for a written notification runbook and a monitored channel that can actually deliver them.
For the exact language on teacher-kept observational notes and the FERPA posture, read the FERPA page. For administrator-facing categories and retention, read the Data Processing Summary.
Contact
Trust and privacy questions: privacy@teachgreta.com. General questions: hello@teachgreta.com.