// Trust & Security Report
Tettra, Inc.
AI-powered internal knowledge base and Slack Q&A bot ("Kai") for internal documentation, knowledge management, and repetitive-question deflection; single core product sold on Scaling and Enterprise tiers (Enterprise adds SSO/SCIM).
Certifications held
1
Maturity
Growth
Trains on your data
No
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on tettra.com“"Tettra is dedicated to protecting the information we collect about you and fulfilling all obligations to you in compliance with the GDPR." Also: "We do not use the Privacy Shield to transfer your data. All sub-processors who previously used the Privacy Shield have updated to use SCC."”
> Show 7 unconfirmed / not-held certifications
source: support.tettra.comNo public evidence. Tettra has no dedicated trust center; its security overview, help-center security section, and privacy policy make no mention of SOC 2 or any third-party audit report.
source: tettra.comNo public evidence. No mention of ISO 27001 or any ISO certification anywhere on tettra.com or support.tettra.com.
source: support.tettra.comNo public evidence of a HIPAA compliance program or BAA offering. Not mentioned in the security overview, privacy policy, or help docs.
source: tettra.comTettra itself is not PCI-certified; its payment processor is. "Our credit card processor, Stripe, is certified to PCI Service Provider Level 1, the most stringent level of certification available." This is the payment vendor's (Stripe's) certification, not Tettra's.
source: tettra.comNo public evidence of an AI management-system certification. Not referenced anywhere on tettra.com or its help docs.
source: tettra.comNo public evidence. No CSA STAR registry entry or self-assessment referenced on the vendor's site.
source: tettra.comNo public evidence. Not a government/federal-focused product; no FedRAMP mention anywhere on the vendor's site.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Not offered
Data region
United States ("secured and encrypted servers located in the United States" per privacy policy); infrastructure hosted on Heroku with AWS for database/backups per security overview.
Privacy policy explicitly states: "We WILL NOT use your Google Workspace or Slack data to develop, improve, or train generalized AI and/or ML models." OpenAI is listed as a sub-processor (powers the Kai AI bot/answers feature) but customer content is not used to train foundation models. No public per-tier opt-out toggle was found; the no-training commitment appears to apply account-wide. Note: Tettra explicitly does NOT offer a standalone DPA ("At this time, we are not planning on providing a Data Processing Addendum (DPA) separate from our updated Terms of Service" per help docs), which is a gap relative to enterprise expectations.
// Security controls
Hosting infrastructure
Application hosted on Heroku; database and backups hosted on Amazon AWS.
tettra.comBackups
Customer account data backed up every day; self-serve HTML export available at any time.
support.tettra.comEmployee access controls
Strict policies on employee access to customer data; customer notified and written consent obtained where practical; granular audit logs of data access maintained.
tettra.comBreach notification
Notifies customers in writing within 72 hours of verifying a security breach affecting their data.
support.tettra.com// Products & data scope
data: Company internal documentation, Google Docs/PDF imports, Slack conversation content indexed for Q&A
$8/user/month (10-user minimum), all AI features included (Kai bot, page tagging, FAQ generation), API access, unlimited storage/version history.
data: Same data scope as Scaling plan; adds SSO/SCIM-gated identity and provisioning controls
Custom pricing (discounts at 250+ licenses); adds SSO & SCIM, custom onboarding/import, custom reporting, priority/dedicated support.
// What to watch
- No dedicated trust center or third-party audit report (SOC 2 / ISO 27001) found anywhere on tettra.com, support.tettra.com, or via search; absence corroborated across three vendor-owned sources (security overview, help docs, privacy policy) so this is treated as a confirmed gap, not a crawl failure.
- Vendor explicitly states it does NOT offer a standalone Data Processing Agreement (DPA) separate from its Terms of Service, which may not satisfy enterprise/EU procurement requirements despite its GDPR posture.
- PCI DSS reference on the security page belongs to Stripe (Tettra's payment processor), not Tettra itself; do not list PCI DSS as a Tettra certification.
- Do not confuse this vendor with "Tettra Health" (tettrahealth.com), an unrelated company with a similar name; identity for this assessment is Tettra, Inc. (tettra.com / tettra.co), the internal knowledge base / Slack Q&A product.
- OpenAI is listed as a sub-processor for AI features; confirm current sub-processor list at time of listing since these can change without a formal changelog entry being found.
// At a glance
Pricing model
Per-user/month subscription (Scaling: $8/user/mo, 10-user minimum) plus a custom-priced Enterprise tier with SSO/SCIM; 30-day free trial.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Tettra, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
tettra.com