// Trust & Security Report

    Tettra, Inc. logo

    Tettra, Inc.

    AI-powered internal knowledge base and Slack Q&A bot ("Kai") for internal documentation, knowledge management, and repetitive-question deflection; single core product sold on Scaling and Enterprise tiers (Enterprise adds SSO/SCIM).

    Certifications held

    1

    Maturity

    Growth

    Trains on your data

    No

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    GDPR (posture)
    HELD

    "Tettra is dedicated to protecting the information we collect about you and fulfilling all obligations to you in compliance with the GDPR." Also: "We do not use the Privacy Shield to transfer your data. All sub-processors who previously used the Privacy Shield have updated to use SCC."

    Verify on tettra.com
    > Show 7 unconfirmed / not-held certifications
    SOC 2 (Type 1/2)
    NOT CONFIRMED

    No public evidence. Tettra has no dedicated trust center; its security overview, help-center security section, and privacy policy make no mention of SOC 2 or any third-party audit report.

    source: support.tettra.com
    ISO 27001
    NOT CONFIRMED

    No public evidence. No mention of ISO 27001 or any ISO certification anywhere on tettra.com or support.tettra.com.

    source: tettra.com
    HIPAA
    NOT CONFIRMED

    No public evidence of a HIPAA compliance program or BAA offering. Not mentioned in the security overview, privacy policy, or help docs.

    source: support.tettra.com
    PCI DSS
    NOT CONFIRMED

    Tettra itself is not PCI-certified; its payment processor is. "Our credit card processor, Stripe, is certified to PCI Service Provider Level 1, the most stringent level of certification available." This is the payment vendor's (Stripe's) certification, not Tettra's.

    source: tettra.com
    ISO/IEC 42001 (AI governance)
    NOT CONFIRMED

    No public evidence of an AI management-system certification. Not referenced anywhere on tettra.com or its help docs.

    source: tettra.com
    CSA STAR
    NOT CONFIRMED

    No public evidence. No CSA STAR registry entry or self-assessment referenced on the vendor's site.

    source: tettra.com
    FedRAMP
    NOT CONFIRMED

    No public evidence. Not a government/federal-focused product; no FedRAMP mention anywhere on the vendor's site.

    source: tettra.com

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Not offered

    Data region

    United States ("secured and encrypted servers located in the United States" per privacy policy); infrastructure hosted on Heroku with AWS for database/backups per security overview.

    Privacy policy explicitly states: "We WILL NOT use your Google Workspace or Slack data to develop, improve, or train generalized AI and/or ML models." OpenAI is listed as a sub-processor (powers the Kai AI bot/answers feature) but customer content is not used to train foundation models. No public per-tier opt-out toggle was found; the no-training commitment appears to apply account-wide. Note: Tettra explicitly does NOT offer a standalone DPA ("At this time, we are not planning on providing a Data Processing Addendum (DPA) separate from our updated Terms of Service" per help docs), which is a gap relative to enterprise expectations.

    // Security controls

    Encryption in transit

    All data sent via Tettra uses HTTPS.

    tettra.com

    Encryption at rest

    Both the primary database and all backups are encrypted.

    tettra.com

    Authentication

    OAuth via Slack or Google; Enterprise tier adds SSO & SCIM.

    tettra.com

    Hosting infrastructure

    Application hosted on Heroku; database and backups hosted on Amazon AWS.

    tettra.com

    Backups

    Customer account data backed up every day; self-serve HTML export available at any time.

    support.tettra.com

    Employee access controls

    Strict policies on employee access to customer data; customer notified and written consent obtained where practical; granular audit logs of data access maintained.

    tettra.com

    Breach notification

    Notifies customers in writing within 72 hours of verifying a security breach affecting their data.

    support.tettra.com

    // Products & data scope

    Tettra (Scaling plan)Internal knowledge base + AI Q&A (Slack bot)

    data: Company internal documentation, Google Docs/PDF imports, Slack conversation content indexed for Q&A

    $8/user/month (10-user minimum), all AI features included (Kai bot, page tagging, FAQ generation), API access, unlimited storage/version history.

    Tettra (Enterprise plan)Internal knowledge base + AI Q&A, enterprise tier

    data: Same data scope as Scaling plan; adds SSO/SCIM-gated identity and provisioning controls

    Custom pricing (discounts at 250+ licenses); adds SSO & SCIM, custom onboarding/import, custom reporting, priority/dedicated support.

    // What to watch

    • No dedicated trust center or third-party audit report (SOC 2 / ISO 27001) found anywhere on tettra.com, support.tettra.com, or via search; absence corroborated across three vendor-owned sources (security overview, help docs, privacy policy) so this is treated as a confirmed gap, not a crawl failure.
    • Vendor explicitly states it does NOT offer a standalone Data Processing Agreement (DPA) separate from its Terms of Service, which may not satisfy enterprise/EU procurement requirements despite its GDPR posture.
    • PCI DSS reference on the security page belongs to Stripe (Tettra's payment processor), not Tettra itself; do not list PCI DSS as a Tettra certification.
    • Do not confuse this vendor with "Tettra Health" (tettrahealth.com), an unrelated company with a similar name; identity for this assessment is Tettra, Inc. (tettra.com / tettra.co), the internal knowledge base / Slack Q&A product.
    • OpenAI is listed as a sub-processor for AI features; confirm current sub-processor list at time of listing since these can change without a formal changelog entry being found.

    // At a glance

    Pricing model

    Per-user/month subscription (Scaling: $8/user/mo, 10-user minimum) plus a custom-priced Enterprise tier with SSO/SCIM; 30-day free trial.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Tettra, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    tettra.com

    > Browse all vendor trust reports