Sam is in active development. The page below is a working summary of how we handle data today — not a marketing sheet, not a certification claim. If you're reviewing Sam for IT, email sami@trysam.co and we'll send the current write-up with full details.
Inbound messages are scanned for personally identifying information before they hit logs. Names, phone numbers, and emails are redacted in transcripts available to admins by default; full transcripts are accessible to authorized roles only.
Default retention is 90 days. Configurable up or down per school's policy. Deletion is real deletion — not tombstoned rows.
Every admin action — source uploads, source retirement, CSV exports, transcript views — is recorded with user, timestamp, and target.
Your school's content is used to retrieve answers for your school. It is never used to train shared models or made available to other tenants.
Each school's sources, embeddings, and transcripts live in a logically isolated index. Cross-tenant queries are not possible by design.
Application and data hosted in US regions. Subprocessors are listed on request as part of IT review.