Sofia is a tool teachers use to do their work. We try to handle the data you put into it the way you'd want a thoughtful colleague to handle it — carefully, narrowly, and only as long as it's useful.
This page is honest about what we collect, what we don't, and what we do with what we have.
What Sofia collects
Account information. When you sign up, Sofia stores your name, email address, and an encrypted password. If you sign in through Google, Sofia stores your Google account email and an encrypted token that lets Sofia create files in your Drive on your behalf.
Content you generate. Lectures, worksheets, recommendation letters, and the rest — when you generate something with Sofia, the result is stored in your account so you can find it again later. You can delete any generation at any time.
Usage information. We log basic information about how Sofia is used — when generations succeed or fail, how many tokens an account has used, which features are working and which aren't. This helps us keep Sofia running and improve it.
What Sofia does NOT collect
Student data. Sofia is a tool for teachers. We don't ask for student names, grades, behavior records, or any other student-identifying information. The few one-off generators that mention students (recommendation letters, conference talking points) ask the teacher for the relevant details, but those values are not stored — they pass through Sofia to produce the output and are then discarded.
Anything from your Drive that Sofia didn't create. When you connect your Google account, Sofia uses the narrowest possible permission. We can create files in your Drive, and we can read or modify files we created — that's it. Sofia cannot see your other Drive content, can't list your files, can't access your Docs, your Sheets, or anything else. This is enforced by Google, not just promised by us.
Tracking pixels, third-party analytics, or advertising data. Sofia doesn't run advertising. We don't sell data. We don't share data with marketing partners. There are no tracking cookies beyond what's needed to keep you logged in.
What Sofia does with the data
We use what we collect to make Sofia work — to log you in, to show you your generated content, to send you to the right page when you click a link. That's it. We don't sell data, share it with marketers, or use it for anything outside of running Sofia.
If we ever change this — for example, if Sofia is acquired or transitions to a different organization — we will tell you before anything changes, and you'll have the chance to delete your account first.
How long data is kept
Account data: kept as long as your account is open. When you delete your account, all of it goes — generations, settings, connections, everything. There's a 30-day soft-delete window in case you change your mind, after which the data is permanently purged.
Generated content: kept until you delete it, with the same 30-day soft-delete behavior.
Logs and usage data: kept for 90 days for diagnostic purposes, then deleted.
How data is protected
Passwords are stored as cryptographic hashes, not in plain text. Even Sofia's administrators cannot see your password.
OAuth tokens for connected services are encrypted at rest. Even if the database were compromised, the tokens would not be readable.
Sofia runs on Microsoft Azure with standard security practices for data at rest and in transit (TLS 1.2 or higher for connections, AES-256 encryption for stored data).
Your rights
You can:
- Download all the content you've generated, at any time, from your account
- Delete any individual generation
- Delete your entire account, which removes all of your data
- Disconnect any third-party service (like Google Drive) at any time
If you want a complete export of your data or want to ask a specific question about your information, email james@zunama.com.
A note on AI generation
Sofia uses Anthropic's Claude API to generate content. When you generate something, the prompt and any inputs you provide are sent to Anthropic to produce the output. Anthropic does not use Sofia's API traffic to train their models, and they don't retain it long-term — but they do see it briefly during processing. If you wouldn't want a third-party service to see something, don't put it in Sofia.
We avoid sending student-identifying information through Sofia for exactly this reason.
A note on age
Sofia is built for teachers, who are adults. We don't knowingly accept accounts from minors. If you're under 18, please don't sign up — and if you have, email us and we'll delete the account.
Updates to this policy
If we change this policy, we'll let you know — by email if the change affects what we collect or share, by a notice on this page if it's a clarification or minor update. The date at the bottom of this page tells you when it was last updated.
Questions?
Email james@zunama.com. The same person who built Sofia reads the privacy mail.
Last updated: May 3, 2026.