Your family’s data is safe and secure with Leto.
Independently security-audited. CASA Tier 2 verified.
Leto is a family task management app that turns school and PTA emails into organized tasks and events. Here’s how we protect your family’s data.
Security
Secure Gmail Integration — Independently Verified
Leto is a CASA Tier 2 verified family task management application. Our Gmail integration has been independently security-audited by TAC Security, an accredited security lab, under Google’s Cloud Application Security Assessment program. Verified: March 2026.
- Independent third-party security assessment
- Tested against OWASP application security standards
- View-only Gmail access — we can never send, delete, or modify emails
- All personal data encrypted (AES-256-GCM)
- Data handling and privacy practices reviewed and approved
How your data is protected
- All personal information is encrypted at rest and in transit (AES-256-GCM).
- We follow NIST security guidelines for data protection.
- Each family’s data is isolated and access-controlled.
- Regular automated security testing to find vulnerabilities (OWASP ZAP DAST).
- Independent code analysis on every change to catch issues before they ship (Brakeman).
Independent security verification
| Program | Scope |
|---|---|
| CASA Tier 2 (TAC Security) | Independent application security assessment, OWASP ASVS standards |
Verified: March 2026.
Our infrastructure partners
| Provider | Certifications / Role |
|---|---|
| Heroku / Salesforce | SOC 2, ISO 27001 |
| Cloudflare | PCI DSS Level 1, DDoS & IP protection |
| Google Cloud / Gmail API | SOC 2, SOC 3, ISO 27001/27017/27018 |
| Railway | Infrastructure for Leto’s self-hosted web content fetching service. No customer data stored. |
All data is hosted in the United States.
Privacy
No ads. No data sales. Ever.
Your family’s information is never shared with advertisers, data brokers, or anyone else. We make money from premium family subscriptions. That’s it.
What we check first
When you connect an email account as a premium subscriber, we access your email with view-only permissions. We start by checking only sender names and subject lines—like looking at the outside of an envelope. You see the results, and tell us which senders map to each of your organizations. Our system processes the emails you approve.
What we process
For senders you approve, we process the complete content of their emails — including the email body, linked newsletters and web pages, attached PDFs, and images. We extract dates, deadlines, and action items from all of it, so nothing slips through.
Here’s how each content type is handled:
- Email body: Encrypted during processing, deleted after extraction.
- Linked newsletters (e.g., online newsletters): Fetched directly by Leto’s own servers — never sent to a third-party scraping service. Processed in memory, not stored.
- PDF attachments: Text extracted or visually analyzed by AI. Deleted after extraction.
- Images: Analyzed by AI to extract text content such as event dates. Deleted after extraction.
All processing happens within Leto’s infrastructure or with Anthropic’s Claude AI (our only AI provider). No other third-party service receives your content.
Your newsletter content stays in Leto’s infrastructure
Some school emails are just a link to an online newsletter or a PDF flyer — the actual information is on the other end of that link. Leto follows those links and reads those documents so you don’t have to.
When Leto fetches a newsletter, the content goes directly from the newsletter’s server to Leto’s servers. It is never routed through a third-party scraping service. The content is processed and then discarded — we only keep the tasks and events we extract from it.
Your rights
You can access all your data anytime. You can delete your account and data permanently. You control which senders we process. You can opt out of any communications. Read our full Privacy Policy, Terms of Service, and Data Use Policy.
More about Leto’s security and privacy
See how our verified Gmail integration works on our Gmail for Parents page, learn how PTAs can bring Leto to their community on our Organizations page, or see what Premium Family includes for parents.
Ready to stop digging through emails?
Try it free for 21 days. Tasks extracted, events on your calendar, nothing missed.