Privacy Policy
Last updated May 19, 2026
B3dmar ApS, trading as 3ngram ("we," "us," "our"), respects your privacy. B3dmar ApS is the data controller for your personal data under the GDPR. This policy explains how we collect, use, store, and share your information on the 3ngram platform.
What we collect
Information you provide
- Account info: name, email, authentication credentials (via OAuth or email/password)
- User content: memories, commitments, decisions, blockers, facts, preferences, patterns, notes, context, and indexed documents
- Communications: support and feedback messages
Information collected automatically
- Usage data: anonymized signals about features used, search queries, API call patterns, and session duration
- Device/browser info: IP address, browser type, OS, device identifiers
- Error reports: crash data and stack traces, processed by an EU-hosted error-monitoring service
Information from third parties
- OAuth providers: basic profile (name, email) from Google, GitHub, or other providers
- AI platform metadata: interaction metadata when using MCP with third-party AI tools (we do not receive or store AI model responses)
How we process your data
We use your data to:
- Provide memory storage, semantic search, and accountability features
- Generate vector embeddings for semantic search through our embeddings provider (your content is not used to train any AI models)
- Send email digests, alerts, and notifications through our transactional email provider
- Process subscription payments through our payment processor
- Analyze usage patterns to improve the service
- Enforce our terms and protect against abuse
Data retention
| Data type | Retention |
|---|---|
| Documents, memories, content chunks | Indefinite while account exists |
| MCP request logs | 90 days (auto-pruned) |
| Soft-deleted documents | 30 days before hard delete |
| Audit logs | 1 year minimum |
| OAuth access tokens | 1 hour |
| OAuth refresh tokens | 30 days |
| Google Docs content | Retained as memories while account exists; removed on account deletion or manual deletion by user |
On account deletion, all user data is permanently removed via cascading deletes, including memories, documents, embeddings, and account information. Anonymized aggregate statistics may be retained. Encrypted backups may persist up to 90 days before automatic deletion.
Sub-processors
Our sub-processors are primarily based in the European Economic Area, with a limited number of US-based sub-processors covered by EU Standard Contractual Clauses. Each sub-processor is bound by a written data processing agreement and is engaged only for purposes described in this policy: database hosting, embeddings, transactional email, subscription payments, error monitoring, and platform hosting.
For the current list of named sub-processors and a counter-signable copy of our Data Processing Agreement, email legal@3ngram.ai.
We do not sell your personal data. We may share information with sub-processors under contractual obligations, for legal compliance, or in connection with business transfers (with prior notice).
Google Workspace Data
When you connect Google integrations, we access Google API data only for the purposes described below. Use of Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements.
Google Docs (drive.file scope)
- Only files you select via Google Picker are accessible — no broad Drive access
- Document content is chunked, embedded, and stored as content sources for semantic search
- You can create and export Google Docs via MCP tools; these files are added to your content sources
Data use and retention
- Disconnection: disconnecting an integration in Settings revokes the OAuth token and stops future syncs. Memories already derived from Google data are retained until you delete them or delete your account
- Account deletion: deleting your account permanently removes all memories, content chunks, embeddings, and OAuth tokens derived from Google APIs
- No advertising: Google API data is never used for serving advertisements, profiling for advertising purposes, or sold to third parties
Your rights
Depending on your jurisdiction, you can:
- Access: request a copy of your personal data
- Rectification: request correction of inaccurate data
- Deletion: delete your account (cascades all data permanently)
- Portability: export your data via
GET /api/export - Objection: object to certain types of processing
- Restriction: request restricted processing in certain circumstances
- Withdraw consent: withdraw consent for processing at any time, without affecting prior processing
- Complaint: lodge a complaint with the Danish Data Protection Agency (Datatilsynet) or your local supervisory authority
Contact privacy@3ngram.ai to exercise these rights.
Cookies
For detailed information about the cookies we use, see our Cookie Policy.
| Category | Duration | Purpose |
|---|---|---|
| Essential | Session | Authentication, session management |
| Functional | 1 year | Preferences, theme, dashboard config |
| Analytics | 90 days | Anonymized usage |
Essential cookies cannot be disabled. Functional and analytics cookies are activated only after you provide consent via our cookie banner, in compliance with the ePrivacy Directive. You may update your preferences at any time. We honor Do Not Track (DNT) signals.
GDPR (EU/EEA users)
Legal basis: contract performance (providing the service), legitimate interests (analytics, improvement), and consent (marketing, non-essential cookies).
Data Protection Officer: dpo@3ngram.ai
Additional GDPR rights: you may withdraw consent at any time without affecting prior processing. You have the right not to be subject to decisions based solely on automated processing. You may lodge a complaint with the Danish Data Protection Agency (Datatilsynet) or your local supervisory authority.
CCPA (California residents)
We collect identifiers (name, email, IP), internet activity (usage, queries), and professional information (if provided). We do not sell personal information.
Your rights: right to know, right to delete, right to opt-out of sale (not applicable), and right to non-discrimination. Exercise via privacy@3ngram.ai or account settings.
International transfers
Your data is primarily stored within the European Economic Area. Certain processing involves transfers to US-based sub-processors protected by EU Standard Contractual Clauses (SCCs) and a written Data Processing Agreement. For the current named list and a counter-signable DPA, email legal@3ngram.ai.
Children
3ngram is not directed to anyone under 18. We do not knowingly collect personal information from minors. If we discover we have, we will delete it promptly.
Security
We follow the security principles documented on our security page. Technical and organisational measures specific to processing personal data are described in our Data Processing Agreement, available on request from legal@3ngram.ai.
Changes to this policy
We may update this policy with notice via email or the service. Continued use means you accept the changes.
Questions? Contact privacy@3ngram.ai. Also see our Terms of Service.