security ·what 3ngram reads · stores · will never train on

if the thing you said to Claude at 2am isn't private, we don't have a product.

no foundation-model training on your data — contractual · tenant isolation enforced at the database layer · following SOC 2 Type II standards, certification on the roadmap.

the 3ngram pledge

your commitments, decisions, and the exact phrases you used to save them never go to a foundation model — not ours, not a third party's. we will not sell your data. if we ever aggregate it to improve the product itself, we will tell you before we do, in writing, with a way to opt out.

mcp capture live today ·source sync on the roadmap

what 3ngram reads.

claude · chatgpt · cursor · codex

nothing is saved passively. capture happens as you work — your assistant calls the remember tool over MCP when something worth keeping comes up, or you ask it to save a specific commitment. 3ngram stores only what was flagged — your words, the timestamp, the source.

capture: explicit, tool call by tool call · nothing in the background

github

on the roadmap, not live today. when sync ships: merged PRs, review comments, issue rationale — the decisions you committed to code.

status: roadmap · scope when live: repositories you grant · read-only token

basecamp · linear · jira · confluence

on the roadmap, not live today. when sync ships it will be project-scoped, per-surface — disconnect any source and ingestion stops immediately, with existing imports subject to your retention settings.

status: roadmap · disconnect: immediate · hard-delete on demand

google docs · google calendar

on the roadmap, not live today. when sync ships: only the files you pick through the Google Picker, and the calendars you grant. per-file consent for docs — we can't see anything you didn't hand us.

status: roadmap · scope when live: per-file via picker · calendars: only those you grant

gmail · slack · granola

on the roadmap. not live today. when they ship, scope will be as narrow as everything above — sent-folder only for gmail, channel-by-channel for slack, and transcripts you invoke for granola.

status: roadmap · no capture today

infra ·encryption · access

how 3ngram stores.

tenancy

every table containing user data enforces row-level isolation at the database layer, not just in application code. even if application logic has a bug, the database itself prevents cross-user data access.

isolation: row-level, database-enforced

encryption

all data is encrypted at rest. integration tokens — the credentials for your connected services — are additionally encrypted at the application layer before storage. all connections use TLS.

at-rest: full-volume · integration tokens: application-layer

access

no employee can read your captures without a signed support request from you. every privileged access is written to an append-only audit log that the application cannot modify or delete.

audit: append-only · visible on request

deletion

hard-delete from Settings removes your memories, documents, clusters, and OAuth tokens. the deletion itself is recorded in the audit log. soft-deleted items are permanently removed on a 30-day default window.

soft-delete window: 30 days · hard-delete: irreversible

data residency

your data is stored in a managed database hosted in the EU. 3ngram is operated by a Danish company; your data controller is in the EU. sub-processor details are available on request.

region: EU · controller: Denmark

written, signed, public

what 3ngram will never do.

train a foundation model on your captures — or allow a third party to.
contractual · in the DPA
never
aggregate commitments across tenants, even anonymized.
no "benchmarks" on your data
never
send an email, calendar invite, or slack message without your sign-off.
human-in-loop required for every outbound action
never
share your data with our employees for "product improvement".
explicit case-by-case consent or nothing
never
change any of the above without telling you first.
30-day notice, all paid tiers, in writing
never

security questions? security questionnaire? we'll answer within 24h.

for how memories are stored, superseded, and deleted, see the memory model docs.