security · what 3ngram reads · stores · will never train on

if the thing you said to Claude at 2am isn't private, we don't have a product.

no foundation-model training on your data · contractual · · tenant isolation enforced at the database layer · · following SOC 2 Type II standards · certification on the roadmap.

the 3ngram pledge

your commitments, decisions, and the exact phrases you used to save them never go to a foundation model — not ours, not a third party's. we will not sell your data. if we ever aggregate it to improve the product itself, we will tell you before we do, in writing, with a way to opt out.

what 3ngram reads · by surface · opt-in per source

claude · chatgpt · cursor · codex

nothing is saved passively. you end a session by telling the agent "debrief this to 3ngram" (or ask it to save a specific commitment). 3ngram stores only what you asked it to — your words, the timestamp, the source.capture: explicit, per-session · nothing in the background

github

merged PRs, review comments, issue rationale — the decisions you committed to code.scope: repositories you grant · read-only token

basecamp · linear · jira · confluence

project-scoped, per-surface. you can disconnect any source and 3ngram will stop ingesting from it immediately. existing imports remain subject to your retention settings.disconnect: immediate · hard-delete on demand

google docs · google calendar

only the files you pick through the Google Picker, and the calendars you grant. per-file consent for docs — we can't see anything you didn't hand us.scope: per-file via picker · calendars: only those you grant

gmail · slack · granola

on the roadmap. not live today. when they ship, scope will be as narrow as the live sources above — sent-folder only for gmail, channel-by-channel for slack, and transcripts you invoke for granola.status: roadmap · no capture today

how 3ngram stores · infra · encryption · access

tenancy

every table containing user data enforces row-level isolation at the database layer, not just in application code. even if application logic has a bug, the database itself prevents cross-user data access.isolation: row-level, database-enforced

encryption

all data is encrypted at rest. integration tokens — the credentials for your connected services — are additionally encrypted at the application layer before storage. all connections use TLS.at-rest: full-volume · integration tokens: application-layer

access

no employee can read your captures without a signed support request from you. every privileged access is written to an append-only audit log that the application cannot modify or delete.audit: append-only · visible on request

deletion

hard-delete from Settings removes your memories, documents, clusters, and OAuth tokens. the deletion itself is recorded in the audit log. soft-deleted items are permanently removed on a 30-day default window.soft-delete window: 30 days · hard-delete: irreversible

data residency

your data is stored in a managed database hosted in the EU. 3ngram is operated by a Danish company; your data controller is in the EU. sub-processor details are available on request.region: EU · controller: Denmark

what 3ngram will never do · written, signed, public

train a foundation model on your captures — or allow a third party to.

contractual · in the DPA

never

aggregate commitments across tenants, even anonymized.

no "benchmarks" on your data

never

send an email, calendar invite, or slack message without your sign-off.

human-in-loop required for every outbound action

never

share your data with our employees for "product improvement".

explicit case-by-case consent or nothing

never

change any of the above without telling you first.

30-day notice, all paid tiers, in writing

never

for retention windows, audit-log detail, and account-deletion behavior, see the data retention guide ↗.

security questions? security questionnaire? we'll answer within 24h.

security@3ngram.ai