Back to Home

Privacy Policy

Last updated: February 2026

1. Introduction

c137 ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our AI assistant service.

We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the California Consumer Privacy Act (CCPA).

2. Data We Collect

We collect the following types of data:

  • Account Information: Email address, name, and authentication data provided through our authentication provider (Neon Auth).
  • Chat Content: Your questions, our AI responses, and any conversations you have with c137.
  • Documents: Any documents or text you upload or create within the service.
  • Images: Any images you upload for analysis or reference within conversations.
  • Imported Conversations: Chat history you import from other AI providers (e.g. ChatGPT, Claude, Grok).
  • Artifacts: Work products created or edited within the service (notes, plans, summaries, etc.).
  • Memory Data: Compressed summaries of your conversations stored for context retrieval.
  • Usage Data: How you interact with the service, including feature usage, preferences, and analytics data.
  • Payment Information: Billing details processed securely through Stripe. We do not store your full card details.

3. How We Use Your Data

We use your data to:

  • Provide and improve the c137 AI assistant service
  • Process your questions through AI models to generate responses
  • Store and retrieve context to provide personalized assistance
  • Process payments and manage your subscription
  • Send important service updates and notifications
  • Detect and prevent fraud or abuse
  • Improve our AI services using anonymized conversation data (you may opt out by contacting support or deleting your account)
  • Collect analytics to understand usage patterns and improve the user experience

4. Third-Party Services

We use the following third-party services to operate c137:

  • Neon Auth: Authentication and user management
  • Neon: PostgreSQL database hosting (encrypted at rest)
  • xAI (Grok): AI model for generating responses
  • Groq: AI infrastructure for processing (Llama, GPT-OSS models)
  • Cloudflare R2: Object storage for documents, images, and archived content
  • Stripe: Payment processing
  • Vercel: Application hosting
  • PostHog: Product analytics and session recording to improve the service

Each service has its own privacy policy. Your data is transmitted securely using SSL/TLS encryption.

5. Data Retention

We retain your data according to the following policies:

  • Active subscribers: Data retained indefinitely while subscription is active
  • Free trial users (never subscribed): Data automatically deleted 14 days after trial expiry
  • Cancelled subscribers: Data automatically deleted 30 days after subscription ends
  • Manual deletion: Immediate deletion upon request through account settings

6. Your Rights

Under UK GDPR and CCPA, you have the following rights:

  • Right to Access: Request a copy of your data via the "Download Data" feature in account settings
  • Right to Rectification: Update your personal information in account settings
  • Right to Erasure: Delete your data or account via account settings
  • Right to Data Portability: Export your data in JSON format
  • Right to Object: Contact us to object to data processing

7. Security

We implement industry-standard security measures to protect your data:

  • All data transmitted over SSL/TLS encryption
  • Database encryption at rest (Neon PostgreSQL)
  • Secure authentication via Neon Auth
  • Regular security audits and updates

8. Cookies & Analytics

We use the following cookies and tracking technologies:

  • Authentication cookies: To keep you signed in (Neon Auth) — essential
  • Payment session cookies: To process payments (Stripe) — essential
  • Analytics (PostHog): We use PostHog for product analytics and session recording to understand how the service is used and improve it. This data is anonymized and not sold to third parties.

We do not use any marketing cookies. By using the service, you consent to the use of analytics as described above.

9. Children's Privacy

c137 is not intended for use by children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.

10. California Residents (CCPA)

If you are a California resident, you have additional rights under the CCPA:

  • Right to know what personal information we collect and how it is used
  • Right to delete your personal information
  • Right to opt out of the sale of personal information
  • Right to non-discrimination for exercising your CCPA rights

We do not sell your personal information. We do not share your personal information with third parties for their direct marketing purposes. To exercise your CCPA rights, contact us at support@c137.ai.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

Email: support@c137.ai

Terms of ServiceHome