Your data stays yours
Exactly where your data lives, who processes it, what they keep, and how to delete all of it. Written to be checked, not skimmed.
Chat models never train on you
Every model you can pick is under terms that forbid training on your data. Contractual, not a promise.
Memory you can read
Open the memory panel and see every fact the AI holds about you. Edit or delete any of it.
Delete means delete
Deleting your account purges the database and every uploaded file, immediately.
You can see what the AI knows
c137's memory isn't a black box. Everything remembered about you, your projects, and your chats is visible in the memory panel — as plain, dated facts. If something is wrong, edit it. If something shouldn't be there, delete it and it's gone from every future conversation. If you work with confidential material, this is the difference between trusting a claim and checking one.
The AI providers we use
Your messages are processed by the model you pick, and your uploads by our document processing. Every model you chat with is under terms that prohibit training on your data. One provider that handles internal memory processing is still finalizing those terms in writing — it's flagged in the table and explained just below it. This is the complete list.
| Provider | What it does | Trains on your data | What it keeps |
|---|---|---|---|
| Anthropic | Claude models you chat with | Never | Held briefly for safety review (up to 30 days), then deleted |
| OpenAI | GPT models you chat with | Never | Held briefly for safety review (up to 30 days), then deleted |
| Gemini models you chat with | Never | Transient safety logging, then deleted | |
| xAI | Grok models you chat with | Never | Held briefly for safety review (up to 30 days), then deleted |
| OpenRouter | Serves the open-source models (Kimi, DeepSeek, GLM, MiniMax, Qwen) | Never | We route with data collection disabled — no prompt logging |
| Google Cloud | Reads documents and images you upload; model infrastructure | Never (contractual — enterprise terms) | Zero-data-retention configuration in progress |
| Nebius | Model infrastructure (internal memory processing) | Never | Zero data retention |
| Weights & Biases | Model infrastructure (internal memory processing) | Under review — see note below | Under review — see note below |
On Weights & Biases:it runs part of our internal memory processing — the step that turns your conversations into the dated facts in your memory panel. Its standard API terms don't yet include an explicit no-training, no-retention carve-out, and we're finalizing those in writing now. Until that's signed we treat it as unresolved and say so here rather than claim otherwise. Nebius (zero retention) and Google Vertex carry the same processing as fallbacks. If you handle client data professionally and need this closed before you rely on c137, email us and we'll tell you exactly where it stands.
Using your own API keys (BYOK)? Those requests run directly on your key, under your own agreement with that provider.
Where your data lives
Stored data sits in exactly two places — our database and our file storage. Everything else touches only the minimum it needs to do its job.
| Service | Role | Notes |
|---|---|---|
| Neon | Database | Your chats, memory, account data, and the searchable text of your documents. Encrypted at rest. |
| Cloudflare R2 | File storage | Your uploaded images and document text. Wiped completely when you delete your account or your data. |
| WorkOS | Sign-in | Handles login only. Never sees your conversations. |
| Stripe | Billing | Payment details only. Never sees your conversations. |
| Sentry | Error monitoring | Technical error reports so we can fix crashes. |
| PostHog | Product analytics | Usage events. Session replays are fully text-masked — your content is never visible. |
We also keep short-lived operational logs for debugging. They auto-delete within 30 days and are never used for anything else.
Deleting and exporting
From Settings you can export everything you've ever put in — chats, memory, documents — as a single file, and you can delete your data or your whole account yourself, no email required. Deletion is immediate and complete: database rows and every uploaded file. We don't keep a copy.
One optional exception: de-identified data may be used to improve c137 itself. This is on by default and yours to turn off in Settings → Data & Privacy — it never includes anything that identifies you, and switching it off doesn't change anything else on this page.
The legal version of all of this lives in our Privacy Policy. Questions we haven't answered here — especially if you handle client data professionally — reach us at hello@c137.ai and we'll answer specifically, not with boilerplate.