Security

Foundational. Not an afterthought.

Your data is encrypted, isolated, and never used to train AI models. Every memory is a governed record from the moment it's written.

[01] ENCRYPTION

Encrypted by default

AES-256-GCM envelope encryption at rest, TLS 1.3 in transit. Payment processing is handled by Stripe — we never see or store card numbers.

[02] OWNERSHIP

Your data stays yours

Memories are never used to train models. Export or delete your entire corpus at any time — erasure requests are honored across every tier.

[03] INFRASTRUCTURE

Hardened infrastructure

WAF protection, DDoS mitigation, and multi-tenant workspace isolation. 24/7 automated monitoring with a 72-hour breach-notification policy (GDPR Art. 33).

[04] ACCESS

Granular access controls

Role-based access for members, admins, and agents — each sees exactly what policy allows. Scoped API keys with independent rotation.

SOC 2 Type II
audit in progress
GDPR
EU SCCs in place
CCPA
compliant
72h
Breach notification
GDPR Article 33
Responsible disclosure

Found something?

We run a responsible disclosure program. Report vulnerabilities to our security team and we'll respond fast.