Trust & Security
Last updated: July 11, 2026
Memory products ask for more trust than almost any software: they hold a record of you. Most answer with marketing. We answer with the actual architecture — including its limits. No other memory product publishes this page; that is the point.
The consent gate
Nothing is remembered without your yes. Machine-extracted memories always land as pendingin a Review Inbox — in the app, the browser extension's side panel, or via chat — and only your explicit action activates them. Bulk approvals from a chat AI are two-phase: the AI must show you a preview, and only a cryptographically signed confirmation token (bound to you, the action, and the exact items, valid five minutes) can commit.
Access receipts
Every retrieval any AI makes from your vault is recorded — which client, which tool, which memories, when — and shown on your Activity page. Consent actions are receipted too. If an AI reads three memories at 14:02, you can see exactly that.
What our encryption protects — honestly
Memory text and artifact content are encrypted at rest with an application-layer key (Fernet), on top of provider disk encryption. This protects you against: a leaked database dump, a compromised database account or backup, and any direct read of the raw tables.
It does not protect against:
- a compromise of the API server itself — it holds the key, because it must read memories to embed, search, and serve them;
- embedding vectors, which remain plaintext because similarity search needs them and which can leak semantic information;
- any AI you connect — a model that retrieves a memory necessarily sees its text.
True end-to-end encryption is structurally impossible for the core feature (an AI answering from your memories must read them). The honest upgrade path is a future zero-knowledge tier with client-side keys, traded against server-side features — we will not pretend otherwise in the meantime.
Even we can't browse your memories
The operator console we use to run the service shows counts, timestamps, and aggregates — never memory text, artifact content, or the content of your queries. This is enforced in code and covered by regression tests, not just policy.
Deletion that means it
Forget removes a memory from all retrieval instantly. Residual encrypted records are hard-purged within 30 days. Vault export is one click, complete, and free forever — leaving must always be easy, or staying means nothing.
The extension's rules
Capture happens only on your click. No background watching, no keystrokes, no pages other than the supported AI chats. Site selectors are delivered as data (never code), so fixes for site redesigns cannot smuggle in new behavior.
Security practices
- OAuth 2.1 with PKCE for every AI connector; no anonymous vault access.
- Passwords hashed with bcrypt; sessions are signed JWTs.
- Memory content is excluded from application logs by code.
- Migrations are append-only; the codebase and its full history are version-controlled.
Found something?
Security reports go to the.phenyl02@gmail.com. We commit to acknowledging within 72 hours and to notifying affected users within 72 hours of any confirmed incident involving their data.