Security built into every layer
Memra is designed with security and privacy at every level of the stack.
TLS 1.3
All API traffic encrypted in transit. Auto-renewed TLS certificates.
Bcrypt API Keys
API keys are bcrypt-hashed at rest. Only the key prefix is stored in plaintext for lookup.
EU Infrastructure
Single-region deployment in Germany. Data never leaves the EU.
Content Storage
Memory content stored in a proprietary content engine with atomic writes and file-level locking.
Data handling
| Data Type | Storage Layer | Encryption |
|---|---|---|
| Memory content | Content engine (EU) | AES-256 at rest (filesystem) |
| Metadata index | Enterprise database (EU) | TLS in transit |
| Embeddings | Vector database (EU) | TLS in transit |
| API keys | Enterprise database (EU) | Bcrypt hashed |
| Billing data | Stripe (PCI DSS) | Stripe-managed |
| Cache | In-memory cache (EU) | In-memory, tenant-scoped keys |
Compliance
- GDPR Article 17 -- Right to erasure (full deletion cascade)
- GDPR Article 20 -- Data portability (GET /v1/export)
- Data minimization -- Only store what the customer sends
- Audit logging -- All deletions logged with timestamps
- PII masking -- Optional Privacy Shield for automatic detection and masking
Questions about our security practices? support@usememra.com
