> security
security built into every layer
memra is designed with security and privacy at every level of the stack.
tls 1.3
all api traffic encrypted in transit. auto-renewed tls certificates.
bcrypt api keys
api keys are bcrypt-hashed at rest. only the key prefix is stored in plaintext for lookup.
eu infrastructure
single-region deployment in finland for primary customer data. limited third-party processing is disclosed on our privacy pages.
content storage
memory content stored in a proprietary content engine with atomic writes and file-level locking.
> data handling
data handling
| data type | storage layer | encryption |
|---|---|---|
| memory content | content engine (eu) | aes-256 at rest (filesystem) |
| metadata index | enterprise database (eu) | tls in transit |
| embeddings | vector database (eu) | tls in transit |
| api keys | enterprise database (eu) | bcrypt hashed |
| billing data | stripe (external processor, never on our servers) | stripe-managed |
| cache | in-memory cache (eu) | in-memory, tenant-scoped keys |
> compliance
compliance
- + full deletion cascade -- erase content, embeddings, PII tokens, cache, and audit log in one call
- + data portability -- export everything via GET /v1/export
- + data minimization -- only store what the customer sends
- + audit logging -- all deletions logged with timestamps
- + pii masking -- optional privacy shield for automatic detection and masking
questions about our security practices? support@usememra.com