Se connecter Commencer →
FR ▾

Security

How OraMemory protects your AI memory data.

Local-first option

The Free tier never touches our servers. Memories live in a SQLite file on your machine. We can't see them, leak them, or be subpoenaed for them.

Transport & at-rest encryption

  • TLS 1.3 for every managed-API request.
  • AES-256 at rest for managed databases (Postgres + object storage).
  • BYOK (bring your own key) on Pro and Enterprise via AWS KMS — OraMemory servers never see your plaintext data at rest.

API keys

Stored as SHA-256 hashes. The plaintext is displayed exactly once, at creation. Lost keys can only be rotated, never recovered.

Every key carries an environment tag (om_live_ or om_test_) and a per-project rate limit. Revoke any key from the dashboard — takes effect within seconds.

Audit trail

Every add, update, and delete is appended to memory_ops with:

  • API key ID (hashed)
  • Timestamp
  • Agent / user / session context
  • HTTP status + duration
  • (Optional) content hash

Available via the dashboard Recent activity tab and via GET /v1/log (coming soon).

Data isolation

Every query is scoped to a project_id. Cross-project access is impossible without a valid API key for the target project.

Versioning

Every content change snapshots a new row in memory_versions. Your memories are never silently rewritten. Use GET /v1/memory/<id>/history to inspect.

Backups

Managed Postgres snapshotted nightly with 7 daily / 4 weekly / 3 monthly retention. Object storage is encrypted server-side.

Compliance roadmap

  • SOC 2 Type II — in progress, target end of 2026.
  • HIPAA BAA — available on Enterprise.
  • GDPR — yes. Data-residency on Enterprise.

Reporting a vulnerability

Email security@oramemory.com. We respond within 48 hours and credit responsible researchers.