How we protect your data and your agents' memories.
TLS 1.2+ encryption on all connections. Vercel edge with HSTS enforced. Your data is encrypted from the moment it leaves your browser.
Memory stored in isolated SQLite databases. Encrypted at the infrastructure level. Each user's memory namespace is fully isolated.
Google OAuth via secure token exchange. Session cookies are httpOnly and SameSite=Strict. No passwords stored anywhere.
Bearer token auth on all endpoints. Rate limiting per key. No API key stored in plaintext. Keys are hashed at rest.
Run entirely on your own infrastructure. Your data never leaves your servers. Full source available. No vendor lock-in.
Prototype pollution protection. 1MB request body limits. Input sanitization on all endpoints. SQL injection protection throughout.
We're working toward SOC2 Type II certification. Expected completion: Q4 2026. Enterprise customers can request our current security documentation.
Data export available on request. Right to deletion honored — your memories are deleted within 30 days of account closure. No third-party analytics trackers. We don't sell your data.
Found a security issue? Please disclose responsibly. We take all reports seriously and will respond within 48 hours.
security@remlabs.ai