Skip to content

Security

Tenant Isolation

Every API key is bound to a unique organization_id. All database queries are scoped to your organization. There is no way to access another tenant's private data. The one deliberate exception is Rooms (Beta): an opt-in, membership-checked shared bucket — an atom written to a room belongs to the room, not to any member's account, and joining a room exposes nothing from your private memory.

text
Your API key → organization_id → all queries filtered by org_id

Atoms, Hebbian edges, consolidation runs, and usage metrics are all isolated per tenant.

Rooms & Cross-Account Sharing (Beta)

Rooms are the one deliberate crossing of the account boundary — an opt-in shared memory pool addressed as domain: "xroom:<room_id>" on the same write/read calls:

  • Membership is checked on every request. Reads and writes against a room only succeed for active members; writes additionally require read_write scope.
  • A room is its own bucket. Room atoms live in the room, not in any member's account — your private memory is never exposed by joining, and room content never appears in your normal (non-room) searches.
  • Usage is billed to the authenticated caller, never the room owner.
  • Invites are one-time codes (mnvr_...); revocation is forward-only — future access stops, but content a member already read or wrote is not recalled.

API Key Security

  • API keys are hashed (SHA-256) before storage. We never store plaintext keys.
  • Key comparison uses constant-time comparison (secrets.compare_digest) to prevent timing attacks.
  • Keys are shown exactly once at creation. If lost, revoke and create a new one.
  • Key prefix (mk_live_...) is stored for identification without exposing the full key.

Data Privacy

  • We do not train on your data. Your memories are used solely to serve your queries.
  • No cross-tenant learning. Hebbian associations and valence updates are per-tenant. Inside an opt-in room (Beta) they are per-room — members' feedback intentionally updates the room's shared ranking; private accounts never learn from each other.

Transport Security

All API traffic uses HTTPS.

Rate Limiting

Per-tenant rate limiting prevents abuse:

PlanRequests/minDaily queriesStored atoms
Free601,00010,000
Pro60050,000500,000
Team3,000500,0005,000,000

Exceeding limits returns HTTP 429 with Retry-After header.

Infrastructure

  • Database: PostgreSQL 17 with pgvector extension
  • Hosting: Railway (US region)

Reporting Security Issues

Report vulnerabilities to security@mnemoverse.com.