Security your security team designed.
Permission-aware retrieval, row-level tenant isolation, customer-managed keys, and a complete audit lineage on every AI response. Built so your CISO can say yes.
Row-level tenant isolation
Every tenant-scoped table uses Postgres row-level security. Our runtime database role cannot bypass it. The tenant context is enforced at the connection layer, not at the application layer.
Permission-aware retrieval
ACLs inherit from your source systems and Mnemos roles. Filtering happens before the model sees a candidate, not after. A restricted document is not just hidden — it is never retrieved.
Customer-managed keys
Bring your own KMS — AWS, GCP, or Azure. Encrypt the memory graph at rest with keys you control. Revoke access with one click.
Regional residency
US-East, US-West, and EU-West regions available. Enterprise customers can pin tenants to a region and block cross-region replication entirely.
Found a vulnerability? Tell us.
Email security@mnemos.ai with details. We acknowledge reports within 24 hours and coordinate disclosure with affected customers.
Talk to a Mnemos security engineer.
We send the SOC 2 report, the DPA, the architecture diagram, and the sub-processor list before the first call.