SECURITY & COMPLIANCE
Your data is safe.
Every architectural decision at AI Memory SDK was made with security and privacy as the first constraint, not an afterthought.
Encryption
- AES-256-GCM for all memories at rest
- Argon2id for API key derivation (work factor 3, memory 65536)
- TLS 1.3 in transit
- Unique IV per encryption operation
Authentication
- JWT tokens with 24h expiry
- issuer/audience claims validated
- Argon2id password hashing
- Rate limiting: 5 failed logins per 15 minutes per IP (Redis)
Multi-Tenant Isolation
- Row-level tenant_id enforcement on every single query
- No cross-tenant data access possible at the application layer
- Separate namespacing for API keys per tenant
GDPR Compliance
- Right to erasure: DELETE /api/v1/users/me wipes all memories, API keys, and account data
- Right to export: GET /api/v1/users/me/export returns full JSON dump
- 7-year audit trail for compliance
- Data stored in EU-accessible infrastructure (Supabase, Mumbai region)
- No data sold to third parties
Responsible Disclosure
- Found a vulnerability? Email support@ai-memory-sdk.com
- We aim to respond within 48 hours
AES-256-GCM Encrypted
GDPR Ready
JWT Authenticated
Argon2id Hashed
TLS 1.3
Rate Limited
Audit Logged
Zero-Trust Architecture