Trust, the no-spin version
“Can you read my chats?”
You’re trusting a memory product with real context about your life and work. You deserve a straight answer to this question, so here it is.
encrypted in transit and at rest · access logged
The honest answer
Technically, yes.
MemoryPlugin is not end-to-end encrypted. So like ChatGPT, Claude, Gemini, and nearly every cloud service you use, the capability exists. Any company running this kind of product that tells you otherwise is playing word games.
Here’s what stands between that capability and your data: it’s encrypted in transit and at rest, database access is restricted, and administrative access is logged. Nobody browses user content. Not for curiosity, not for product research. When you ask for help, support can open your account through an admin tool, and every one of those sessions is logged.
We’d rather tell you the uncomfortable truth than imply a guarantee we don’t have. The rest of this page is in the same spirit.
Access, as it actually is
- in transitencrypted ✓
- at restencrypted ✓
- database accessrestricted
- admin accesslogged
- model trainingnone
- data salesnever
- end-to-end encryptionno, and we say so
The trade-off
Why isn’t it end-to-end encrypted?
Because then it couldn’t do its job. MemoryPlugin’s whole point is that our servers can search your memories, embed them for retrieval, and hand the right context to whichever AI you’re using. End-to-end encryption means the server can’t process your data at all, which would mean no recall, no search, no memory across tools.
Some companies take server-side processing and market it with privacy language that sounds like end-to-end encryption. We’d rather tell you how it actually works. We use encryption in transit and at rest today, and as stronger privacy-preserving techniques become practical for this kind of product, we intend to adopt them.
Scope
What exactly do you store?
Less than you might think, and you decide most of it. A memory stores the memory text you saved, not the conversation it came from. If you tell your AI to remember that you prefer TypeScript, we store that preference, not the chat around it.
Full conversations are stored only when you explicitly bring them in: importing your chat history is opt-in, and the extension’s background indexing is off by default. You can pause or disable it at any time, and nothing is uploaded without your action.
Sub-processors
Who else touches my data?
The vendors it takes to run the product, under contract, and no one else. Your data lives in our database and vector search infrastructure (Supabase, Zilliz) hosted on cloud providers (Vercel), and background jobs like embedding and summarization run through Trigger.dev. If you share a bucket, the invite email goes through Mailgun.
When you use a feature that needs AI processing, like recall, summarization, or asking questions over your memories, the relevant content is processed by AI providers (OpenAI, Anthropic, xAI, Google, Groq, OpenRouter, Voyage AI, Cerebras, Inception Labs) solely to deliver the feature you requested. OpenRouter is a routing layer and can send content to downstream hosts such as DeepSeek. They are not allowed to use your content to train their models beyond providing that service.
The vendor list in detail, analytics and email included, is in the privacy policy.
The red lines
Do you train on my data or sell it?
No and no. We will never sell your personal data, under any circumstances. We don’t use your content to train models of our own, and the AI providers that process your content to deliver features are contractually barred from using it to train theirs beyond providing the service.
Your memories exist to make your AI tools better for you. That’s the entire business model: you pay for the product, and that’s how we make money.
The subpoena question
What if a government asks for my data?
We require valid legal process, like a subpoena or court order, before disclosing user data. We limit our response to the scope of the request, and unless we are legally prohibited from doing so, we notify affected users before disclosure so they have a chance to contest it.
The exit
How do I delete everything?
From the dashboard, right now, without asking us. Edit or delete individual memories, run bulk deletes across a bucket, or delete imported conversations. Deletes are permanent. You can also exclude specific conversations: excluding removes a chat from search and recall entirely and it is never re-imported, though the raw conversation stays stored until you delete it.
Deleted content is removed from our active systems promptly; encrypted backups rotate out on a normal cycle, typically within 30 days. To close your account entirely, contact support and we aim to complete it within 30 days. And you can take your data with you first: export a bucket’s memories in one click to CSV, JSON, or Text, and download conversations as Markdown or JSON. No lock-in.
Still have a question we didn’t answer?
Ask us directly and you’ll get the same kind of answer you just read. The legal version of everything above is in the privacy policy.