Only you can unlock your memories.

Your data is encrypted with a key only you control. Every time it's touched (for AI processing, for your query) it passes through Google KMS, and every operation is permanently written to an audit log you can read.

How It Works

Your Data's Journey

MemX Security Architecture: How we protect your data with AES-256 encryption, Google Cloud KMS, and tamper-evident audit logs

How We Protect Your Memories

1

AES-256 Encryption

Your data is encrypted using a master key stored in Google Cloud KMS hardware security vaults. Data is only decrypted on-demand when you search, and every decryption is logged.

2

Audit Accountability

Every time a master key is decrypted, a log is generated directly by Google. Because we don’t control these logs, we can never hide or “snoop” on your data without a trace.

3

The Ultimate Kill Switch

You can revoke your master key at any time. Once disabled, our servers can no longer decrypt your data and you verify this in audit logs.

4

Encrypted Storage

If our servers are ever compromised, an intruder only gets encrypted data. Your master encryption key is stored in Google Cloud KMS hardware vaults, and all access is logged in an audit trail that you can verify.

5

Hardware-Level Security

We use Google’s enterprise-grade Key Management Service (KMS) to guard your master keys, ensuring your security is backed by the same tech used by global banks.

Core Guarantees

Four Layers of Protection

Hardware-Protected Key

Your master encryption key lives in Google Cloud KMS[1] hardware security vaults, and it never leaves the secure module.

Tamper-Evident Audit Log

Every data access is logged by Google Cloud Audit Logs[3], and MemX cannot edit or delete these records.

Access Restricted and Logged

Your stored data is decrypted only on-demand to serve your queries. Operator access requires multi-party authorization, is restricted to a small need-to-know set of engineers, and every such access generates a tamper-evident audit log.

Encrypted at the Server Level

Even if servers are compromised, your data stays encrypted. The key is locked in Google's Hardware Security Module[5], so attackers can't reach it.

Built-In Protection

Secure by architecture

Data encrypted at rest and in transit

Every document is encrypted with AES-256[1] before storage. Your key never leaves Google KMS hardware[5].

Every access creates an audit trail

All KMS operations are logged by Google Cloud Audit Logs[3]. These logs are tamper-evident, so MemX cannot edit or delete them.

No AI training on your data

MemX uses enterprise-grade AI partners which strictly prohibit model training on customer data.

Encrypted even if servers are compromised

Even if MemX servers are compromised, attackers see only encrypted data[4]. The decryption key is locked in Google's tamper-resistant Hardware Security Module[5].

How AI Processing Works

When you ask a question, your data is briefly decrypted in server memory for AI processing. It is not seen by any human at MemX during this step; only Gemini, ChatGPT, or Claude process your query. Every decryption event is logged by Google Cloud Audit Logs[3]. This is how all AI services work, and MemX is transparent about it.

References

  1. [1]Google Cloud Key Management Service. cloud.google.com/kms/docs
  2. [2]Envelope Encryption, Google Cloud. cloud.google.com/kms/docs/envelope-encryption
  3. [3]Cloud Audit Logs, Google Cloud. cloud.google.com/logging/docs/audit
  4. [4]Advanced Encryption Standard (AES-256). en.wikipedia.org/wiki/Advanced_Encryption_Standard
  5. [5]Hardware Security Module. en.wikipedia.org/wiki/Hardware_security_module
  6. [6]NIST SP 800-57: Key Management. csrc.nist.gov/publications/detail/sp/800-57-part-1/rev-5/final

Understand the privacy behind it

“End-to-end encrypted” vs reality in AI apps

What the badge really means, and the three questions that decide if your data is safe.

How secure AI document search actually works

Follow a document from upload to answer and see where the real protection lives.

Security FAQ

Is MemX safe?

Yes. MemX is private by architecture. Your data is encrypted at rest with AES-256, the master key lives in Google Cloud KMS hardware security modules, and your content is decrypted only on demand when you run a search. Every decryption is written to a Google Cloud audit log that MemX cannot alter or hide, and you can revoke your key at any time.

Is MemX end-to-end encrypted?

No, and MemX does not claim to be. When you ask a question, your data is briefly decrypted in server memory so an AI model can read it and answer, which is how every AI assistant works. MemX is private by architecture instead: per-user key isolation, a master key in Google Cloud KMS, encryption at rest and in transit, and an audit log you can read. It is not end-to-end encrypted and not zero-knowledge.

Can MemX employees read my memories?

No human at MemX reads your content as part of normal operation. Data is decrypted on demand only to answer your query, processed by the AI model, then dropped from memory. Any operator access is restricted to a small need-to-know set of engineers and requires multi-party authorization. Because the audit log is generated by Google and not controlled by MemX, any access leaves a trace you can verify, so there is no silent way to read your data.

Does MemX train AI on my data?

No. Your documents, photos, voice notes, and messages are used only to answer your own questions. They are not used to train models and are not shared for advertising.

Can I delete my data or cut off access?

Yes. You can revoke your master key at any time. Once it is disabled, the servers can no longer decrypt your data, and you can confirm the change in your audit log. You can also delete individual items or your whole account.

Your Memories Deserve Real Protection

Try MemX free — encrypted from day one.

Download App