How secure AI document search actually works

Before you hand an AI app your contracts, statements or medical records, it helps to know what actually happens to them. The short version: a document is encrypted on its way to the service, read and turned into a searchable form, stored encrypted at rest, and pulled back only to answer your questions. The security is not one feature. It lives at each of those steps, and the differences between apps are in the details.

The journey of one document

1

Upload, encrypted in transit

Your file leaves your device over an encrypted connection, so it cannot be read as it travels to the service.

2

Parse and OCR

The document is parsed, and any scanned or photographed pages are run through OCR so the text inside images becomes readable to the system.

3

Turn text into embeddings

The text is converted into embeddings, a numeric form that lets the app search by meaning rather than exact keywords.

4

Encrypt and store at rest

The content is stored encrypted at rest. In MemX that is AES-256-GCM field-level encryption with keys in Google Cloud KMS, isolated to your account.

5

Retrieve and answer

When you ask a question, the most relevant passages are retrieved and used to compose an answer that points back to the source document.

Where the real protection lives

Marketing tends to focus on a single word like “encrypted.” The protection that actually matters is spread across four mechanisms, and a serious app can name all of them:

  • Encryption in transit and at rest. Your data is unreadable both while it travels and while it sits on disk, not just one of the two.
  • Customer-managed keys (CMEK). The keys are created and controlled by the app’s operator in a dedicated key service such as Google Cloud KMS, with defined rotation, revocation and audit, rather than an ambient provider default nobody controls.
  • Per-user isolation. Your data is cryptographically separated from every other account, so one user cannot reach another’s files even by accident.
  • On-device options. The less data that has to leave your phone at all, the smaller the surface anyone else could ever touch.

How MemX does it

MemX is private by architecture. Stored memory data uses AES-256-GCM field-level encryption with keys in Google Cloud KMS, your data is isolated per user, and processing uses on-device options where possible. MemX is deliberately not described as “end-to-end encrypted” or “zero-knowledge,” because to answer questions about your files it has to read them. We explain why that wording matters in “end-to-end encrypted” vs reality, and the full detail lives on the security page.

Search your own documents with a memory app that can explain exactly how it protects them.

Try MemX Free

Frequently asked questions

You upload a file, it is encrypted in transit, then parsed and (for images) run through OCR. The text is turned into embeddings so it can be searched by meaning. When you ask a question, the system retrieves the most relevant passages and uses them to answer, pointing back to the source.
In a well-built app your documents are encrypted at rest. In MemX, stored memory data uses AES-256-GCM field-level encryption with keys held in Google Cloud KMS, so files are not sitting in readable plaintext on disk.
Your documents stay in your own account so you can search them again later. They are not needed to keep training a public model, and you can delete them. Always confirm an app distinguishes between storing your data for you and using it to train shared models.
CMEK means the encryption keys are created and controlled by the operator, including their rotation, revocation and audit, rather than being managed automatically on a provider default. Combined with per-user isolation, access to your data is governed by controlled, auditable keys rather than loose internal access.
Check that data is encrypted in transit and at rest, that there is per-user isolation, that keys are managed rather than ambient, and that there are on-device options. Confirm whether your files are used to train shared models. If an app cannot answer these, be cautious.