Security at MindGlue

Your memories are sensitive data. We treat security as a core feature, not an afterthought.

Encrypted

TLS in transit. Optional AES-256 Fernet encryption at rest with per-namespace key derivation.

Isolated

Full namespace isolation. Every query is scoped. Cross-tenant data leaks are architecturally impossible.

Compliant

GDPR-compliant forget endpoint. Full audit trail. SOC 2 Type II on our roadmap.

Data Encryption

Protection at every layer

In Transit

All connections use TLS. API endpoints are HTTPS-only. SSL certificates are auto-provisioned and managed.

At Rest

Scale plan includes optional field-level encryption using AES-256 (Fernet) with HKDF per-namespace key derivation. Memory content and raw content are encrypted before database storage.

Database

PostgreSQL hosted on Neon with SSL-only connections. Managed infrastructure with automatic backups, point-in-time recovery, and encrypted storage volumes.

Authentication & Access Control

Multiple layers of identity verification

  • API key authentication — SHA-256 hashed in the database, shown once on creation. Namespace-scoped with configurable rate limits and expiry. Key rotation with grace periods for zero-downtime transitions.
  • JWT authentication — 24-hour access tokens for dashboard and account management. bcrypt password hashing with secure fallback.
  • Per-memory access control — Shared, private, and public access levels. Private memories are only visible to the owner agent or explicitly allowed agents.
  • Rate limiting — Per-plan sliding window rate limiting (60–600 RPM). Prevents abuse and ensures fair usage across tenants.
  • OAuth 2.0 for connectors — HMAC-signed CSRF state tokens, 10-minute expiry. Connector credentials encrypted in database. Token refresh handled automatically.

Tenant Isolation

Your data never mixes with anyone else's

Every memory operation is scoped to a namespace. Namespaces are enforced at the database query level — not just in application logic. There is no API call that can access data across namespace boundaries without an explicit cross-namespace grant.

-- Every query includes namespace scope
SELECT * FROM memories
  WHERE namespace = $1
  AND is_current = true
  AND (expires_at IS NULL OR expires_at > now());

Cross-namespace sharing requires an admin-created grant with optional memory type filters and expiry dates. Shared memories receive a score penalty to ensure your own data always ranks higher.

Audit Trail & Monitoring

Full visibility into what happens with your data

  • Immutable audit log — Every store, recall, forget, and admin operation is recorded with actor, action, resource, and timestamp. Queryable via API.
  • Structured logging — JSON-formatted logs with per-request trace IDs. Pipeline stage timing for store and recall operations. Optional OpenTelemetry export.
  • Prometheus metrics — Request counts, p50/p95/p99 latency histograms, per-namespace breakdowns, and component error counters exposed at /metrics.
  • Webhook HMAC signing — Outbound webhooks include X-MindGlue-Signature SHA-256 signatures for payload verification.

Privacy & Data Handling

You own your data. Always.

GDPR-Compliant Deletion

The DELETE /memory endpoint permanently removes memories by entity, IDs, or date range — including knowledge graph cleanup. No soft-delete, no residual data.

Data Export

Export all your data at any time via GET /memory/export. Cursor-based pagination for large datasets. Your data is never locked in.

Automatic Expiry

Set TTL on any memory. Expired memories are filtered at query time (invisible immediately) and permanently cleaned up within 60 seconds.

No Training on Your Data

Your memories are never used to train models. LLM calls (classification, extraction) use your data only for your pipeline and are not retained by providers.

Infrastructure

Production-grade hosting with managed services

API & Redis

Railway
Containerized Docker

PostgreSQL

Neon
SSL-only, pgvector

DNS & SSL

Auto-provisioned
TLS certificates

Health probes at /health/live and /health/ready for liveness and readiness checks. Automatic container restarts on failure.

Compliance Roadmap

Where we are and where we're headed

Live GDPR-compliant data deletion & export
Live Field-level encryption at rest (AES-256)
Live Immutable audit logging with API access
Live Namespace isolation & per-memory access control
Planned SOC 2 Type II certification
Planned SSO / SAML integration (Enterprise)
Planned HIPAA BAA availability (Enterprise)

Responsible Disclosure

Found a security vulnerability? We take all reports seriously. Please email us with details and we'll respond within 48 hours. Do not open public issues for security vulnerabilities.

security@mindglue.ai

Have questions about our security practices?

Contact Us Privacy Policy API Reference