MemNexus
Concepts

Privacy & Security

How MemNexus protects your data — authentication, encryption, isolation, and data ownership.

Your memories are personal. MemNexus is designed to keep them private and secure.

Authentication

All API access requires authentication via API keys. Keys follow the format:

cmk_live_<id>.<secret>
  • The <id> portion identifies the key
  • The <secret> portion is hashed and validated server-side
  • Keys are passed as Bearer tokens in the Authorization header

API keys are never stored in plaintext. Only the hashed secret is persisted.

Data isolation

Each user's data is completely isolated:

  • Separate graph namespace — Your memories, facts, topics, and entities exist in your own space
  • Query isolation — Searches only return your data
  • No cross-user access — There is no mechanism to access another user's memories

API Gateway security

All traffic flows through the API Gateway (Kong), which provides:

  • Authentication — Validates API keys before requests reach the Core API
  • Rate limiting — Prevents abuse and ensures fair usage
  • Request routing — Only exposes intended endpoints
  • TLS termination — All connections use HTTPS

Data in transit

All API communication uses HTTPS (TLS 1.2+). This includes:

  • Client → API Gateway
  • MCP Server → API Gateway
  • SDK → API Gateway

No data is transmitted in plaintext.

Data at rest

Memories are stored in Neo4j with:

  • Encrypted storage — Database files are encrypted
  • Vector embeddings — Generated by OpenAI and stored alongside memories
  • No third-party access — Embeddings are used for search only, not shared

Embedding privacy

Memory content is sent to OpenAI solely to generate vector embeddings for search. OpenAI does not use API inputs for model training.

When you create a memory, the content is sent to OpenAI to generate a vector embedding. This is the only external service call:

  • What's sent: Memory content text
  • What's returned: A 1536-dimension float vector
  • OpenAI's policy: API inputs are not used for training
  • What's stored: Only the vector, alongside your memory in Neo4j

API key management

Best practices

  • Rotate keys periodically — Create a new key, update your systems, delete the old one
  • Use separate keys per environment (dev, staging, production) and per application
  • Set expirations on temporary keys
  • Never commit keys to version control
  • Use environment variables in CI/CD, not config files

Key lifecycle

# Create a new key
mx apikeys create --label "Production v2"

# Verify it works
mx auth login --api-key cmk_live_new.key
mx auth status

# Delete the old key
mx apikeys delete old_key_id --force

Data ownership

Your data belongs to you:

  • Export — Retrieve all your memories via the API or CLI
  • Delete — Remove individual memories or your entire account
  • No vendor lock-in — Data is accessible via standard REST API

Export your data

# Export all memories as JSON
mx memories list --format json --limit 10000 > my-memories.json

# Export all facts
mx facts list --format json --limit 10000 > my-facts.json

Data deletion & retention

MemNexus supports account deletion in compliance with GDPR Article 17 (Right to Erasure) and CCPA.

How to delete your account

You can request account deletion through:

  1. Customer Portal — Go to Profile and click "Delete Account", then confirm with your email address
  2. APIPOST /api/users/me/deletion with { "confirmationEmail": "[email protected]" }

What happens when you request deletion

  1. Grace period (7 days) — Your account enters a 7-day grace period. During this time:

    • Your account is in read-only mode (no new memories or data can be created)
    • You can still export your data via the Portal or API
    • You can cancel the deletion at any time to restore full access

  2. Permanent deletion — After the grace period, a background job permanently deletes:

    • All memories, conversations, facts, entities, patterns, and artifacts
    • Your API keys
    • Your identity from our authentication provider (WorkOS)
    • Your billing information from Stripe
    • A confirmation email is sent to your address

  3. Audit record — A pseudonymized audit record is retained for compliance purposes. It contains:

    • A SHA-256 hash of your user ID and email (not reversible to your identity)
    • Counts of deleted data (e.g., "50 memories deleted")
    • Timestamp of deletion
    • No personal data or memory content

Data retention after deletion

Data typeRetention after deletion
Personal data (name, email, profile)Immediately deleted
Memories, facts, conversationsImmediately deleted
API keysImmediately revoked and deleted
Stripe customer recordImmediately deleted
WorkOS identityImmediately deleted
Pseudonymized audit recordRetained indefinitely for compliance
Server logsRetained for 30 days, then purged

Re-registration

After deletion, you can create a new account with the same email address. The new account starts fresh with no connection to the previous account.

MCP server security

The MCP server is a stateless translation layer:

  • No direct database access — All requests go through the authenticated API Gateway
  • No credential storage — The API key is passed via environment variable, not stored
  • Local execution — The MCP server runs on your machine, not in the cloud
  • Open protocol — MCP is an open standard you can audit

GraphRAG

Graph-based retrieval augmented generation — how MemNexus uses graph structure to answer complex queries.

Changelog

Release history for MemNexus packages.

On this page

AuthenticationData isolationAPI Gateway securityData in transitData at restEmbedding privacyAPI key managementBest practicesKey lifecycleData ownershipExport your dataData deletion & retentionHow to delete your accountWhat happens when you request deletionData retention after deletionRe-registrationMCP server security