FeaturesPricingSecurityFAQ

Security

Built with Security at the Core

Your security and privacy are our top priorities. Memoria is designed with zero-knowledge architecture, ensuring that only you can access your sensitive data.

Zero-Knowledge Architecture
We never see your sensitive data. All encryption happens on your device before data leaves your browser.
End-to-End Encryption
Military-grade encryption using libsodium (NaCl). Your master key is derived from your passphrase using Argon2id.
Secure Infrastructure
Hosted on SOC 2 certified infrastructure. All data is encrypted at rest and in transit using TLS 1.3.
Regular Audits
Our codebase is open source and regularly audited by security researchers. We follow OWASP best practices.
Privacy First
We collect minimal personal data and never sell your information. GDPR and CCPA compliant.
Granular Access Control
You control exactly who can access what. Multi-signature policies and revocation windows provide additional security.

Technical Security Details

Encryption Standards

  • Authenticated encryption using XSalsa20-Poly1305 (NaCl secretbox)
  • Key derivation using Argon2id with interactive parameters
  • Asymmetric encryption using X25519-XSalsa20-Poly1305 (NaCl box)
  • TLS 1.3 for all data in transit
  • AES-256-GCM for data at rest on servers

Authentication

  • WebAuthn/Passkeys for passwordless authentication
  • TOTP (Time-based One-Time Password) as fallback 2FA
  • Session tokens with automatic rotation
  • Rate limiting on all auth endpoints

Data Storage

  • All sensitive data encrypted before leaving your device
  • Master keys never stored on servers
  • Regular automated backups with encryption
  • Disaster recovery procedures tested quarterly

Compliance & Auditing

  • GDPR and CCPA compliant
  • SOC 2 Type II certified infrastructure
  • Open source codebase for transparency
  • Regular third-party security audits
  • Responsible disclosure program

Responsible Disclosure

If you discover a security vulnerability, please email us at security@memoria.app. We take all reports seriously and will respond within 24 hours.

We offer a bug bounty program for responsibly disclosed vulnerabilities. Visit our disclosure policy for details.