Trust Center — Mnemexa

1Overview

Mnemexa is built on trust. Your agents store sensitive business context in our platform. We take that responsibility seriously.

This Trust Center is your single source of truth for how we protect your data, operate our systems, and behave as a company — consolidating our commitments across security, privacy, compliance, and AI ethics.

2Our Principles

Data minimisation

We store only what you send us, process it only to provide the service, and never use customer data to train our own models.

No surveillance, no advertising

We do not sell your data. We do not use it for advertising. We do not build profiles of your end users. Your data is your data.

Transparency by default

We publish our sub-processors, security practices, and compliance roadmap. We notify you of material changes before they take effect.

Security as architecture

Security controls are built into the platform — PII detection, workspace isolation, encrypted storage, rate limiting — not bolted on after the fact.

3Your Data

3.1 Ownership

You own your data. Mnemexa claims no rights over the content you store in the platform. You can export or delete your data at any time.

3.2 Isolation

Every workspace is strictly isolated at the database level. Your data is partitioned by workspace ID and cannot be accessed by other customers — not even with a valid API key from a different workspace.

3.3 Retention

Data type	Retention
Memory entries (API data)	Until deleted by you, or 30 days after account termination
Account information	Duration of subscription + 30 days
API access logs	12 months
Billing records	7 years (legal requirement)
Anonymised usage metrics	Indefinite (no personal data)

3.4 Deletion

You can delete individual memory entries, workspace data, or your entire account via the dashboard or API at any time. Deletion is permanent and irreversible for memory entries. Account deletion is processed within 30 days.

4Sub-processors

Mnemexa uses a limited set of sub-processors, each bound by data processing agreements offering equivalent protections:

Sub-processor	Purpose	Data processed	Location
Cloud infrastructure	Hosting, compute, storage	All customer data	EU / US
OpenAI	LLM calls for importance scoring, dedup intelligence, reasoning features	Memory text content only	US
Paddle	Payment processing	Billing data only	UK / US

OpenAI usage note: Memory text is sent to OpenAI only for specific intelligence features. OpenAI does not use API inputs to train their models per their API data usage policies. You can disable reasoning features if you prefer zero LLM sub-processing.

5Compliance

Framework	Status
GDPR (EU)	Compliant
UK GDPR	Compliant
Data Processing Agreement	Available — view DPA
Standard Contractual Clauses	Available on request
SOC 2 Type I	In progress — Q3 2026
SOC 2 Type II	Planned 2027

For enterprise compliance documentation — executed DPAs, SCCs, or security questionnaire responses — contact privacy@mnemexa.com.

6Availability & SLA

Mnemexa targets 99.9% monthly uptime for the API platform. Our current uptime history is published on our status page.

Plan	SLA	Support response
Free	Best effort	Community
Pro	99.9% monthly	Email, 24 hours
Max	99.9% monthly	Priority, 4 hours
Enterprise	Custom SLA	Dedicated account manager

In the event of a service outage affecting paid customers, pro-rated credits are available upon request. Credits are calculated based on documented downtime exceeding the SLA threshold.

7AI & LLM Usage

Mnemexa uses large language models (LLMs) for specific intelligence features. We are transparent about when and how LLMs are used:

Importance scoring: Memory text is sent to an LLM to assign a 1–10 business value score.
Semantic deduplication: LLM determines whether near-duplicate memories should be merged.
Temporal classification: LLM classifies whether a memory is time-bound or persistent.
Memory reasoning: LLM synthesises retrieved memories into a natural language answer (reasoning feature only).
Auto-categorisation: LLM assigns business domain tags to memories.

What we do not do:

We do not use your data to fine-tune or train any model.
We do not use your data for any purpose beyond providing the service you subscribed to.
We do not share your memory content with any party other than the LLM sub-processors listed above, under strict data processing agreements.

8Changes & Transparency

We believe in giving customers clear, advance notice of material changes. Our commitments:

Policy changes: Material updates to our Terms, Privacy Policy, or DPA are announced with at least 30 days notice to registered users.
Sub-processor changes: New sub-processors are announced before they are onboarded, giving customers the opportunity to raise objections.
Security incidents: Confirmed incidents affecting customer data are communicated within 72 hours.
Pricing changes: Price changes apply only at the next renewal, never mid-subscription.

All policy documents are version-controlled and include a "last updated" date. Historical versions are available upon request.

9Contact

For any trust, security, privacy, or compliance question:

Privacy

privacy@mnemexa.com

Security

security@mnemexa.com

Enterprise DPA