Trust

Security

Last updated: May 24, 2026

We design Mnemonic so your meeting memory stays private to your account. This page summarizes how — not a certification claim.

What we do today

• Encryption in transit — TLS for all web and API traffic
• Encryption at rest — via Supabase / cloud provider defaults
• Row-level security (RLS) — each user only accesses their own rows
• No client-side secrets — API keys stay on the server
• No AI training — Anthropic commercial API; we do not train models on your data
• Cron authentication — scheduled jobs require a secret header
• Export & delete — self-service in Settings

What we do not claim

• We are not HIPAA-certified or a medical device
• We do not hold SOC 2 Type II today (roadmap for enterprise)
• We do not store raw meeting audio unless you upload a file; live capture saves text you choose

Report a vulnerability

Email hello@mnemonic.fyi with subject Security. We aim to respond within 72 hours.

Breach notification

If we discover a breach affecting your data, we will notify you within 72 hours at your account email. See Privacy Policy.

Privacy DPA Cookies