Privacy & security

A memory this personal should answer to you.

Mimesis keeps what you choose to keep, in a store that belongs to you, and hands only the relevant few sentences to whichever assistant asked. Below is exactly how that works — and where we're plain about what we don't claim yet.

Your data

One owner, one store, no shared pool.

There's no multi-tenant database where everyone's memories sit side by side hoping the query filters hold. Isolation is structural, not a permissions check bolted on after the fact.

Isolated by person

Each person's memory lives in its own store. In hosted mode, the identity tied to your login always overrides anything a request claims about who's asking — that's what keeps one person's memory from ever bleeding into another's.

Export, or delete, whole

Everything you've kept can be exported as plain files, or deleted outright. A delete is recorded as soft at the database layer — so the change itself stays auditable — but gone means gone from anywhere the memory would be used.

Provenance on every memory

Before anything is parsed or derived, the raw original is preserved and fingerprinted with SHA-256. Every memory built from it carries that trail back to the source — nothing is silently rewritten along the way.

How retrieval stays local

Nothing about you goes out to answer "what matters here?"

When you ask for context, Mimesis doesn't ship your memories off to an embedding API to work out what's relevant. Retrieval runs locally and deterministically: lexical matching, SQLite full-text search, local TF-IDF/SVD embeddings when numpy is installed (a hashed fallback when it isn't), entity and tag overlap, source trust, freshness, and a few other signals — all scored on the machine serving your request.

That's a constraint in the code, not a claim on a page: there's no external call in the scoring path to make in the first place.

  • Lexical, full-text, and local-embedding scoring — computed here, not by a third party.
  • numpy enables the richer local embedding lane; a hashed fallback works without it.
  • Every briefing can show you why a memory was included or left out.

Nothing becomes a fact on its own

Agents propose. You decide. Every change is logged.

Candidate review

When an agent infers something about you, it's stored as a candidate — lower confidence, clearly marked, never treated as settled. It only becomes something Mimesis will hand to other assistants after you approve it, at which point it's recorded as approved by you, not invented by a model.

Soft delete, real audit trail

Deleting a memory doesn't erase the row outright — it's marked deleted and kept out of every retrieval and briefing from that point on, with the state change itself recorded. Something you rejected doesn't quietly come back because an agent proposes it again.

Secrets refused at the door

Obvious credentials — API keys, passwords, that kind of thing — are rejected before they can be written to memory, across every write path: the CLI, the HTTP API, and MCP.

Scoped agent permissions

Agents get a permission profile, not a blank check. An ordinary agent can propose a memory but can't approve or delete one; personas are scoped to the single agent they were written for, not shared across every assistant you run.

Where we are

Hosted beta, and straight about the edges.

Mimesis is a hosted beta today, not a certified product. We don't hold SOC 2, ISO 27001, HIPAA, or any other formal compliance attestation — if your use case needs one of those, we're not there yet, and we'd rather say so than let the omission speak for us. We also don't claim your data is encrypted at rest; we haven't built and verified that guarantee, so we won't claim it.

What we can say: the codebase has been through a security-hardening pass that closed path-traversal issues and secret-guard gaps and added more robustness at request boundaries. The engine is small enough to read end to end, and we mean that literally — if you want to see how a particular guarantee above is actually implemented, ask.

Questions, concerns, or something that looks wrong: security@mimesis.ai.

See it before you decide to trust it.

Read how the pieces fit together, or start a memory and watch the review queue work.