Memory Index was designed from the ground up with GDPR compliance in mind. We don't treat privacy as an afterthought—it's baked into our architecture, our workflows, and our operational processes.
Every user can export their data at any time from their account settings. The export includes all metadata, audit logs, and encrypted file references. For data deletion, we provide a self-service workflow that removes all personal data, encrypted files, and associated records within 30 days of a verified request.
Our audit logging system records every significant action—file uploads, key rotations, recipient invitations, and access events—with immutable timestamps. These logs are retained for 24 months to support compliance investigations and dispute resolution. We also maintain data processing agreements with all our infrastructure providers, ensuring end-to-end accountability.