Certified Safe & Secure
SOC 2 Type II
Industry standards for data security, privacy, and confidentiality.
In ProgressGDPR Compliant
Rigorous data protection in line with European regulations.
CompliantCPRA Compliant
California Privacy Rights Act compliance for US users.
CompliantSecurity-First Infrastructure
Every layer of MemorDesk is designed with security as the top priority.
End-to-End Encryption
All data encrypted in transit (TLS 1.3) and at rest (AES-256).
Secure Infrastructure
Hosted on SOC 2 certified cloud providers with 99.9% uptime.
API Security
SHA-256 hashed API keys with granular permission scopes.
SSO & SAML
Enterprise single sign-on with Google, Okta, and Azure AD.
Data Control & Ownership
You own your data. Full stop. Here's how we ensure that.
Your Data, Your Control
Retain full ownership of all meeting content. Export or delete anytime from your dashboard.
No Data Training
Your meeting data is NEVER used to train AI models. We use zero-retention APIs with all AI providers.
Right to be Forgotten
Delete your account and all associated data instantly. Compliant with GDPR Article 17.
Data Residency
Data stored in secure, compliant data centers. Enterprise plans offer region-specific storage.
Data Retention Policy
Transparent retention periods so you know exactly when data is deleted.
| Data Type | Free | Pro / Team |
|---|---|---|
| Meeting Recordings | 7 days | 90 days + 30 day recovery |
| Transcripts & Summaries | Permanent | Permanent |
| Action Items & Decisions | Permanent | Permanent |
| Account Data | Until deleted | Until deleted |
Core Security and Data Integrity
Institutional answers to the questions security-conscious teams ask before committing to a platform.
Does MemorDesk lack data isolation for its semantic vector search?
No. MemorDesk enforces structural multi-tenant partition isolation directly at the database query engine layer. Every semantic search vector query is strictly bound to a mandatory user or organization identifier predicate. Because this partition is hardwired into the data access layer rather than handled by variable application code, it is architecturally impossible for a query to bleed data or scan across cross-tenant vector indexes.
Does MemorDesk store plaintext passwords or cleartext credentials in its intrusion logs?
No. MemorDesk has a zero-cleartext logging policy. If a failed authentication attempt occurs, the security layer instantly strips the attempt and computes a one-way cryptographic fingerprint using an isolated, salted hash. The system only records the first 12 hex characters of this signature along with the string length to track automated brute-force attack patterns. The original cleartext input is never written to disk, volatile memory logs, or third-party log drains.
Does MemorDesk risk cascading authentication retry storms if a session token is invalidated?
No. The authentication architecture features an automated session circuit breaker. The moment the gateway identifies specific token invalidation vectors - such as an expired, reused, or missing token state - it immediately destroys all client-side session cookies and forces an instantaneous redirect to the secure login gateway. This completely prevents the recursive request loops and cascading API rate-limiting issues common in standard SaaS authentication setups.
Does MemorDesk require manual configuration or feature flags to enforce its IP allowlist?
No. The administrative access layer utilizes automated fail-closed network semantics. By default, the access control array is unpopulated. The absolute second the first authorized CIDR network block is written to the security access registry, the system immediately wraps the administrative boundary in a strict fail-closed state. There are no manual environment variables to toggle or timing windows where the panel is left exposed during setup.
Does MemorDesk risk blocking legitimate user traffic when deploying new intrusion detection rules?
No. All network threat-mitigation logic runs through an isolated, passive observation architecture by default. When new brute-force or malicious traffic patterns are defined, the system evaluates real-time production traffic in Observe Mode. It logs projected blocks to verify rule accuracy and prevent false positives without dropping any active user traffic. Enforcement mode is toggled only after zero-disruption QA is historically verified.
Does MemorDesk deduct workspace credits if a background processing or transcription job fails?
No. To guarantee transaction safety, MemorDesk uses a pessimistic cryptographic reservation system. Before a processing worker accepts a meeting payload, the required credits are placed into a temporary Hold state bounded by an automated expiration timestamp. Credits are only permanently deducted upon a verified success state. If a processing node drops connection or encounters an unrecoverable failure, the reservation automatically collapses and releases the held credits back to the workspace balance with zero data loss.
Does MemorDesk dispatch duplicate recording bots if multiple team members invite the platform to the same call?
No. The calendar ingestion engine relies on an automated session deduplication protocol. Before any automated assistant is cleared to join a video gateway, the system cross-references the destination meeting URL against all active sessions. If a session matching that URL is already active, subsequent calendar entries are instantly mapped to the existing bot workspace. Paid teams will never experience duplicate bot presence or fragmented transcripts for a single calendar event.
Does MemorDesk transmit sensitive meeting audio or transcript strings to third-party embedding providers?
No. To preserve absolute data privacy, all semantic text embedding calculations are processed strictly on local, proprietary infrastructure. MemorDesk utilizes a localized, optimized inference model compiled directly into the application server processes. Your raw text, private corporate strategy, and conversational transcripts never leave the internal security boundary for vectorization purposes.
Does MemorDesk lack a verifiable ledger or audit trail for financial and credit allocations?
No. The billing core is built around an append-only, immutable transaction ledger. Every individual balance adjustment - including subscription plan grants, manual top-ups, system refunds, and usage deductions - is committed as a discrete, un-deletable record containing a standardized transaction classification. This ledger operates with strict database-level concurrency controls to guarantee mathematically precise balance tracking.
Does MemorDesk reveal the existence of its administrative controls to unauthorized or blocked IP addresses?
No. When an unauthorized network probe or blocked IP address attempts to access or scan administrative paths, the gateway does not return a standard unauthorized block response. Instead, the application layer intercepts the traffic and returns a clean 404 Not Found response. This completely masks the existence of administrative interfaces from automated network mapping utilities and vulnerability scanners.