How Engram handles your data.

BYOK / BYOM is the default

On every public tier (Free, Indie, Team), inference goes through your own LLM provider account. Your model keys live in your tenant; we never see plaintext model traffic on the inference path. That means your existing volume discounts, billing trail, and provider-level access controls stay in force.

The unit-economics argument behind that choice is in Hosted inference vs BYOK: why a memory product cannot bundle inference without breaking either the pricing page or the customer.

We never train on customer data

No customer memory content is used to train, fine-tune, or evaluate models — ours or any third party's. Our published benchmarks (LongMemEval-S) use the public dataset, never customer buckets. The deeper version of this claim — what contracts, architecture, and audit posture are required to make it real — is the subject of a full post: "We never train on customer data" — what that actually requires.

How memories are stored

• Tenant isolation. Memories live in per-tenant buckets in Postgres. Every query is scoped to a single tenant at the SQL layer; cross-tenant reads are not possible from the application path.
• Write-time dedup. A deterministic text_hash (normalized SHA-256) and an embedding paraphrase check at 0.95 cosine collapse near-duplicates before they hit disk. Architecture detail: text-hash vs embedding-based dedup.
• Cascade delete. Deleting a memory removes the associated knowledge-graph triples and embedding rows in the same transaction. There is no soft-delete shadow on the retrieval path.
• Retention. Free-tier memories are cleared after 180 days of API inactivity (warning at 150 days). Paid tiers retain memories for the life of the account; custom retention is available on Enterprise via DPA.

Transport and authentication

• HTTPS everywhere; HSTS preload-eligible at the edge.
• API keys are issued per account and authenticate with HMAC over the request body — never bearer-style equality checks against the database. Background: The 200ms auth floor with HMAC API keys.
• OAuth 2.1 for the MCP endpoint (Claude Code, Cursor, Windsurf, ChatGPT), with token rotation and revocation.
• Cookies are scoped to the auth subdomain only; the marketing site sets no auth cookies. Background: cookie scoping for subdomain auth.

Compliance posture

We are not currently SOC 2 or ISO 27001 certified. We're a small team and would rather under-promise than mis-state where we are. The architecture is built to make those audits tractable when we run them — single-region Postgres, structured access logs, principal-tagged secrets — but we have not yet engaged an auditor.

Enterprise customers can negotiate a DPA (including custom retention and sub-processor lists), VPC / on-prem deployment, and an SLA. The public tiers run on shared infrastructure.

Reporting a vulnerability

Email security@lumetra.io with details. We commit to acknowledging reports within two business days. We do not currently run a paid bounty program, but we credit reporters in release notes when they ask to be named.

Please give us a reasonable window before public disclosure. We generally aim to ship fixes within 30 days for high-severity issues and 90 days for medium-severity, and we'll keep you in the loop on the timeline.