Skip to content
OctaMem
Start free

The integrity layer your security team will approve.

Memory is sensitive. We treat it that way, with cryptographic audit, role-bound access, customer-managed keys, and deployment options that match the most regulated environments your organization runs.

Audit chain

Every memory action leaves a mark.

Reads, writes, redactions, and policy checks are chained together so the record can be inspected after the fact.

Active event

memory.search

hash: sha256:8f4a2c91b0

  1. evt_4182

    prev: 0b91ce774a

    memory.search

    agent:legal-copilot

    previous_context: legal-msas

  2. evt_4183

    prev: 8f4a2c91b0

    policy.checked

    policy:contract-scope

    redact: pricing / pii

  3. evt_4184

    prev: 1c68bd044e

    context.delivered

    octamem:renderer

    642 tokens / 7 sources

  4. evt_4185

    prev: ad72f9019c

    memory.add

    agent:legal-copilot

    retention: 365 days

All systems operational.
Live numbers on the status pageStatus page
§ 01Compliance posture

Certifications, in plain language.

The current state of our certifications. Audit reports, penetration test summaries, DPAs, and BAAs are available on request during procurement.

Request artifactsDownload DPA

  • HIPAA-Ready

    Available

    BAA available on Enterprise

  • GDPR

    Available

    DPA available · EU residency in eu-west

  • CCPA

    Available

    Compliant · DSR fulfillment in 30 days

  • SOC 2 Type II

    In progress

    Controls in place. Bridge letter on request.

  • ISO 27001

    In progress

    Controls in place. Audit in progress.

  • FedRAMP

    Planned

    Future roadmap

§ 02Practices

The model can’t leak what it never saw.

  • Encryption

    AES-256 at rest. TLS 1.3 in transit.

    All memory records, audit log, and source documents are encrypted at rest with AES-256-GCM. Keys are managed in AWS KMS, with BYO-KMS available on Enterprise.

  • Access

    Zero standing access to customer data.

    Engineers cannot read customer memory. All access is audited, time-bound, and requires a documented incident or customer ticket. SSO, SCIM, and hardware keys for OctaMem staff.

  • Resilience

    Multi-AZ. 99.99% target SLA.

    Hot standby in a second availability zone. Daily snapshots with point-in-time recovery to 7 days. Quarterly disaster-recovery drill with RTO of 30 min, RPO of 5 min.

  • Disclosure

    Coordinated disclosure with bug-bounty.

    Public security.txt, responsible disclosure policy, and bug-bounty program (Enterprise tier). Critical vulnerabilities patched within 24h, communicated to customers within 72h.

§ 03Subprocessors

Who we share infrastructure with.

Notified 30 days before any change. Full list maintained at /legal/subprocessors.

  • AWSPrimary cloud (compute, storage, KMS)us-east-1, eu-west-1, ap-southeast-1
  • CloudflareEdge, DDoS, WAFGlobal
  • DatadogObservability and metricsus-east-1
  • StripeBillingus, eu
  • LinearIssue tracking (no customer data)us

For the security team

Procurement-ready. On request.

Vendor questionnaires, pen-test summaries, DPAs, and reference architectures returned within 48 hours.

Request artifactsLive status