Built like a vault, not a notebook.
Memoria handles your household’s sensitive documents—school IDs, RCs, insurance policies, warranty cards. We treat them with the seriousness they deserve.
Memoria is built and operated by Ekarche. The security posture below applies across every Ekarche product.
Encrypted at rest, household-isolated
Every file in the vault is encrypted at rest with AES-256 server-side encryption. Each household’s data is partitioned at the database and storage level, and access is gated by household-scoped authorization — only verified members of your household, with valid sessions on a registered device, can read your data.
Encrypted document vault
Every file in the vault — RCs, insurance policies, warranty cards, fee receipts, school certificates — is encrypted at rest and accessible only to verified members of the household it belongs to. Cross-household reads are blocked at the application boundary.
DPDP-2023 by design
India’s Digital Personal Data Protection Act 2023 is built into Memoria from day one. Section 9 verifiable parental consent is captured at first run for any kid under 18 and re-confirmed on any kid-data write. Consent records are immutable rows; revocation is a new row, not a delete.
No data sale, ever
We don’t sell data. Not now, not after a Series B. We don’t share with third-party data brokers, and we don’t serve targeted advertising. Memoria is funded by paying customers — that alignment matters.
Biometric on the device
The Memoria mobile app gates access via biometrics or a PIN, bound to a device key registered at first sign-in. Session tokens are bound to that key — a stolen token cannot be reused on a different device.
Inbound content boundary
WhatsApp and email forwards only land when they come from a registered household member — anything else is dropped at the webhook before it touches our backend. Every attachment then runs CSAM and malware scanning before any model or storage sees it. Anything that fails the scan is dead-lettered.
Tamper-evident audit trail
Every privileged action — vault read, consent revocation, member removal, data export, billing change — writes an append-only audit row with a hash chain. The application role has only INSERT and SELECT on the audit table.
Compliance matrix
DPDP-2023 (India), GDPR (EU), COPPA (US under-13), FERPA (US education). DPDP is live at v1; the others activate as Memoria opens those markets and complete their consent and DSR flows.
Want the full legal text? Read the Privacy policy, DPDP-2023 notice, and Data deletion flow.
Trust is built, not claimed.
Read the policies, audit our schema, run our compliance flow. We’ll meet you in the details.