Memoria
Sign inGet Memoria
Security

Built like a vault, not a notebook.

Memoria handles your household’s sensitive documents—school IDs, RCs, insurance policies, warranty cards. We treat them with the seriousness they deserve.

Per-household encryption keys

Every household gets its own data encryption key (DEK), generated at signup and envelope-wrapped by an AWS KMS shard CMK. The DEK never leaves our infrastructure unencrypted, and revoking a household rotates its DEK and re-keys its vault objects without affecting any other household.

Encrypted document vault

Every file in the vault — RCs, insurance policies, warranty cards, fee receipts, school certificates — is encrypted at rest with the household DEK. S3 Bucket Keys amortise KMS cost while keeping per-household isolation.

DPDP-2023 by design

India’s Digital Personal Data Protection Act 2023 is built into Memoria from day one. Section 9 verifiable parental consent is captured at first run for any kid under 18 and re-confirmed on any kid-data write. Consent records are immutable rows; revocation is a new row, not a delete.

No data sale, ever

We don’t sell data. Not now, not after a Series B. We don’t share with third-party data brokers, and we don’t serve targeted advertising. Memoria is funded by Family Pro subscriptions — that alignment matters.

Biometric on the device

The Memoria mobile app gates access via FaceID, Fingerprint, or PIN bound to a device-public-key registered at first sign-in. Tokens are bound to that key — a stolen JWT cannot be reused on a different device.

Inbound content boundary

WhatsApp and email forwards run through CSAM scan (Microsoft PhotoDNA / Thorn Safer), malware scan (AWS GuardDuty Malware Protection for S3), and a per-household sender allowlist before any model or storage sees them. Anything failing scan is dead-lettered.

Tamper-evident audit trail

Every privileged action — admin impersonation, vault read of someone else’s data, consent revocation, key rotation, billing change — writes an append-only audit row with a hash chain. The application role has only INSERT and SELECT on the audit table.

Compliance matrix

DPDP-2023 (India), GDPR (EU), COPPA (US under-13), FERPA (US education). DPDP is live at v1; the others activate as Memoria opens those markets and complete their consent and DSR flows.

Want the full legal text? Read the Privacy policy, DPDP-2023 notice, and Data deletion flow.