Security

Your data is as important to us as it is to you.

Memocule takes its security responsibilities exceptionally seriously, and follows industry best practice in planning, implementation and operation of the Memocule service.

Network Security

All necessary communications between the application and our cloud services are protected using HTTPS (SSL/TLS), ensuring data remains confidential and intact during transmission.

The client-first design means most processing occurs within the user’s browser.

Cloud synchronization is performed selectively and securely, limiting network traffic to essential interactions only.

Data Security

User data is primarily stored and managed locally on the user’s device, reducing the volume of sensitive data transmitted or held on external servers.

This approach inherently lowers the risk of centralized data breaches and injection attacks.

Infrastructure Security

Client data is hosted using Amazon AWS data centers, whose security processes are independently audited to the level of SOC2, SSAE 16 SOC1, PCI DSS Level 1 and SysTrust certifications. Such processes include 24 hour security and 2-factor access authentication including biometric control. The AWS cloud infrastructure has been designed and managed in alignment with regulations, standards, and best-practices including:

• HIPAA
• SOC 1/SSAE 16/ISAE 3402 (formerly SAS70)
• SOC 2 & 3
• PCI DSS Level 1
• ISO 27001
• FedRAMP(SM)
• DIACAP and FISMA
• ITAR
• FIPS 140-2
• CSA
• MPAA

Application Security

User access is secured using a short-lived secret mechanism, eliminating the need to store user passwords altogether.

Access management involves secure tokens encrypted both in transit and at rest, using advanced encryption standards.

Encryption keys are managed via AWS Key Management Service (AWS KMS), a robust platform that utilizes hardware security modules (HSMs) validated under FIPS 140-2 Level 2 and higher.

AWS KMS ensures cryptographic keys are securely generated, stored, and rotated in compliance with industry standards such as NIST SP 800-57, providing strong protection against unauthorized access.

Policies & Procedures

Only authorized system management staff are able to access customer data.

We monitor for all relevant security patches to make sure the latest security updates are applied on all our subsystems.

As part of our standard terms and conditions, your data is fully protected under NDA. We will never share or disclose your data without your agreement except under court order.

All customer data is held in separate database schemas, so any court order for content will affect only that party, not any other client data.

IT Policy Documents

A set of ISO27001 policy documents is available upon request, commercially in confidence.

• Acceptable Use of Internal Systems
• Application Security Standards
• AI Accountability
• Asset Control
• Bring Your Own Application
• Bring Your Own Device
• Business Continuity
• Clear Desk
• Data Backup
• Encryption Standards
• Incident Response
• Information Classification & Retention
• Information Security
• Network Security
• Passwords
• Personnel Onboarding and Termination
• Privacy (UK + EU GDPR, California CPA)
• Remote Access
• Security Training
• Security Patches
• User System Access
• Version Management
• Virus Prevention
• Vulnerability Management

Business Continuity

We maintain geographically distinct backups in both Europe and USA.

Backups are taken daily.

We maintain multiple hosting providers to diversify any remaining commercial or contractual risk. Memocule uses Google Cloud Platform and Amazon Web Services as its hosting providers.