VasperaMemoryMemory Layer for AI Tools
Get Started

Security

How we protect your data

At VasperaMemory, security is foundational to everything we build. As an AI memory platform that handles sensitive code context and development decisions, we implement enterprise-grade security practices to protect your data. This page outlines our security architecture and practices.

Infrastructure Security

Cloud Infrastructure

  • Hosted on Vercel (frontend) and Railway (backend) with SOC 2 Type II compliance
  • Database hosted on Supabase with managed PostgreSQL and built-in security
  • DDoS protection and WAF (Web Application Firewall) enabled
  • Automatic scaling and redundancy across multiple availability zones

Network Security

  • All traffic encrypted with TLS 1.3
  • HTTPS enforced on all endpoints
  • Strict Content Security Policy (CSP) headers

Data Encryption

Encryption at Rest

  • All database content encrypted with AES-256
  • Backup data encrypted with separate keys
  • Vector embeddings stored in encrypted PostgreSQL with pgvector

Encryption in Transit

  • TLS 1.3 for all API communications
  • Secure WebSocket connections for real-time features
  • HSTS (HTTP Strict Transport Security) enabled

Access Control

Authentication

  • Secure authentication via Supabase Auth
  • OAuth 2.0 support (GitHub, Google)
  • API keys with configurable scopes and expiration
  • Session management with secure cookie handling

Data Isolation

  • Row Level Security (RLS): Database-enforced isolation between users
  • Project Isolation: Each project has its own memory space
  • API Key Scoping: Keys can be limited to specific projects

Data Privacy

Your Code Stays Yours

  • We store context and decisions, not your full codebase
  • You control what data is captured and stored
  • Data export available at any time
  • Delete your data completely upon account closure

AI Model Training

  • Your data is never used to train third-party AI models
  • Context sent to AI tools only when you explicitly request it
  • Evolution and learning happens only within your isolated data

Vulnerability Management

Security Monitoring

  • Continuous security monitoring with Sentry error tracking
  • Automated dependency vulnerability scanning
  • Regular security audits and penetration testing
  • 24/7 uptime monitoring with automated alerts

Incident Response

  • Documented incident response procedures
  • Breach notification within 72 hours as required by law
  • Post-incident review and remediation

Responsible Disclosure

We appreciate security researchers who help us keep VasperaMemory safe. If you discover a security vulnerability, please report it responsibly:

Report Security Issues

Email: security@vasperamemory.com

Please include a detailed description of the vulnerability, steps to reproduce, and potential impact. We aim to respond within 48 hours and will work with you to understand and address the issue.

Compliance

VasperaMemory is committed to meeting industry security and privacy standards:

  • GDPR compliant for EU users
  • CCPA compliant for California users
  • Infrastructure providers maintain SOC 2 Type II certification
  • Working toward SOC 2 Type II certification for VasperaMemory

Contact

For security-related inquiries:

Vaspera Capital, LLC

Security Team

Email: security@vasperamemory.com