Skip to content

DATA POLICY

How Botmem handles, encrypts, and protects your data. No legalese — just the technical truth.

Last updated: March 2026

01

OUR PHILOSOPHY

Store everything, label confidence, encrypt by default.

Your data is yours. We built Botmem to be transparent about exactly how your data flows through every layer of the system. Every memory is stored, never silently deleted, and classified with a factuality label: FACT, UNVERIFIED, or FICTION. You always know what the system knows and how confident it is.

02

DATA FLOW

Every piece of data follows the same pipeline from connector to searchable memory:

CONNECTOR SYNC

Data pulled from source (Gmail, Slack, WhatsApp, Telegram, iMessage, Photos, Locations) via authenticated connector.

RAW EVENTS

Immutable payload stored in PostgreSQL. The original data is never modified.

EMBEDDING

Text content is vectorized into a high-dimensional embedding and stored in Typesense for semantic search.

ENRICHMENT

AI extracts entities, claims, and classifies factuality. Importance scores computed. Contacts resolved and deduplicated.

SEARCHABLE MEMORY

Fully indexed memory with weighted ranking: 40% semantic, 30% rerank, 15% recency, 10% importance, 5% trust.

03

ENCRYPTION ARCHITECTURE

All sensitive data is encrypted at rest using AES-256-GCM, the same standard used in banking and government systems.

RECOVERY KEY SYSTEM

  • On signup, a random 32-byte encryption key is generated and shown to you once as a base64 string.
  • Only the SHA-256 hash of this key is stored in the database for verification. The plaintext key is never persisted on the server.
  • The key is temporarily cached in memory and Redis (encrypted with the server's APP_SECRET, 30-day TTL) for session continuity.
  • Password changes have zero impact on encryption. Your recovery key is independent of your password. Changing or resetting your password does not re-encrypt anything.

Your recovery key is your encryption key. Lose it, and encrypted credentials cannot be recovered. This is by design.

04

WHAT WE ENCRYPT

ENCRYPTED

  • Connector OAuth tokens & refresh tokens
  • API keys & credentials
  • Authentication context per account
  • Session credentials (WhatsApp, etc.)

NOT ENCRYPTED (BY DESIGN)

  • Memory text content (needed for search)
  • Contact names & identifiers
  • Vector embeddings (needed for similarity)
  • Job metadata & logs

Memory content and contacts are stored unencrypted because they must be searchable and queryable. On self-hosted deployments, disk-level encryption (LUKS, FileVault, etc.) is recommended for defense in depth.

05

SELF-HOSTED DATA ISOLATION

When you self-host Botmem, your data never leaves your hardware:

  • All data stays local. PostgreSQL, Typesense, and Redis run on your infrastructure.
  • AI processing via local Ollama. Embedding and enrichment models run on your machine. No data sent to external APIs.
  • No telemetry. No analytics, no tracking pixels, no phone-home. Zero network calls to Botmem servers.
  • You control the encryption keys. The APP_SECRET environment variable is your master secret for encrypting cached credentials. You set it, you own it.
06

PRO DATA HANDLING

On the Pro cloud tier, your data is hosted on managed infrastructure with the following guarantees:

  • Encrypted at rest — all databases and storage volumes use disk-level encryption in addition to application-level AES-256-GCM.
  • We cannot decrypt your connector credentials without your recovery key. The server only caches the key while your session is active.
  • Automatic backups — daily encrypted backups with 30-day retention. Backups are encrypted with separate infrastructure keys.
  • No data sharing. We never access, analyze, sell, or share your data. Your memories are yours.
07

AI PROCESSING

SELF-HOSTED (OLLAMA)

  • Embedding: mxbai-embed-large (1024d)
  • Text: qwen3:8b
  • Vision: qwen3-vl:4b
  • All models run locally. Nothing leaves your network.

PRO (CLOUD MODELS)

  • Optimized cloud models for faster enrichment.
  • Only text content is sent for processing — never credentials, tokens, or encryption keys.
  • Models are configurable in both tiers.
08

DATA DELETION

When you delete your account, all data is permanently purged:

  • PostgreSQL records (memories, contacts, raw events, jobs, accounts)
  • Typesense vector embeddings
  • Redis cache (sessions, encryption key cache)
  • All raw event payloads

This is irreversible. There is no soft-delete, no 30-day grace period, no recovery after deletion. Export your data first if you need it.

09

OPEN SOURCE VERIFICATION

Every line of encryption code, every data pipeline, every connector — it's all open-source under the AGPL-3.0 license. You don't have to trust our words. Read the code.

VIEW ON GITHUBENCRYPTION SOURCE

Don't trust us — read the code.