| Version | Supported |
|---|---|
| 0.5.x | ✅ |
| < 0.5 | ❌ |
If you discover a security vulnerability, please report it by opening a private security advisory on GitHub:
- Go to the Security tab
- Click "Report a vulnerability"
- Provide details about the issue
Please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We will respond within 48 hours and work with you to understand and address the issue.
- Memory data is stored locally in SQLite and LanceDB
- No data is transmitted to external servers (except when using Anthropic API for cluster labeling)
- API keys are stored in the system keychain (macOS) or encrypted file (Linux)
- The MCP server runs locally and communicates via stdio
- Optional token-based authentication can be enabled for network deployments
- No network listeners are opened by default
- Keep your Anthropic API key secure
- Use encrypted exports when sharing memory data
- Review data before sharing exports