The Short Version
- We do not scrape your server. We do not read messages passively.
- We cannot read your memories — they are encrypted with a key only your account can access.
- We do not use your saved content for any AI training, advertising, or profiling.
- The only statistics we collect are anonymous totals: number of users, number of memories. No content. Ever.
01. The Prime Directive — Explicit Consent Only
Memoria Orbis operates on a single foundational principle: explicit consent. Unlike modern LLM scrapers and passive server bots that vacuum thousands of messages continuously, Memoria does absolutely nothing until you explicitly invoke it.
If you don't right-click a message and choose Save Memory, or use the
/save command, we do not read, process, store, or even look at it.
Your server conversations are your private domain — we are a guest that only acts when invited.
We Do Not Scrape Workflow Data
The bot has no background processes reading your channels. It has no scheduled jobs harvesting message history. It is completely inert until you explicitly command it. The only time the bot reads any message content is in the moment you invoke a save action, and only to capture what you selected (plus a small context window for surrounding messages if you permit it).
02. Encryption — Your Data Is Unreadable to Us
This is the most important section of this document. Please read it.
Every memory you save is encrypted using XChaCha20-Poly1305 — authenticated encryption that is used in Signal, WireGuard, and other high-security applications. Each user has a completely unique encryption key (a Data Encryption Key, or DEK). Your DEK is itself encrypted with a Master Key (Key Encryption Key, or KEK).
The critical point: the Master Key is stored on a separate, independent server from the database. The database server (shared hosting) physically cannot decrypt any user data because it never has access to the Master Key. This is called a split-server architecture.
What This Means In Practice
- Even if an attacker gained full access to the database, they would see only encrypted blobs.
- Even we, as operators, cannot casually query your memories. Reading them would require actively compromising both the database and the key server simultaneously.
- Your memories are decrypted only in your device's memory, during an active session, in response to your requests. They are never stored in decrypted form.
- Transit between our servers is also encrypted — keys are never passed in plaintext, even on internal connections.
03. What Data Exists and Why
Here is the complete, honest list of what we store:
| Data | Stored? | Encrypted? | Purpose |
|---|---|---|---|
| Your Platform User ID | ✓ | No (identifier) | Link your memories to your account |
| Your Team/Workspace IDs | ✓ | No (identifier) | Associate you with your organizations |
| Your Display Username | ✓ | No | Display in your dashboard |
| Your Profile Avatar | ✓ | No (a URL) | Display in your dashboard |
| Saved message content | ✓ | Yes — XChaCha20-Poly1305 | Your vault — returned only to you |
| Context messages | ✓ | Yes — XChaCha20-Poly1305 | Conversational context for your memory |
| Message URL / jump link | ✓ | No | Let you jump back to the platform source |
| Image attachments | ✓ (URLs only) | No | Display images in recalled memories |
| Tags / Notes you add | ✓ | No (metadata) | Help you organise your vault |
| Auth session token | ✓ (temporary) | No | Keep you logged into the dashboard |
04. What We Do Not Collect
A Clear List of What We Never Do
- We do not read any message you did not explicitly save.
- We do not sell or share any data with any third party.
- We do not use your saved memories for AI training of any kind.
- We do not use your saved memories for advertising, targeting, or profiling.
- We do not analyse content trends across users.
- We do not have access to private memories — the encryption design makes this technically impossible without a deliberate active breach of our own architecture.
- We do not track your behaviour on the website beyond what is functionally necessary to serve the page (no analytics SDKs, no tracking pixels).
05. The Only Statistics We Collect
The only aggregate data we ever observe is:
- Total number of registered users — a raw integer, to confirm the service is being used.
- Total number of private memories in the database — a raw integer, to confirm the save functionality is working.
- Total number of workspace memories (a future feature) — again, a raw count only.
These numbers exist solely for operational monitoring. They tell us nothing about who saved what. We cannot join these numbers back to any user or any content. They are anonymous totals, used only to verify the system is healthy.
06. Context Windows and Permissions
When you invoke Memoria to archive a message, it attempts to provide context. The bot looks backwards up to five messages preceding your target message.
- If the bot has Read Message History permissions, it archives this brief window to give the memory surrounding nuance.
- If the bot lacks permissions, it gracefully degrades and captures only exactly what you selected. No history is touched.
This context window is also encrypted before storage, using the same key as your main memory.
07. Data Ownership and Deletion
You own the archive. At any point, through the dashboard, you may delete individual memories, permanently removing them. You can purge your entire account, which removes all memories, session tokens, and your user record instantly — with no retention window, no 30-day delay, and no backups we're "unable" to remove.
You can also export your entire vault at any time in JSON, CSV, or Markdown format.
08. Team Privacy & Shared Access
Memoria Orbis for Teams introduces shared archival spaces. The same encryption standards apply, with the following additions:
- Isolated Team Keys: Each Team Vault uses its own unique set of encryption keys, separate from your personal vault keys.
- Access Control: Team members can only see memories within a Team Vault once they have been invited and authenticated. Removing a member from a Team instantly revokes their access to that Team's encrypted content.
- Admin Oversight: Team Administrators can view team-wide statistics and manage collection settings, but they cannot bypass the per-user decryption flow required to view the actual content of memories they do not have permissions for.
Cross-Platform Privacy
Memoria Orbis maintains strict data isolation. Memories saved from Discord and Slack are stored together in your unified encrypted vault, but the platform identifiers are only used to provide functional jump-links back to the source.
09. API Access & Token Security
Our Vault API and MCP support allow you to connect your encrypted data to external tools. To protect your privacy:
- Dynamic KMS Decryption: When an API request is made, your key is unwrapped in a secure, ephemeral memory space (KMS), used to decrypt the specific data requested, and instantly purged. Decrypted data is never cached on our servers.
- Scoping: API keys can be scoped to "Personal", "Team", or "Both". A key scoped to a team can never be used to access your private personal memories.
- Revocation: You have full control over your API keys within the dashboard. Revoking a key immediately invalidates all future access attempts from associated tools or MCP clients.
10. Contact
If you have any questions about this policy, or wish to request account deletion manually, please join the Memoria Orbis Support Server or contact Kynlo Akari directly.
Last updated: March 2026