Run Mnemosyne yourself on your own metal, or let us operate a private instance we cannot read into. The status on each path is exact — we say what is available today and what is still in design.
Same product; the only difference is who operates it. On your own metal, nothing has to leave — an air-gapped deployment has nowhere to send anything. Managed inverts the usual trade: we run the box, but your key is released only into an enclave whose memory the host cannot read, so we hold your ciphertext and never your plaintext. The managed topology is a committed design, not a running service today — we will not draw it as live until it is. This illustrates the mechanism, not a live view of a running system.
On-premise & air-gap-capable
◐In progress
The whole system runs on your hardware, behind your firewall, with a local model — a single trusted writersingle-writer — The whole record is sealed by a single trusted writer on the customer's own infrastructure, so there are no competing versions, no mining, and no consensus race. It is simpler and stronger than a public blockchain for this setting. on infrastructure you control. Nothing has to leave your network. In an air-gappedair-gap — A configuration physically or logically disconnected from outside networks, so exfiltrated data would have nowhere to go. The honest trade-off is that an air-gapped deployment cannot use a frontier cloud model. deployment there is nowhere for a fooled model to send anything; the trade is honest — air-gapped means no frontier cloud model.
Managed, single-tenant — zero-access
○Planned
A private, single-tenantsingle-tenant — An architecture where each customer gets their own isolated instance — one virtual machine, one keystore, one set of records — never a shared multi-customer substrate. A shared brain would be indefensible for this kind of buyer. instance we operate for you — but we hold the ciphertext and the operations, never the plaintext. Your keys are released only into an attested confidential enclaveenclave — The isolated, memory-encrypted area of a machine where sensitive code executes out of the operator's reach. In the managed design, a customer's key is released only into an enclave whose exact contents they have verified. whose memory the host cannot read (confidential computingconfidential-computing — A hardware feature where a virtual machine's memory is encrypted by the CPU itself, so even the operator, the hypervisor, or a cloud insider cannot read what runs inside. It is how the managed tier aims to keep the operator out of the plaintext., remote attestationattestation — A hardware-signed report proving precisely which firmware and software are running inside a protected enclave, checked before any key is handed over. It lets a customer verify the code rather than trust the operator's word.), so we run the box and still cannot read your data. You can always export your encrypted data and self-host instead.
In design for our first customers. The runtime zero-accesszero-access — The goal for the managed tier: the operator holds the infrastructure but never the plaintext, because your key unlocks the data only inside protected hardware the host cannot see into. Trust moves to a hardware measurement, not to our promise. guarantee is the committed mechanism, not yet live. Talk to us about an early-access managed trial.
Step-by-step setup, configuration, and the managed trust model in full are being written up here. If you are evaluating either path, request private access and we will walk you through it against your own threat model.