Mnemosyne

Install & run

Two ways to run it. Both keep the data yours.

Run Mnemosyne yourself on your own metal, or let us operate a private instance we cannot read into. The status on each path is exact — we say what is available today and what is still in design.

On-premise — you operate ityour network · your hardwareMnemosynethe whole system, localYour keysnever leave the buildingA local modelno cloud model requirednothing must leave(air-gap-capable)Managed — we operate it, and still cannot read itour cloud · we run the boxattested enclavememory the host cannot readMnemosyne + your dataYour key storeyou hold the keyreleased onlyafter attestationusciphertext +metadata only○ IN DESIGN — not live
Same product; the only difference is who operates it. On your own metal, nothing has to leave — an air-gapped deployment has nowhere to send anything. Managed inverts the usual trade: we run the box, but your key is released only into an enclave whose memory the host cannot read, so we hold your ciphertext and never your plaintext. The managed topology is a committed design, not a running service today — we will not draw it as live until it is. This illustrates the mechanism, not a live view of a running system.

On-premise & air-gap-capable

In progress

The whole system runs on your hardware, behind your firewall, with a local model — a single trusted writer on infrastructure you control. Nothing has to leave your network. In an air-gapped deployment there is nowhere for a fooled model to send anything; the trade is honest — air-gapped means no frontier cloud model.

Managed, single-tenant — zero-access

Planned

A private, single-tenant instance we operate for you — but we hold the ciphertext and the operations, never the plaintext. Your keys are released only into an attested confidential enclave whose memory the host cannot read (confidential computing, remote attestation), so we run the box and still cannot read your data. You can always export your encrypted data and self-host instead.

In design for our first customers. The runtime zero-access guarantee is the committed mechanism, not yet live. Talk to us about an early-access managed trial.

Step-by-step setup, configuration, and the managed trust model in full are being written up here. If you are evaluating either path, request private access and we will walk you through it against your own threat model.