Cerememory handles deeply personal memory data. We take security vulnerabilities seriously.
If you discover a security vulnerability, please report it responsibly:
- Do not open a public GitHub issue
- Email: security@co-r-e.com
- Include: description, reproduction steps, potential impact
- We will acknowledge within 48 hours and provide a timeline for a fix
| Version | Supported |
|---|---|
| 0.x | Pre-alpha, best-effort security fixes |
Cerememory's security architecture is guided by these principles:
- Encryption at rest: All memory stores encrypted by default (AES-256)
- User-held keys: Encryption keys belong to the user, not any service
- Local-first: No data leaves the user's machine unless explicitly configured
- Cryptographic erasure:
lifecycle.forgetoperations are irreversible - Audit trail: All encode, forget, export, and import operations are logged
See the CMP Specification Section 10 for detailed security requirements.