Security at Memrio

Security is foundational to how we build and operate Memrio. We design the Service to protect your account, your designs, and the trust you place in us, and we apply industry-standard practices across our infrastructure, application, and operations.

This page summarizes the technical and organizational measures we use to keep your data safe. It is not exhaustive and we continually evolve our controls as the platform grows.

Memrio runs on reputable cloud providers whose data centers are physically secured and certified to recognized industry standards. We do not operate our own physical infrastructure.

• Workloads run in managed cloud environments with hardened operating systems and automatic security patching.
• Network access to production systems is restricted by firewalls and least-privilege rules; production databases and storage buckets are not exposed directly to the public internet.
• Environments are logically separated so that development, staging, and production data and credentials do not mix.

We use modern encryption to protect data both as it moves over the network and while it is at rest.

• In transit: All traffic between your browser and the Service is transmitted over HTTPS using TLS (commonly referred to as SSL).
• At rest: Account data, project content, and uploaded files are stored on infrastructure that applies disk-level encryption (typically AES-256) at the storage layer.
• Passwords: Account passwords are never stored in plain text. They are salted and hashed by our authentication provider using industry-standard one-way hashing algorithms, and they are not accessible to memrio staff.

We protect your account with secure authentication and protect our systems with strict access controls.

• User sign-in is handled by a trusted authentication provider that issues short-lived session tokens stored in secure, HTTP-only cookies.
• Email confirmation is required before a new account can be used, helping prevent fraudulent sign-ups and account takeovers.
• Password reset flows use time-limited, single-use links delivered to the verified email address on file.
• Internal access to production systems is restricted to authorized personnel on a need-to-know basis, protected by strong passwords and multi-factor authentication where supported, and audited through provider logs.

We follow secure-development practices and aim to ship safe code by default.

• Server-side authorization checks are used to ensure that users can only access their own projects, designs, and uploaded files.
• Inputs are validated on the server and outputs are encoded to mitigate common web vulnerabilities such as cross-site scripting (XSS) and injection attacks.
• Dependencies are kept up to date, and we monitor known-vulnerability databases for the libraries we use.
• Code changes are reviewed before being deployed to production, and deployments are automated to reduce the risk of manual error.

You own the projects you create on Memrio. We use the data you upload only to operate the Service for you, as described in our Privacy Policy.

• Project data and uploaded files are tied to your account and isolated from other users at the application layer.
• We do not sell your personal information or your designs to third parties.
• You can request deletion of your account and associated data at any time by contacting us at contact@memrio.ai.

For a full description of what we collect and how we use it, see our Privacy Policy.

We use carefully selected third-party providers to deliver the Service, including providers for cloud hosting, authentication, file storage, email delivery, and analytics or error monitoring.

These providers are contractually required to protect the information we share with them, to use it only on our behalf, and to maintain appropriate security controls. We review providers before onboarding them and reassess them periodically.

We rely on managed database and storage services that perform automated backups so we can recover from infrastructure failures and accidental data loss.

While we work hard to keep the Service available and your data safe, no platform can guarantee 100% availability or zero data loss. We strongly recommend exporting and keeping local copies of any designs that are important to you.

We monitor the Service for errors and anomalous activity so we can respond quickly to issues that may affect security or availability.

If we ever experience a security incident that materially affects your personal information, we will notify affected users and, where required, regulators in accordance with applicable law.

If you believe you have discovered a vulnerability in Memrio, we would like to hear from you. Please email us at contact@memrio.ai with a clear description of the issue, the steps required to reproduce it, and any proof-of-concept material that may help us investigate.

We ask that you:

• Give us a reasonable amount of time to investigate and address the issue before publicly disclosing it.
• Do not access, modify, or delete data belonging to other users, and do not degrade the experience of other users while testing.
• Avoid running automated scans or denial-of-service tests against our production infrastructure without our prior written consent.

We appreciate researchers who help us keep Memrio secure and will acknowledge responsibly disclosed issues where appropriate.

Security is a shared responsibility. You can help protect your account and your designs by:

• Using a strong, unique password for your Memrio account that you do not reuse on other websites.
• Keeping your email account secure, since it can be used to reset your password.
• Signing out of shared or public devices when you finish using them.
• Being cautious of suspicious emails or links that claim to come from Memrio. We will never ask you for your password by email.
• Reporting any suspicious activity on your account to contact@memrio.ai as soon as possible.

We design our practices to align with widely accepted security and privacy principles and to support compliance with applicable laws and regulations in the jurisdictions where we operate.

Security is an ongoing program, not a one-time project. We continue to invest in better tooling, training, and controls as Memrio grows.