Mem0 Trust Center
Mem0 is in compliance with security best practices, has implemented and is monitoring comprehensive controls, and maintains policies to outline its security procedures.
Compliance
Links
Resources
SOC 2 Type I Report
Information Security Policy
Board of Directors Charter
HIPAA Internal Privacy Policy
Risk Assessment and Treatment Policy
Controls
Password rules enforced
Secure, unique authentication required for infrastructure access
Quarterly user access reviews performed
Firewall access restricted
Source code access restricted and changes logged
Data encrypted at rest
Encryption in transit over public networks
Secure disposal of electronic media containing sensitive data (PII, ePHI, etc.)
Customer data deleted after termination
Data protection impact assessment
Secure connection means utilized
External Attack Surface Vulnerability Scanning & Remediation
Web application firewalls configuration
Code of Conduct acknowledged by contractors
Code of Conduct acknowledged by employees
Anti-malware monitoring
Intrusion detection tool
Automated system capacity and performance monitoring
Infrastructure firewall
Centralized Log Collection and Monitoring
Business continuity plans ensure emergency functionality
Business continuity & disaster recovery plans documented and tested
Security incident logging and review
Incident response procedures documented
HIPAA Incident Response Policy and Procedures
Visitor sign-in, badging, and escort policy
Documented HIPAA Security Rule policy acknowledgment
Automated decision-making policy
Internal GDPR compliance assessments performed
Downstream compliance requirements with contractors enforced
Technology assets inventoried
Annual risk assessments performed
Documented Vendor Management Program
Age verification and parental/guardian consent process enforced
Consent for processing captured via explicit opt-in mechanisms
Confidentiality Agreement acknowledged by employees
Security awareness training implemented
Background checks performed on employees
Background checks performed on contractors
Records of Processing Activities (RoPA) maintained
Whisteblower mechanism maintained
Multi-availability zones
Notification workflows regarding rectification or erasure maintained
Documentation available to internal and external users
Lawful basis assessment
Information security policies and procedures
Patch management process developed
Removable Media Use Restricted and Encrypted
Mobile Device Management (MDM) and BYOT
Production system hardening and baseline configuration management
Subprocessors
GroqAI & ML Services
OpenAIAI & ML Services
AWSCloud Infrastructure & Platform Services
Google WorkspaceBusiness Apps & Productivity