Owning your data is the whole point.
We started local-first, and we didn't drop that the second we built a cloud. Plain files you own, isolated per tenant, encrypted, and exportable whenever you want. Here's exactly how it works. No marketing fog.
## The foundation
The strongest data-ownership guarantee is the one you don't have to trust us for. Your knowledge is plain Markdown. Portable, inspectable, and yours whether you run locally or in our cloud.
Knowledge lives in plain Markdown with YAML frontmatter. The source of truth, not a proprietary database. Read it, edit it, version it in Git, move it anywhere.
The open source app needs no cloud, no account, and no remote servers. All data stays on your machine.
Export any project as a zip, or self-host the whole thing under AGPL-3.0. The cloud adds features without ever locking your data in. Your data always leaves the way it came in.
## What the cloud adds
Running in the cloud keeps everything local gives you and adds collaboration, durability, and access from anywhere. The files stay yours; the cloud just does more with them.
Share one knowledge base across your whole team and its AI agents. With owner, editor, and viewer roles and per-project visibility.
Real-time co-editing built on CRDTs (Yjs). Every keystroke syncs across people and agents with no merge conflicts, and presence avatars show who's in a note.
Your knowledge is backed up offsite on independent, SOC 2 / HIPAA-compliant infrastructure. Durable storage you never have to manage.
Automatic daily snapshots, plus a new version on every single save. Roll a whole project back to any point, or restore a single note.
Reach your knowledge from web, desktop, mobile, and any MCP client. No local install required.
## In the cloud
Basic Memory Cloud isolates every tenant at the data layer. Separate storage, separate database, scoped credentials. Your data is never commingled with anyone else's.
Every organization gets its own isolated database and file storage in the cloud. There is no shared tenancy at the data layer. One client's data never touches another's.
Your Markdown files live in a per-tenant Tigris bucket with scoped credentials. Zero egress cost means sync-heavy AI workloads stay fast and affordable.
The knowledge-graph index runs in a per-tenant Neon Postgres database, isolated from every other tenant.
All traffic is encrypted over TLS, and your files and index are encrypted at rest in storage.
## Authentication & access
Cloud authentication uses OAuth 2.1 with PKCE and short-lived JWTs that refresh automatically. Identity is managed through WorkOS AuthKit.
Owners manage members, billing, and ownership. Editors read and write. Viewers get read-only access. Seats free up the moment a member is deactivated; their history is preserved.
Set any project to Standard (whole workspace), Shared (named editors or viewers, for hiring, contracts, or anything sensitive), or Private (creator only).
Account and access activity is logged: invitations, role changes, and member status. Owners can see who did what, and when, across both people and AI agents.
Partner and MSP deployments add Entra SSO and TOTP. Conditional access policies, just-in-time provisioning, and the option to disable alternative sign-in methods.
## Privacy
We don't collect personal data we don't need. Billing runs through Polar and identity through WorkOS, so payment details and credentials never live with us. All we hold is your email address and your notes. Your data is never sold and never used to train AI models. Read the full privacy policy.
## Compliance
The platforms we build on (Tigris, Neon, WorkOS, and Polar) are SOC 2 and HIPAA compliant, and we run real controls on top: per-tenant isolation, encryption in transit and at rest, OAuth 2.1, and enterprise SSO for partner deployments. We don't yet hold our own SOC 2 certification. If your organization has specific compliance requirements, talk to us. We'll tell you exactly what we can and can't meet.
Knowledge tools built to last
© 2026 Basic Memory - Basic Machines