Memophant
Get notified at launch

Security & data handling

Built for the paranoid developer.

Memophant runs locally. Your memory lives in your git repo as plain markdown. We don't hold your data, we don't see your code, and we don't train on anything you write. Here are the specifics.

Data residency

Your memory is just files in your repo.

Memophant doesn't host your memory. It doesn't sync your memory to a server. It doesn't even back up your memory. Everything you write lands as plain markdown in your git repository — .memory/, wiki/, design/, code/, sessions/, TASKS.md — and stays there. Your memory's durability is your repo's durability.

  • No Memophant cloud. There is no SaaS backend storing your notes.
  • No required network. The memory engine, the code index, the kanban, the wiki — all work offline.
  • Standard formats. basic-memory grammar, markdown wiki pages, CommonMark prose. Portable to any tool.
  • CloudKit only for projection. SwiftData/CloudKit sync the project registry + per-project settings between your Macs. Memory itself is never in CloudKit.

Secret-scan

Two-tier scan, on every commit and every publish.

Every commit Memophant orchestrates runs through a two-tier scan before anything reaches git. Hard-tier matches block the commit outright. Soft-tier matches warn and require explicit override. The same scan also gates every wiki publish to GitHub.

  • Hard tier — block on match: OpenAI/Anthropic-style keys, GitHub fine-grained PATs, classic tokens, Slack tokens, AWS access keys, Google API keys, private-key PEM/OpenSSH headers, plus a user blocklist.
  • Soft tier — warn on match: assignment lines whose key name reads as a secret (password, api_key, secret_key, token, auth_token, bearer). Override is explicit, per-line, and audited.
  • User blocklist at .memophant/wiki-blocklist.txt (gitignored) — one literal pattern per line for personal IPs, hostnames, internal URLs you never want in a public wiki.
Commit sheet showing the secret scan — blocked tokens, warnings for key-like assignments, and an explicit override path.

Credentials

Keychain only. No plaintext on disk.

Memophant uses the macOS Keychain for credentials — the Anthropic API key for Claude features, anything else you ask it to remember. Nothing is written to plaintext config files. Nothing is committed.

  • Anthropic API key — Keychain, scoped to the Memophant bundle ID.
  • GitHub authentication — Memophant defers to the gh CLI (which stores its own auth via macOS Keychain).
  • Vercel, Resend, etc. — credentials for the marketing infrastructure are environment variables on the host that serves the site, not in the macOS app.
  • No .env file in the user's home directory. No JSON config blobs holding tokens.

What we don't collect

No telemetry. No phone-home.

The Memophant macOS app does not send usage data, crash logs, or analytics anywhere. AI features (Distill, Run with Claude) call the Anthropic API directly from your machine — Memophant never sees the prompts or responses.

  • No app telemetry, no usage analytics, no crash reporter unless you opt in.
  • AI features call Anthropic's API with your key, from your machine. No proxy.
  • The marketing site (memophant.co) uses Vercel Analytics — cookie-less, anonymized. No personal identifiers.
  • The waitlist stores only the email you give it. No fingerprinting, no enrichment.

Continuity

If we ever disappear, the source becomes yours.

The hardest security property for an indie tool isn't encryption — it's continuity. Memophant adopts the Heirloom License: 12 months of dormancy without a maintenance signal AND 90 days without a support response triggers Sunset, and the source converts to MPL-2.0 automatically. Source-available the day it stops being maintained, irrevocably, for everyone.

  • Heirloom License v1.0, variant HL-1.0-MPL2.0-12mo.
  • Mechanical Sunset — no committee, no court, no judgment calls.
  • Public Heartbeat Record at memophant.co/.well-known/heirloom-heartbeat.json (a public storefront repo is on the roadmap).
  • Contract obligation independent of the dead-man's-switch automation — the license body covers the case where the automation also fails.
Read the Heirloom guarantee in full →

The shortest version

Memophant operates on files in your git repo, with credentials in your Keychain, and a two-tier secret scan between you and every commit. The app never sees your data; the company doesn't exist between you and your repo.