Skip to main content

Trust Center

MnemoShare's compliance posture and security architecture. The statements below are MnemoShare's authoritative representations and may change over time.

Certifications & compliance status

SOC 2

Type II examination in progress

As of July 8, 2026

MnemoShare is engaged in a SOC 2 Type II examination (engagement letter executed; available on request). The Services are operated on SOC 2 compliant infrastructure. MnemoShare does not represent that the Services or MnemoShare are 'SOC 2 certified,' and does not warrant that the examination will result in an unqualified report or be completed by any particular date.

Report available on request

HITRUST CSF r2

In certification

As of July 8, 2026

MnemoShare is in certification for HITRUST CSF r2 (engagement letter executed). MnemoShare does not represent that it is HITRUST certified, and does not warrant that certification will be achieved or achieved by any particular date.

FedRAMP

Not authorized

As of July 8, 2026

The Services are not FedRAMP authorized.

HIPAA

Shared responsibility

As of July 8, 2026

MnemoShare does not make a general representation that the Services are 'HIPAA compliant.' HIPAA obligations are addressed through the shared-responsibility framework of the BAA (SaaS), to the extent executed and applicable, and through Exhibit C (Self-Hosted).

Security & architecture posture

  • Zero Trust architecture with credential-free, hardware-bound ephemeral identity per session — no persistent SSH keys, API tokens, or standing service accounts.
  • Each SaaS customer runs a fully isolated instance; MnemoShare holds no plaintext access to customer data (customer-managed keys supported).
  • Application-layer encryption with customer-managed keys.
  • Immutable, hash-chained audit trails with WORM export.
  • Three-tier data-loss prevention (regex + Microsoft Presidio + AI classifier) on email routed through MnemoShare's mail server.

Documents & reports

The following are available on written request, subject to confidentiality. They are not public downloads; our security team will complete a confidentiality step before sharing.

  • SOC 2 reportProvided under NDA
  • Security overview / whitepaper
  • Data Protection Addendum (DPA)
  • Business Associate Agreement (BAA)

Request documents

Documents requested

Last updated July 8, 2026

Change history
  • July 8, 2026Initial publication.