Trust Center

A customer-facing view of the implemented security, privacy, reliability, and release controls behind XMemo.

Tenant isolation is enforced across token, SSO, role binding, MCP, and data/control-plane paths.
Production readiness fails closed for unsafe URLs, weak session secrets, missing token pepper, plaintext fallback, and unsafe rate-limit configuration.
Release engineering produces gate results, SBOM, cosign signature, SLSA provenance, and artifact verification evidence.

Security controls

XMemo separates public discovery, authenticated control plane, and data plane access. Control-plane routes require admin key, console session, or tenant-scoped user session; data-plane routes require scoped credentials.

OIDC/SSO configuration never returns plaintext client secrets.
Production token hashes should be peppered and legacy plaintext fallback disabled.
MCP network access should use provisioned bearer tokens backed by database rows.

Privacy and DSAR controls

The /me governance surface reports account-scoped data boundaries, export/delete availability, audit status, and retention ownership. DSAR workers complete export/delete requests with redacted proof metadata.

Exports exclude token hashes, API keys, invite hashes, session secrets, provider keys, database URLs, and support-bundle secrets.
Delete and forget/redaction workflows preserve auditable evidence without exposing raw memory content in public artifacts.
Auto-redaction stores safe redaction counts and status only.

Reliability and release evidence

Operations SOPs cover key rotation, backup/restore, migration rollback, incident response, capacity baselines, worker failover, and DSAR SLA. Release workflows add unit, enterprise, web, and a11y gates plus artifact signing and provenance.

Production readiness gate: python scripts/production_readiness.py.
Enterprise regression gate: python -m pytest tests/enterprise -q.
Release evidence: SBOM, cosign signature, SLSA provenance, and verification report artifacts.

Source-backed by enterprise security/privacy docs, production readiness gates, operations SOPs, and release engineering evidence.