Privacy & security

Memory is intimate data. innernet's defensive posture is documented in three places:

/privacy — the user-facing privacy policy.
/terms — terms of service.
SECURITY.md in the repo — the full threat model, audit findings, and migration plan.

The short version

Row-level security on every table. Cross-user reads are rejected at the database, not just the application.
Tokens hashed at rest. A DB dump does not produce usable credentials.
Service-role behind the auth gate. The MCP route validates your bearer token application-side, then uses a server-only key to call locked-down RPCs. The public anon key cannot read or write your data.
Optional encryption at rest for dimensions, per project, with a passphrase only you hold. The database operator cannot read encrypted content. If you lose the passphrase, the content is unrecoverable — we say so before you enable it.
Audit log of privileged events on your account. You can read your own log; we cannot edit it.
Export and delete are one-click from /account. Deletion is immediate and irreversible; backups purge within 30 days.

End-to-end encryptionthrough the AI's context window. Once your AI client reads a dimension, the content is in the AI provider's process and possibly their logs. We document this, we don't prevent it.
Tamper-evident commits.The commit log is append-only by convention; we don't sign commits today.
Multi-region failover. Single region, single point of failure for now.

Open a private security advisory at github.com/johntremendol/innernet/security/advisories/new. We triage within 72 hours.