MemNexus is in gated preview — invite only. Learn more
← Back to Trust Center

MemNexus Subprocessor List

Last updated: 2026-04-28 Review cadence: Updated whenever a subprocessor changes Contact: [email protected]

Overview

MemNexus uses the following third-party subprocessors to deliver our service. Each subprocessor is listed with its purpose, the categories of customer data it processes, its processing location, and its current operational status.

We publish subprocessor changes to this page and notify customers via email prior to adding new subprocessors. Subscribe by emailing [email protected].

Current Subprocessors

| Subprocessor | Purpose | Data Processed | Location | Status | |---|---|---|---|---| | Anthropic | Knowledge extraction (LLM-based entity, fact, and topic extraction via Claude API) | Memory content (sent as plaintext for extraction) | US | Active | | Cloudflare | Marketing-site hosting (Cloudflare Pages via @cloudflare/next-on-pages), DNS for memnexus.ai, edge TLS termination for the marketing site | Visitor IP address, request metadata, and marketing-site form submissions (e.g., waitlist email address, newsletter email address, contact-form contents). No customer memory content — that flows directly between client SDKs and api.memnexus.ai (Azure-hosted). | Global edge (US-anchored) | Active | | Microsoft Azure | Cloud infrastructure — Azure Kubernetes Service (AKS), managed disks, Azure Key Vault, Azure Container Registry; also Azure OpenAI for extraction (gpt-4o-mini) | All customer data: memories, user profiles, encryption keys (wrapped per-user keys), graph data (entities, facts, topics, relationships), API keys (hashed), audit logs; memory content sent in plaintext to Azure OpenAI for extraction | US East 2 (Azure region) | Active | | Neo4j | Graph database (self-hosted on Azure AKS) | Memories (encrypted at rest), entities, facts, topics, patterns, conversations, relationships, user profiles | US East 2 (co-located with AKS cluster) | Active | | OpenAI | Embedding generation (historical primary, currently inactive). Credentials retained for graceful-degradation fallback only. | Memory content would be sent as plaintext for vector generation if reactivated | US | Inactive — fallback credentials retained; no live traffic | | PostHog | Product and marketing analytics (page events, telemetry) — us.i.posthog.com | Pseudonymous user identifiers, page-view events, browser/device metadata (no customer memory content) | US | Active | | Resend | Transactional email delivery (account deletion confirmations, verification emails, waitlist communications) | User email addresses | US | Active | | Sentry | Error tracking and performance monitoring for customer-portal and mcp-server | Error stack traces, user agent, redacted request context (no customer memory content) | US | Active | | Stripe | Payment processing, subscription management, invoicing | User email address, billing information, subscription status, payment method tokens | US | Active | | Voyage AI | Embedding generation (voyage-3.5, 1024d) | Memory content (sent as plaintext for vector generation) | US (api.voyageai.com) | Active — primary embedding | | WorkOS | Authentication (AuthKit), Single Sign-On (SAML 2.0 / OIDC), organization management | User email address, name, profile information, organization membership, SSO configuration | US | Active |

Infrastructure Subprocessors

These subprocessors provide foundational infrastructure and do not directly process customer memory content:

| Subprocessor | Purpose | Data Processed | Location | |---|---|---|---| | GitHub | Source code hosting, CI/CD pipelines (GitHub Actions) | Source code, build artifacts (no customer data) | US | | Docker Hub / GitHub Container Registry | Container image hosting | Application container images (no customer data) | US |

Data Processing Notes

  1. Encryption at rest: Customer memory content and sensitive fields (13 of 14 field types) are encrypted with AES-256-GCM-SIV at the application level before storage in Neo4j. The database stores ciphertext for these fields.

  2. Voyage AI data handling (primary embedding): As of v1.81c (2026-04-23), Voyage AI is the primary embedding provider in production. Memory content is sent to Voyage AI for vector generation (voyage-3.5, 1024d). Voyage AI's API does not use submitted data for model training. MemNexus does not opt in to training. See core-api/src/services/embedding.service.ts and core-api/k8s/deploy/values-prod.yaml.

  3. OpenAI data handling (currently inactive): OpenAI was the embedding provider before the v1.81c flip and credentials are retained for graceful-degradation fallback only. The dual-write secondary path (DUAL_WRITE_OPENAI_EMBEDDINGS) is set to "false" in production. No memory content is currently sent to OpenAI. If OpenAI is reactivated (either as primary or via dual-write), this list will be updated and customers will be notified before that change takes effect.

  4. Anthropic data handling: Memory content is sent to Anthropic's Claude API for entity, fact, and topic extraction. Anthropic's API data policy states that API inputs and outputs are not used for model training by default. MemNexus does not opt in to training.

  5. Stripe data minimization: MemNexus shares only the minimum data required for payment processing. Full payment card details are handled entirely by Stripe and never touch MemNexus infrastructure.

  6. WorkOS data handling: WorkOS manages authentication credentials (passwords, SSO tokens). MemNexus does not store user passwords.

  7. Cloudflare data handling: Cloudflare hosts the public marketing site (memnexus.ai) via Cloudflare Pages and provides DNS and edge TLS. Cloudflare processes standard web request metadata (visitor IP, request headers, response codes). The marketing site exposes server-side route handlers under marketing-site/app/api/ for waitlist signup, newsletter signup, and contact form submission (/api/waitlist, /api/newsletter, /api/contact). Form bodies for those routes — typically an email address and free-text contact-form contents — pass through the Cloudflare edge. Cloudflare does NOT see customer memory content: the application API (api.memnexus.ai) terminates on Azure and is not fronted by Cloudflare.

  8. PostHog data handling: PostHog receives analytics events from marketing-site/ and customer-portal/ (page views, click events, browser/device metadata). It does not receive memory content or extracted knowledge. Consent gating is applied via the marketing-site analytics consent module. Identifier scheme: PostHog distinct IDs are pseudonymous, not anonymous. For authenticated customer-portal sessions, the distinct ID is the MemNexus user ID (set via posthog.identify(userId, ...)). For pre-signup marketing-site visitors, the distinct ID is a per-browser pseudonymous identifier minted by the PostHog SDK. Per GDPR Recital 26, pseudonymous data is personal data; we treat PostHog telemetry accordingly.

  9. Sentry data handling: Sentry receives error reports and performance traces from the customer portal and MCP server. Request bodies and PII fields are scrubbed via the standard Sentry SDK redaction; only stack traces, error types, and minimal request context are retained.

  10. Neo4j hosting: Neo4j runs as a self-hosted deployment on the MemNexus Azure AKS cluster, not as a managed third-party service. It is listed here for transparency because it is a third-party software component that processes customer data.

Subprocessor Change Notification

We publish subprocessor changes to this page and notify customers via email prior to adding new subprocessors. Subscribe by emailing [email protected].

Questions

For questions about our subprocessors or data processing practices, contact [email protected].