Trust center
Memory you can prove.
Dijin states its privacy plainly: what's protected today, and what's still in preparation. No weasel words. Your memory is owner-signed and portable, and every answer either comes with its evidence or doesn't come at all.
Cloud Intelligence: your consent boundary
One switch decides whether Dijin extracts memory from what you save. With it off, recall stays empty. With it on, extraction happens in flight and the plaintext is discarded once the job finishes.
Cloud Intelligence OFF
Nothing leaves the device. Cloud Intelligence is the consent boundary, turning it ON sends the segments you choose to the cloud worker for extraction.
Cloud Intelligence ON
Cloud-processed: chosen segments extracted in worker memory, then discarded. Derived claims sync to your account; owner-signed DMF is the portable source of truth (the encrypted at-rest vault is in preparation).
Two lanes, never mixed
How a memory reaches Dijin decides what we can see, and we never blur the two.
Owner-Attested
Memory you save directly is owner-signed (DMF, Ed25519). You attest to it, and Dijin stores and recalls it. The owner-signed vault that makes this end-to-end is still in preparation.
Connector-Attested
Memory from a connected app (Teams, GitHub, Linear…) arrives through that app's own pipeline. We disclose every sub-processor along that path, and we never pretend a vendor didn't see it.
Live today
Each maps to shipped, source-verified code.
- security.statusLive
Encrypted in transit
Every sync runs over TLS 1.3. Nothing crosses the network in the clear.
- security.statusLive
Owner-signed, verifiable offline
Your memory is a DMF archive signed with your key (Ed25519). Any reader, whether that's Dijin or a third party, can verify it without trusting our servers.
- security.statusLive
Tamper-evident access log
Every claim and access is hash-chained and append-only. The chain is independently verifiable from any device.
- security.statusLive
Evidence, or "I don't know"
Every answer carries its source, valid time, and trust tier. When Dijin can't ground a claim, it refuses instead of guessing.
In preparation
We won't claim these until they ship. Today, stored data is plaintext at rest.
- security.statusInPrep
Encryption at rest
At-rest encryption of your synced memory is on the roadmap. Today we protect it in transit (TLS) only.
- security.statusInPrep
Owner-signed vault
A vault that binds your memory under a key derived on your own devices is in preparation. It makes the full custody chain provable offline.
- security.statusInPrep
Device-held keys
Keys that only ever live on your devices (so we genuinely can't read your content) arrive with the vault. We don't claim "your keys" until then.
How does it compare?
Six privacy properties measured against four widely-used products and Dijin. Every cell is verifiable; no marketing adjectives.
| How does it compare? | WhatsAppEncrypted messaging | iCloud (default)Default cloud posture | iCloud (Advanced Data Protection)Opt-in user keys | SignalEncrypted messaging | DijinMemory Layer |
|---|---|---|---|---|---|
End-to-end encrypted at rest by defaultStored content is unreadable by the provider, without any user opt-in step. | PartialBackups historically separate posture. | NoApple holds the keys for several data classes. | YesUser opt-in. | YesDefault posture for messages. | NoIn preparation, at-rest encryption and the owner-signed vault are on the roadmap (TLS in transit today). |
You hold the keysThe decryption material derives from a phrase only your devices ever see. | Partial | No | Yes | Yes | PartialPartial, your recovery phrase derives an owner key held on your device today; binding it to your synced cloud memory (the owner-signed vault) is in preparation. |
Open, portable export formatYou can take your data out and verify it offline with a publicly documented standard. | No | Partial | Partial | Partial | YesDMF, RFC-tracked, signed, conformance-vector tested. |
Server-side ML on metadataDoes the provider run machine-learning models over your metadata for ranking or recommendations? | Yes | Yes | Yes | Yes | NoNo metadata is fed to any third-party ML model for training. |
Independently verifiable chainA regulator, auditor, or you can re-derive the integrity of stored claims without trusting the runtime. | No | No | No | Partial | YesHash-chained audit log; `dijin verify` re-runs the chain offline. |
AI integrations preserve your evidence-bound memory contractWhen you connect Dijin (or your data) to an external AI, the encryption guarantees survive the handshake. | Not applicable | Not applicable | Not applicable | Not applicable | PartialMCP scopes are read-only by default; every grant is auditable; Lock B signed footer never strips. |
Verified properties as of 2026-05. Updated as vendor postures change.
Don't trust us. Verify.
Every claim is hash-chained. The chain is independently verifiable from any device.
Paste a signed DMF archive and check its Ed25519 signature in your browser. The Memory Kernel boundary (cite-or-refuse) is identical on Web, Tauri, iOS, and Android.
Eight scopes, least privilege by default
AI clients request only what they need. Two scopes carry extra gates.
memory.summary
Read high-level summaries only.
memory.decisions
Read confirmed decisions and their rationale.
memory.entities
Read people, projects, and things in your memory graph.
memory.evidence
Read the evidence pack behind an answer.
memory.conflicts
Read where claims disagree or were superseded.
memory.audit
Read the tamper-evident access log.
memory.transcript.read.raw 🔒
The raw source text. Highest trust, and device-confirmed before it's released.
memory.write 🔒
Propose memory back. Gated; never granted by default.
Subprocessors
External services we use to operate Dijin, and what they see. Add/remove changes are reflected here and announced via DPA notification when material.
Supabase (Stockholm)
Authenticated kg.* rows (claims, entities, evidence, audit_logs) under per-user RLS. Operates the Postgres + Edge Functions substrate.
Cloudflare R2
Owner-signed encrypted DMF archives (vault canonical) + audit snapshots. Object content is ciphertext; bucket metadata is operational.
Vercel
Web app hosting + serverless function execution. Request logs (URL, method, status, latency) for operability; no request body content is retained.
Google Gemini (embeddings)
Query text and derived claim text, sent to produce vector embeddings for recall ranking. Not raw transcript plaintext.
Anthropic Claude (extraction + Memory Kernel composer)
Two Cloud Intelligence ON paths: (1) extraction — raw segment plaintext ephemerally during one extraction job, to derive entities and claims (held only for the job, discarded after); (2) answer-time — an EvidencePack (already-derived claims + their citations) plus the user's query text, to compose grounded answers under the composer-only policy (Memory Kernel S3); the LLM never authors a fact, only cites the pack.
Paddle (web billing)
Web subscription transactions (Pro annual, Plus annual). Acts as Merchant of Record; sees billing identity + card details (Dijin does not). Plus on iOS/iPadOS/macOS is billed by Apple App Store, not Paddle.
Cloudflare Turnstile
Sign-up / sign-in challenge tokens. Bot-mitigation challenge result only; no Dijin content crosses.
What a legal request can reach
We tell you the truth about today, not the marketing of tomorrow.
Today (plaintext at rest)
Because at-rest encryption isn't shipped yet, a valid legal order could compel the memory you've synced, your account records, and access logs. We don't pretend otherwise.
With the vault (in preparation)
Once the owner-signed vault ships, your content becomes unreadable to us. A request could reach only ciphertext, timestamps, and account records. We'll update this page the day that's true, not before.
Security Contact
We take security seriously. If you have a concern about the security of our product, we welcome your input:
[email protected]