One vault. Locked at every layer.

Every row in the vault is owned by your user ID and stored in Postgres on Supabase (US region) with TLS 1.2+ on every connection. The conversations and snippets you capture are encrypted at rest with AES-256-GCM(a unique per-row IV) under a key held only by Solum’s server, and decrypted only transiently — in server memory — to serve your reads and run the memory pipeline.

This is encryption at rest, not zero-knowledge: the server holds the key and can decrypt to do its job, so we don’t claim “we can’t read it.” What we do claim is that we never read your content except to serve it back to you and to the AIs you’ve connected. Your structured profile (facts, preferences) and uploaded file text stay as plaintext, scoped to your account by row-level security, so they remain searchable.

On the desktop app, your session credentials live in the macOS Keychain or the Windows Credential Manager — never in a plaintext config file, never in cloud sync.

Every public table in the database has row-level security on by default. Even tables only ever touched by service-role code are locked down for the anonymous and authenticated keys. The single source of truth for who can read a row is auth.uid() = row.user_id.

Mutations that span multiple tables — editing your profile, promoting a capture into the vault, replacing an existing entry — run inside a single Postgres transaction via SECURITY DEFINER functions. Either every change lands or none of them do.

Sign-in is Google OAuth only — no passwords to phish, no shared secrets to leak. The desktop app authenticates over a loopback PKCE flow: a one-shot code exchanged with an SHA-256 challenge that never leaves your machine.

Sessions are short-lived JWTs refreshed on every request through our Supabase middleware. Cookies are HttpOnly, SameSite=Lax, and Secure in production.

The Tauri client runs sandboxed against an explicit capability allow-list — only the windows, hotkeys, and OS features Solum actually uses are permitted. The macOS Accessibility API is opt-in: you grant it once during onboarding so Solum can read selected text and inject context into the app you’re writing in. We never enumerate or track other apps’ contents.

macOS builds are universal (Apple Silicon + Intel). Windows builds ship as a signed-when-possible NSIS installer. Auto-updates run against signed release manifests with a public-key check before anything is written to disk.

The extension uses Manifest V3 and requests the minimum permissions it needs: activeTab, scripting, and storage. Host permissions are scoped to the AI chat surfaces it captures from — Claude, ChatGPT, Gemini, Perplexity, Grok, and a few others — plus your Solum origin. It never reads other tabs, never injects code into arbitrary pages, and never communicates with a third-party analytics endpoint.

Captures POST directly to your Solum origin with credentials: ‘include’, authenticated by your existing browser session. There is no extension-specific API key to manage or rotate.

• We don’t train AI models on your data.
• We don’t share, sell, or rent your vault to anyone.
• We don’t read your memory for any reason except to serve it back to you, the AIs you’ve explicitly asked us to, and the engineers diagnosing a support ticket you opened.
• We don’t collect telemetry that could rebuild your activity. Aggregate, anonymized counters only — and never enough to reconstruct a session.

Every change to your profile and vault is recorded in an audit log scoped to your user ID. You can roll back any single revertible change from the Activity page. The log is rendered to you and only you.

Deleting your account from Settings triggers an immediate purge of every row tied to your user ID; the data is then permanently removed from backups on the next rotation.

If you find a security issue, email nateajmera@gmail.com with the subject line SECURITY. We’ll acknowledge within 48 hours. Please don’t disclose publicly until we’ve had a chance to fix and ship.