All data you enter into Memo remains yours, and we are committed to ensuring that your data is kept safe and confidential. Your private data will not be accessed by our team except as absolutely needed to resolve issues.
Memo production data is regularly backed up to Amazon S3 and all backups are encrypted. S3 is the leading online file storage service (used notably by Dropbox, Pinterest, and Tumblr).
You’ll always have the option to export your data out of Memo.
Memo uses Amazon Web Services (AWS) to host all of our applications and static resources. They’re one of the top hosting providers in the world – used by companies like Slack, Atlassian, Adobe and Intuit.
Only Memo engineers have access to these machines, via key-based SSH login. We update system software whenever updates are available. To learn more, read about AWS security policies.
All Memo servers and databases are co-located in a secure and isolated Virtual Private Cloud (VPC). No other AWS customers can access Memo servers. Additionally, external-facing Memo servers are isolated from internal servers for increased security.
Memo exclusively communicates with HTTPS: the content of your data is never sent on the network in the clear. Memo data is encrypted both when it is transferred to and from our servers. Our SSL certificates use 2048 bit RSA keys, signed with SHA-256.
We use the secure OAuth 2.0 protocol to access data from your Slack account on your behalf, without the need for us to ask nor store your username and passwords. The OAuth protocol ensures that Memo never sees your Slack password, and that we can only access data you have explicitly authorized us to access.
We can not read and do not store any of your team’s messages, with the following exceptions: messages that were explicitly tagged for Memo, direct messages sent from a user to Memo and teams that have explicitly opted-in to share their messages (default is opt-out).
We intend for Memo to be around for the long haul. However, if the service were ever to shut down, we would give plenty of notice to all users, and a way to download all of your data in an open and widely supported format (e.g.: Markdown).
Our engineers have experience working on highly reliable, scalable, and secure systems at companies like Google, Twitter, Facebook and Microsoft. We always have someone on call to address any issues or outages as fast as possible.
If you have any remaining questions or concerns about Memo’s security, don’t hesitate to reach out to firstname.lastname@example.org.