How your data is held, encrypted, and exported.

Postgres RLS for tenant isolation. AES-256-GCM envelope encryption for provider credentials. Audit log on every persona, agent, tool, and conversation change. Per-subject DSAR and right-to-be-forgotten on every plan. Where we stand on SOC 2, HIPAA, and SSO. All on this page.

Or talk to sales →

Architecture

What keeps your data safe.

SELECT * FROM memory.facts

WHERE tenant_id = 'acme-7f3a'

ERROR · cross-tenant access denied

RLSpolicy enforced at the row

Postgres RLS, on every query.

Tenant scoping runs at the database, not in API code. Every connection sets app.current_tenant; the policy filters every read and write.

DEKper tenant

KEKper host

KMScloud

cached 60s · in-memory only

AES-256-GCM, envelope-encrypted.

Per-credential DEK wrapped by a Cloud KMS-managed KEK. Plaintext lives in process memory only — cached at most 60 seconds across sessions, never on disk, never in logs.

ClientTLS 1.3

APIVPC

Postgresencrypted

TLS 1.3 end-to-end · disk encryption at rest

Disk and transport, both encrypted.

Postgres on Cloud SQL with disk encryption at rest. TLS 1.3 on every public endpoint. Caches and compute live on a private VPC.

14:22:01alice@acmepersona.updatearia/v3

14:22:18alice@acmetool.attacharia/v3 ← lookup

14:23:04bob@acmeagent.createsupport-bot

14:24:12alice@acmepersona.deployaria/v3 → prod

diff · actor · timestamp

Every change, on the record.

Persona, agent, tool, and conversation changes write to an audit log with actor, timestamp, and a before/after diff. Exportable on request.

OPERATOR MODEL

Provider keys we can’t read. Conversations only your workspace sees.

Provider keys (OpenAI, Anthropic, Cartesia, ElevenLabs…) are AES-256-GCM envelope-encrypted: a per-credential DEK wrapped by a Cloud KMS-managed KEK. Plaintext is held in process memory only — cached at most 60 seconds across sessions, never on disk, never in logs, never visible to Hyponema operators through normal channels. Conversations are tenant-isolated by Postgres row-level security: app.current_tenant is set on every connection and the policy filters every query at the database layer.

Read the security docs

Provider keys

AES-256-GCM encrypted with a per-tenant data key. Never returned via API.

Anthropic
sk-ant-····qB9K · 2 days ago
encrypted
OpenAI
sk-····7nTm · 5 days ago
encrypted
Cartesia
cs-····Jp4w · 11 days ago
encrypted
ElevenLabs
xi-····R0fa · 3 weeks ago
encrypted

MCP SERVER

Already on ElevenLabs, Vapi, or Retell? Plug the engine in.

The MCP server exposes the relational memory engine — narrative arcs, emotional trajectory, session resume, supersede chains — to any MCP-aware client. Seven tools over stdio or HTTP/SSE. Namespaced bearer tokens (hypmcp_*) kept separate from the platform tokens. BYO LLM credentials so reflection and consolidation run on your bill, not ours. Five-minute integration; full graduation to the platform when you need persona drift, sleep windows, and outbound scheduling.

Read the MCP docs

MCP server token

active

hypmcp_·····························mZ8

stdio · HTTP/SSE · namespaced separately from platform tokens

retrieve_contextHybrid search · narrative-aware
save_observationImportance scored · category-floored
get_session_resumeLast topic · tone · open question
get_open_threadsPromises · follow-ups
get_narrative_arcsActive · dormant · recurring
get_emotional_trajectory14d vs 60d baseline drift
forget_subjectCascade purge · audit trail

Compliance

Where we stand on each standard.

Plain status on every standard. Last updated April 2026.

GDPR DPAStandard on every plan. EU + UK supported. available

CCPAUser access requests via DSAR endpoint. available

Data export (DSAR)Per-subject JSON export: memories, conversations, narrative arcs, audit trail. available

SOC 2 Type IIOn the roadmap. We can share our current control posture on request. planned

HIPAA BAAOn the roadmap for healthcare deployments. planned

On-prem deploymentOn the roadmap for regulated verticals. Talk to us about timelines. planned

SAML / OIDC SSOOn the roadmap for Enterprise. Okta, Azure AD, Google Workspace target. planned

Need SOC 2, HIPAA, or SSO before procurement signs off? Tell us what your buyer asks for and the timeline. We’ll share where we are and what we can commit to in writing.

Talk to us

Data export

DSAR and right-to-be-forgotten, on every plan.

Per-subject export bundles the user’s memories, conversations, narrative arcs, and audit trail as JSON. The forget cascade does the inverse: every memory, arc, thread, embedding, and transcript purged with an audit record of the deletion.

• A single user: the right to take their own data with them.
• Forgotten users: an audit trail confirming the deletion ran.
• Workspace-wide and configuration export: on the roadmap.

# Start a DSAR export for one user
curl -X POST https://api.hyponema.ai/workspaces/$WS_ID/subjects/$SUBJECT_ID/export \
 -H "Authorization: Bearer $HYP_KEY"

# Returns { id, status: "pending", ... }
# Poll the export until status is "ready":
curl https://api.hyponema.ai/workspaces/$WS_ID/dsar-exports/$EXPORT_ID \
 -H "Authorization: Bearer $HYP_KEY"

# When ready, the response includes s3_url (signed, time-limited).

Voice agents built for years, not minutes.

Bring your own keys. Join the waitlist for early access.

Or read the docs →