Security and trust, built into every layer.
Memrov is built on Amazon Web Services using HIPAA-eligible services throughout the stack. Encryption, access isolation, and continuous monitoring are not add-ons — they are defaults.
How we protect your data
Encryption at rest & in transit
Every byte stored on Memrov is encrypted with a customer-managed AWS KMS key. Data in transit is enforced over TLS — our S3 buckets reject all plain-text HTTP connections.
Four isolated encryption keys
Identity, clinical, research, and operational data each use a dedicated KMS key. A compromise of one key cannot expose data from another domain.
Point-in-time recovery on all tables
Every DynamoDB table has continuous backups enabled, giving us the ability to restore to any second in the last 35 days without data loss.
Uploads expire automatically
Raw file uploads are stored in private, encrypted S3 buckets and subject to a 7-day lifecycle expiration policy. We keep only what we need, for only as long as we need it.
Private storage, no public buckets
All S3 buckets have BlockPublicAccess set to BLOCK_ALL. Your data is never exposed to the public internet — access is routed exclusively through authenticated AWS service calls.
Continuous monitoring & audit logs
CloudWatch collects runtime metrics and logs from every service in the stack. Access logs are retained for 90 days, giving us a full audit trail of every interaction with stored data.
Every service is HIPAA-eligible.
AWS maintains a published list of services that satisfy the technical safeguard requirements of HIPAA. Memrov uses only services from that list — no exceptions.
We are working toward a formal Business Associate Agreement (BAA) with AWS and a third-party HIPAA attestation. In the meantime, our architecture is designed to meet those requirements today.
Four separate keys. Zero cross-domain exposure.
Authentication data, Cognito user records
Personality reports and analysis results
Opt-in research data, isolated by design
Operational logs and infrastructure data
All keys are customer-managed via AWS KMS. A compromise of one key cannot expose data from another domain.
Common questions
Is Memrov HIPAA compliant?
Every AWS service we use — S3, DynamoDB, Lambda, Cognito, CloudFront, Bedrock, Step Functions, SQS, SNS, and CloudWatch — is on AWS's published list of HIPAA-eligible services. Our infrastructure is designed to meet HIPAA technical safeguard requirements. We are actively working toward a formal BAA and HIPAA attestation.
Who can access my data?
Your data is only accessible through authenticated API calls. Internal AWS services communicate through scoped IAM roles — no shared passwords or broad service accounts. Raw uploads are processed and then subject to expiration; we do not retain your original files indefinitely.
How is my personality report protected?
Your finalized report is stored in an encrypted DynamoDB table using a dedicated customer-managed KMS key. It is never used by other Memrov products (like Memrov AI or Match) without an explicit opt-in from you.
Is research data kept separate?
Yes. Research is treated as a completely separate consent lane with its own KMS key (ResearchKey). Opting into a research study does not change how your consumer profile is stored or processed.
Where is my data stored?
All data is stored in AWS infrastructure. Memrov does not transfer your data to third-party countries or sell it to data brokers.
Your insights. Your data. Your control.
Take the Memrov personality test and start building your profile on infrastructure designed to protect it.
Get your personality report