If your agent stores memory through AgentRAM, that data is your responsibility to your users and our responsibility to you. This page explains exactly what we do to honour that responsibility. No claims we cannot back up. No language we cannot explain.
AgentRAM stores only what you explicitly write through the API. We do not collect browser data, usage patterns, or metadata beyond what is necessary to operate the service.
| Data | What we do with it |
|---|---|
| Your email address | Used to identify your account and send service-critical messages. Never shared with third parties. Never used for marketing without your consent. |
| Your API key | Stored as a hashed reference. Even we cannot read your raw key after it is issued. Keep it private. |
| Memory values you write | Stored encrypted at rest. Accessible only to requests authenticated with your API key. Permanently deleted when you call DELETE /memory. |
| Credit balance | Stored and updated atomically. Deducted only on successful operations. Refunded automatically on failure. |
All stored data is encrypted at rest. The database never holds plaintext memory values in an unprotected state.
Every API key maps to a private namespace. Requests can only read and write memories belonging to their own key. There is no way to access another account's data through the API.
Every endpoint has a rate limit. This protects against automated abuse, credential stuffing, and excessive consumption that could affect other customers.
Every field is validated, sanitised, and length-limited before it touches the database. We reject unexpected input types, oversized payloads, and missing required fields at the edge.
Every response includes standard security headers including content-type enforcement, frame denial, and HTTPS-only transport policy.
Credit deductions and memory writes happen atomically. If either step fails, both are rolled back. You cannot be charged for an operation that did not complete.
Every payment is verified server-side using a cryptographic signature from our payment processor before credits are added to any account.
All traffic to the AgentRAM API travels over HTTPS. Plain HTTP requests are rejected. Credentials are never transmitted in an unencrypted form.
We believe in honesty over marketing language. AgentRAM launched in May 2026. We have implemented the security measures described on this page. We have not yet completed a third-party penetration test or applied for SOC 2 certification. We will update this page when we do.
If your organisation requires specific certifications before using an API, contact us and we will give you an honest answer about our timeline.
If you find a security vulnerability in AgentRAM, we want to know about it. We ask that you give us reasonable time to investigate and address the issue before publishing details publicly.
Send a description of the issue, the steps to reproduce it, and the potential impact to our security address. We will acknowledge your report within two business days and keep you updated as we investigate.
security@agentram.devIf you have a question about how AgentRAM handles your data that this page does not answer, email hello@agentram.dev. We will respond within one business day.
Last updated: May 2026
© 2026 AgentRAM. All rights reserved.