Back to docs

Bring Your Own Storage

Three deployment modes for hosting Mnueron data. Pick the one that matches your security posture; the responsibility split between Mnueron and your org is documented below for every mode so procurement reviews go fast.

Mnueron Cloud

Free / Basic / Pro / Team / Enterprise

We host everything. Memories, meetings, transcripts, decisions, and action items all live in Mnueron's managed Supabase. Encrypted at rest, RLS-isolated per org, daily backups handled by us. Optimal for teams that want zero ops overhead.

Mnueron is responsible for

Platform security, encryption keys, backups, uptime, RLS enforcement, vulnerability patching, compliance posture (SOC2-track), incident response, customer support.

Customer is responsible for

Choosing strong passwords + 2FA, revoking access for departed employees, sane LLM key rotation cadence, classifying which meetings should never be ingested (PHI, etc.).

Cloud + Archive (BYO bucket)

Pro+

Hot memories stay in Mnueron Cloud. Cold memories (older than your chosen threshold) auto-archive to a bucket your org controls — AWS S3, Cloudflare R2, or Backblaze B2. You hold the credentials, you pay the storage bill, you decide retention.

Mnueron is responsible for

Same as Mnueron Cloud for the hot tier. After we export a memory to your bucket we null the body and embedding from our Postgres; a lightweight stub row (id, tags, source, source_ref, metadata, archive_url, archived_at) stays so memory_recall by id still resolves. Meeting transcripts are NOT archived to BYO storage today (memories only).

Customer is responsible for

Bucket security policies (block public access, versioning, server-side encryption), access key rotation, IAM scoping (Mnueron's key needs s3:PutObject + s3:GetObject + s3:DeleteObject + s3:ListBucket — DeleteObject is exercised by the Test Connection probe that writes then cleans up a marker object), regional compliance (HIPAA BAA with AWS, etc.), cost monitoring.

Local-only / self-hosted

Free (CLI)

The mnueron CLI runs entirely on your machine. Memories live in a local SQLite database. No cloud sync, no API calls leaving the laptop (unless you configure an LLM). Strongest privacy posture; weakest collaboration.

Mnueron is responsible for

Open-source code maintenance, security advisories on CVEs in our dependencies. That's it.

Customer is responsible for

EVERYTHING: encryption at rest of the SQLite file (use full-disk encryption), backups, multi-device sync, transport security if you wire it to your own hosted backend, all compliance posture, all upgrade hygiene.

Set up BYO storage

Three backends supported today via a single S3-compatible adapter:

In-app setup: /account-settings/storage

On the roadmap

Additional BYO storage backends planned. Most ship when a customer with a use case for them asks — these aren't blocking anyone today because the S3 adapter covers ~95% of requests.

BackendStatus
Google DrivePlanned
Microsoft OneDrivePlanned
Dropbox BusinessPlanned
On-premise SFTP / NFSEnterprise contract

Important: when you bring your own storage, that storage is your responsibility

Mnueron orchestrates the writes and reads against the credentials you provide. If your bucket has a misconfigured public ACL, leaks credentials through CloudTrail logs, or is compromised by an attacker who gets your AWS root access, that is outside Mnueron's operational control. See Privacy Policy §8 (Security) and §9 (User Responsibilities) for the formal language.

If you want Mnueron to operate the full security layer on your behalf, use Mnueron Cloud paid hosting instead — we then take on the obligations described in Privacy Policy §8.

Related reading