Built for organisations where compliance is not optional

Mnemo processes personal data only as described in our Data Processing Agreement. Arion Flow Ltd acts as the data processor; your organisation remains the data controller. We operate under GDPR Article 28 contracts. Deployment is EU-based with UK GDPR alignment. Data residency is configurable to meet your jurisdiction requirements.

Mnemo is a retrieval-augmented AI system, not a general-purpose AI tool. It does not make autonomous decisions that affect individuals — it assists human knowledge workers by surfacing relevant document content. This classification places it outside the high-risk AI system categories under the EU AI Act. We monitor ongoing regulatory developments and update our practices accordingly.

Every query, every document upload, every permission change, and every login is logged with a timestamp and user identifier. Audit logs are immutable and available for export. This supports internal governance requirements and external audit obligations, including FOI compliance for public sector customers.

Access is managed at the workspace level using role-based permissions. Administrators set who can view, query, or manage each workspace. Permissions can be restricted to named individuals. All access is authenticated via your chosen identity provider. There is no anonymous access to any document or query interface.

Mnemo is deployed in EU-based infrastructure by default. UK-only deployment is available. No document content, query data, or user data is processed or stored outside the agreed jurisdiction. We do not use multi-region replication that would move data across jurisdictional boundaries without explicit agreement.

Your documents are never used to train or fine-tune any AI model — ours or anyone else's. The AI models used by Mnemo are not updated or modified based on your queries or document content. This is a hard architectural guarantee, not a policy preference.