Memeri — AI & Agent Access Disclosure
Operated by: Memeri Ltd Jurisdiction: England & Wales Last updated: 24 June 2026 Contact: security@memeri.ai · support@memeri.ai
Memeri is a workspace for AI coding agents — agents you bring, running on accounts you hold, doing work on a machine you control. That arrangement is unusual enough that it deserves its own plain-language document. This disclosure explains exactly what your agents can do through Memeri, what we store about it, and where our responsibility ends and yours (and your AI provider's) begins.
This document is part of our Terms of Service and should be read alongside our Privacy Policy.
1. The model in one paragraph
You connect your own AI coding agents — for example Claude Code (Anthropic), a Custom GPT or Codex (OpenAI) — to Memeri. Memeri gives those agents two things: memory (your project context, stored on our servers) and reach (tools that act on your projects, including executing commands on your own machine through a local console you install). Memeri does not provide the AI. The model, its account, its billing, and its terms are between you and your AI provider. We host the workspace, not the intelligence and not the compute: your machine runs the work — with one exception you should know about: certain file operations can fall back to our server's filesystem when no connection to your machine exists (Section 3).
2. What your agents can do through Memeri
When you connect an agent, you are granting it real capabilities under your identity. Depending on which tools you use, an agent connected to your Memeri account can:
- Read your project memory — workflows, jobs, decisions, specs, notes, prior conversation context, and anything else stored in your workspace.
- Write to your project memory — create and update jobs, post work logs, record decisions, write documents.
- Read and write files — on your machine when the local console/tunnel is connected (see Section 3), and in certain configurations on our server-side project workspace (see Section 3, "the fallback").
- Execute terminal commands on your machine via the local console, with the same operating-system privileges as the user account running the console. There is no Memeri-imposed sandbox around what a command can touch on your machine.
- Run git operations and report diffs, status, and logs back into your workspace.
Some tool calls can be routed through an approval queue that requires human sign-off before execution. Approval workflows exist for some tools but are not a blanket guarantee: do not assume every agent action waits for your confirmation.
The blunt version: an agent connected to your account with the console running can do roughly anything you could do at your own keyboard. Connect agents you trust, on projects you're comfortable exposing, and supervise them the way you'd supervise any tool with shell access.
3. The local console and the tunnel
To let agents act on your machine, you install the Memeri console locally. Three things about it you should know:
- Traffic transits our infrastructure. Agent↔machine traffic (file contents, terminal input/output, git diffs) is relayed over a WebSocket tunnel hosted on our infrastructure. It is encrypted in transit (TLS), but it is not end-to-end encrypted — the relay sees the traffic it forwards. Terminal output can contain anything readable on your machine, including secrets you print or that commands emit. Tunnel session tokens are currently passed in URL query strings, which means they can appear in infrastructure and proxy logs.
- There is a server-side fallback for file operations. If no tunnel to your machine is connected, certain file tools fall back to a project workspace on our server's filesystem rather than your machine. If you assumed file operations were always local-only: they aren't.
- Setup modifies local configuration. Connecting Claude Code installs a session-start hook into your local Claude settings so sessions can bind to your workspace. You can inspect and remove it at any time (https://memeri.ai).
Console transcripts, scrollback, and workspace layouts live on your
machine (~/.memeri-console/), not on our servers — with the important
exception of conversation ingestion described in Section 4.
One browser-side note: the in-browser terminal pages load their terminal component from a third-party CDN (jsDelivr), which receives your IP address and browser metadata when those pages load. This is the only third-party call our web client makes; see the Privacy Policy.
4. What Memeri stores about agent activity
We are a memory product; storing context is the point. But you should know precisely what lands server-side when your agents work:
- Conversation transcripts. When conversation sync is active, the messages between you and your agent — your prompts and the agent's replies — are ingested to our servers per-message, along with embeddings we compute locally on our own infrastructure (no third-party embedding service). This is the most sensitive thing we hold: treat your agent conversations as stored server-side.
- Work evidence. Job updates can include files changed, commands run, and git status/diff-stat/log output that your agent captures and posts.
- Tool-call telemetry. For each tool call: tool name, status, timing, error messages, truncated parameter/result summaries, the agent's identity and session, and the job/workflow it relates to. Parameter summaries are designed to be redacted and truncated, but that filtering is best-effort and not guaranteed, and error messages are free text that can include file paths or code fragments.
- Raw tool payloads (gateway). Our gateway records full tool-call arguments and results for idempotency/reliability. These are not sanitized, can contain whatever the call contained (including file contents), and are not currently on a confirmed deletion schedule.
- Queued instructions and pending approvals. Prompts you queue for agents, and tool calls waiting in an approval queue, are stored including their full arguments.
- Agent identity and behavior. Which agents are connected (type, label, model/version metadata, last seen), persistent agent identities across reconnects, and protocol-adherence/behavior events.
- Session summaries. Aggregated development-session telemetry, including primary working directories and file paths — which often embed your OS username.
Retention, honestly: today, this data is retained for as long as your account exists (and currently after deactivation). We do not yet have automated retention schedules or self-serve deletion/export for agent activity data. Requests are handled manually via security@memeri.ai. We intend to ship lifecycle controls before general availability.
Where it lives: all of the above is stored on our hosting provider's infrastructure. If you are in the EU/UK, this likely involves an international data transfer — see the Privacy Policy for our transfer position.
5. Your AI provider's terms apply to your agents
Memeri does not stand between you and your AI provider. This has concrete consequences:
- Everything a tool returns goes to your provider. When your agent reads project memory, a file, a git diff, or terminal output through Memeri, that content becomes part of your conversation with your AI provider (Anthropic, OpenAI, etc.) and is handled under their terms — including their data retention and model-training policies, as configured on your account.
- Their rules are your rules. You are responsible for using your agents in compliance with your provider's terms of service and usage policies. Memeri does not resell model output, does not pool or share provider accounts across users, and does not cache model output for resale.
- We are not a party to that relationship. Provider outages, account suspensions, pricing changes, or terms changes are between you and your provider.
Memeri connects to your agent through supported, native integration points (an MCP server and a session hook) and runs the real agent software on your machine under your own login — we do not extract or impersonate your provider subscription, and we never handle your provider's credentials.
6. Memeri's own use of AI on your data
Memeri does not initiate LLM calls on your data. Synthesis, summarization, and generation happen agent-side — on your agent, your account, your keys — or not at all. Our server-side semantic search uses a local embedding model running on our own infrastructure; no text is sent to a third-party AI service to power it.
The AI in Memeri is performed entirely by the agents you connect, running under your own provider accounts. Memeri itself does not call third-party LLMs: the chat layer has been removed, and the only server-side LLM path — a workflow "llm" node — is unregistered.
7. Data about other people
Two ways your use of Memeri can involve people who never signed up:
- Linked repositories. If you link a git repository, we poll its commit activity, which includes commit author names and email addresses — including co-workers and open-source contributors who are not Memeri users. Only link repositories you have the right to connect.
- Whatever your agents bring in. Conversations, files, and repo contents may contain personal data about third parties. You are responsible for having a lawful basis to process that data in your workspace.
8. Disconnecting agents and revoking access
You can withdraw the access you granted at any time:
- Disconnect an agent from your workspace in the product, which unbinds it from your jobs and sessions.
- Regenerate your connection token to cut off anything still holding the old one. Be aware the token is long-lived and is what authenticates your agents — treat it like a password.
- Stop the local console (and uninstall it) to remove all ability for agents to execute anything on your machine. No console, no execution.
- Remove the session-start hook from your local Claude settings (https://memeri.ai).
Two practical warnings: (a) gateway API keys and auth tokens are kept in your browser's local storage, and logging out does not clear all of them — on a shared machine, clear site data for Memeri when you're done; (b) revoking access stops future agent activity but does not delete data already stored (Section 4) — deletion is a separate, currently manual, request.
9. Your responsibilities, and the risk you accept
AI agents are powerful and imperfect. By connecting agents to Memeri you agree that:
- You supervise your agents. Agent actions on your machine run with your privileges. You are responsible for what your agents do — files modified or deleted, commands executed, code committed, resources consumed — as if you performed those actions yourself.
- Agent output is not warranted. Code, analysis, decisions, and summaries produced by your agents (including anything stored in Memeri's memory surfaces) may be wrong, insecure, or incomplete. Review before you rely on it, especially before deploying to production.
- Stored memory is agent-written. Much of what Memeri displays — decisions, intelligence items, work logs — was written by an AI agent. Treat it as a record of what an agent said, not as verified fact.
- Don't point agents at data you can't expose. If a machine, repo, or directory contains data you are not permitted to share with your AI provider or store with us, don't connect it.
- Use agents lawfully and only on systems you're authorized to touch. Don't direct agents through Memeri at machines, accounts, networks, or repositories you don't control or have permission to act on, and don't use them for unlawful activity.
- Beta means beta. Memeri is in private beta. Expect rough edges, including in the security and lifecycle areas flagged in our Privacy Policy.
A risk we owe you in plain terms: because your connection token and our relay can reach a console running on your machine, a compromise of that token or of our infrastructure could let an attacker read tunnel traffic or attempt to act on your connected machine. We treat this as the most serious risk in the product. If we become aware of a breach affecting you, we will notify you. Report security issues to security@memeri.ai.
10. What we don't do
For clarity, as of 24 June 2026, Memeri does not:
- Provide, resell, or proxy AI model output as a service — you bring your own agents and accounts.
- Run agents autonomously on your machine without a console you installed and a connection you initiated.
- Use third-party tracking, analytics, or advertising in the product, or set tracking cookies.
- Send your content to third-party AI services for platform features.
- Train AI models on your data.
- Capture, store, or relay your AI provider's credentials. Memeri never reads, copies, or transmits your Anthropic, OpenAI, or other provider login, API key, or OAuth token. Your agent authenticates to its provider entirely on your own machine; Memeri only sees what a tool call returns, never the credential behind it.
11. Changes and contact
We will update this disclosure as the product changes — in particular when payment processing, data-lifecycle controls, or any change to Section 6 ships — and will notify active users of material changes. Questions, security reports, or data requests: security@memeri.ai.
12. Trademarks and independence
Memeri is an independent product and is not endorsed by, affiliated with, or partnered with Anthropic, OpenAI, or any AI provider. "Claude" and "Claude Code" are trademarks of Anthropic, PBC; "ChatGPT", "Codex", and "OpenAI" are trademarks of OpenAI; "GitHub" is a trademark of GitHub, Inc. We name these products only to describe what Memeri works with. "MCP" / "Model Context Protocol" is an open protocol; our use of it does not imply any endorsement by its authors.