Memeri — AI & Agent Access Disclosure

Operated by: Memeri Ltd Jurisdiction: England & Wales Last updated: 24 June 2026 Contact: security@memeri.ai · support@memeri.ai

Memeri is a workspace for AI coding agents — agents you bring, running on accounts you hold, doing work on a machine you control. That arrangement is unusual enough that it deserves its own plain-language document. This disclosure explains exactly what your agents can do through Memeri, what we store about it, and where our responsibility ends and yours (and your AI provider's) begins.

This document is part of our Terms of Service and should be read alongside our Privacy Policy.


1. The model in one paragraph

You connect your own AI coding agents — for example Claude Code (Anthropic), a Custom GPT or Codex (OpenAI) — to Memeri. Memeri gives those agents two things: memory (your project context, stored on our servers) and reach (tools that act on your projects, including executing commands on your own machine through a local console you install). Memeri does not provide the AI. The model, its account, its billing, and its terms are between you and your AI provider. We host the workspace, not the intelligence and not the compute: your machine runs the work — with one exception you should know about: certain file operations can fall back to our server's filesystem when no connection to your machine exists (Section 3).


2. What your agents can do through Memeri

When you connect an agent, you are granting it real capabilities under your identity. Depending on which tools you use, an agent connected to your Memeri account can:

Some tool calls can be routed through an approval queue that requires human sign-off before execution. Approval workflows exist for some tools but are not a blanket guarantee: do not assume every agent action waits for your confirmation.

The blunt version: an agent connected to your account with the console running can do roughly anything you could do at your own keyboard. Connect agents you trust, on projects you're comfortable exposing, and supervise them the way you'd supervise any tool with shell access.

3. The local console and the tunnel

To let agents act on your machine, you install the Memeri console locally. Three things about it you should know:

  1. Traffic transits our infrastructure. Agent↔machine traffic (file contents, terminal input/output, git diffs) is relayed over a WebSocket tunnel hosted on our infrastructure. It is encrypted in transit (TLS), but it is not end-to-end encrypted — the relay sees the traffic it forwards. Terminal output can contain anything readable on your machine, including secrets you print or that commands emit. Tunnel session tokens are currently passed in URL query strings, which means they can appear in infrastructure and proxy logs.
  2. There is a server-side fallback for file operations. If no tunnel to your machine is connected, certain file tools fall back to a project workspace on our server's filesystem rather than your machine. If you assumed file operations were always local-only: they aren't.
  3. Setup modifies local configuration. Connecting Claude Code installs a session-start hook into your local Claude settings so sessions can bind to your workspace. You can inspect and remove it at any time (https://memeri.ai).

Console transcripts, scrollback, and workspace layouts live on your machine (~/.memeri-console/), not on our servers — with the important exception of conversation ingestion described in Section 4.

One browser-side note: the in-browser terminal pages load their terminal component from a third-party CDN (jsDelivr), which receives your IP address and browser metadata when those pages load. This is the only third-party call our web client makes; see the Privacy Policy.

4. What Memeri stores about agent activity

We are a memory product; storing context is the point. But you should know precisely what lands server-side when your agents work:

Retention, honestly: today, this data is retained for as long as your account exists (and currently after deactivation). We do not yet have automated retention schedules or self-serve deletion/export for agent activity data. Requests are handled manually via security@memeri.ai. We intend to ship lifecycle controls before general availability.

Where it lives: all of the above is stored on our hosting provider's infrastructure. If you are in the EU/UK, this likely involves an international data transfer — see the Privacy Policy for our transfer position.

5. Your AI provider's terms apply to your agents

Memeri does not stand between you and your AI provider. This has concrete consequences:

Memeri connects to your agent through supported, native integration points (an MCP server and a session hook) and runs the real agent software on your machine under your own login — we do not extract or impersonate your provider subscription, and we never handle your provider's credentials.

6. Memeri's own use of AI on your data

Memeri does not initiate LLM calls on your data. Synthesis, summarization, and generation happen agent-side — on your agent, your account, your keys — or not at all. Our server-side semantic search uses a local embedding model running on our own infrastructure; no text is sent to a third-party AI service to power it.

The AI in Memeri is performed entirely by the agents you connect, running under your own provider accounts. Memeri itself does not call third-party LLMs: the chat layer has been removed, and the only server-side LLM path — a workflow "llm" node — is unregistered.

7. Data about other people

Two ways your use of Memeri can involve people who never signed up:

8. Disconnecting agents and revoking access

You can withdraw the access you granted at any time:

Two practical warnings: (a) gateway API keys and auth tokens are kept in your browser's local storage, and logging out does not clear all of them — on a shared machine, clear site data for Memeri when you're done; (b) revoking access stops future agent activity but does not delete data already stored (Section 4) — deletion is a separate, currently manual, request.

9. Your responsibilities, and the risk you accept

AI agents are powerful and imperfect. By connecting agents to Memeri you agree that:

A risk we owe you in plain terms: because your connection token and our relay can reach a console running on your machine, a compromise of that token or of our infrastructure could let an attacker read tunnel traffic or attempt to act on your connected machine. We treat this as the most serious risk in the product. If we become aware of a breach affecting you, we will notify you. Report security issues to security@memeri.ai.

10. What we don't do

For clarity, as of 24 June 2026, Memeri does not:

11. Changes and contact

We will update this disclosure as the product changes — in particular when payment processing, data-lifecycle controls, or any change to Section 6 ships — and will notify active users of material changes. Questions, security reports, or data requests: security@memeri.ai.

12. Trademarks and independence

Memeri is an independent product and is not endorsed by, affiliated with, or partnered with Anthropic, OpenAI, or any AI provider. "Claude" and "Claude Code" are trademarks of Anthropic, PBC; "ChatGPT", "Codex", and "OpenAI" are trademarks of OpenAI; "GitHub" is a trademark of GitHub, Inc. We name these products only to describe what Memeri works with. "MCP" / "Model Context Protocol" is an open protocol; our use of it does not imply any endorsement by its authors.