Skip to main content

Privacy & Security

BaseLayer takes security seriously. Your data is protected with industry-standard security practices at every layer — from authentication and database isolation to encrypted transport and minimal data collection.

Cloud architecture

BaseLayer stores your memory in a cloud database so it’s accessible from any device and any AI tool you connect. Whether you’re using the desktop app, the Chrome extension, or a remote MCP connection, your entities, facts, and conversation history are available wherever you need them.

Database security

Your data is stored in PostgreSQL with Row-Level Security (RLS). Each user’s data is isolated at the database layer. RLS policies ensure that every query can only return data belonging to the authenticated user — there is no application-level filtering to bypass. Even if a bug were introduced in application code, the database itself enforces tenant boundaries.

Authentication

BaseLayer uses Firebase Auth for identity management. You can sign in with:
  • Magic link — a one-time link sent to your email
  • GitHub OAuth
  • Google OAuth
Sessions are managed with JWT tokens. Auth tokens are stored securely in your operating system’s native credential store:
  • macOS: A dedicated Keychain file (baselayer.keychain-db)
  • iOS: Native Keychain
Tokens are never stored in plaintext config files or browser localStorage.

Encryption in transit

All communication between BaseLayer clients and servers uses HTTPS/TLS. The Chrome extension provides an additional layer of protection: conversation data is encrypted with AES-256-GCM before transmission to the BaseLayer API. Encryption keys are derived using PBKDF2-SHA256 with 600,000 iterations via the Web Crypto API.

Chrome extension privacy

The Chrome extension only activates on supported AI chat sites. It does not track your browsing, read content on other websites, or run in the background on unrelated pages. Supported sites:
  • Claude (claude.ai)
  • ChatGPT (chatgpt.com)
  • Gemini (gemini.google.com)
  • OpenRouter (openrouter.ai)
  • Open WebUI

What BaseLayer can access

BaseLayer is a cloud service. To provide search, recall, and cross-device sync, your data is stored on our servers and is accessible to our systems.
DataAccessible to BaseLayer?
Conversation contentYes — stored in cloud for processing
Entity names and contentYes — stored in cloud for search and recall
Knowledge graph relationshipsYes — stored in cloud
Your email addressYes — for authentication
Device metadataYes — device name, OS version
Anonymous usage telemetryYes — feature usage, error rates

Infrastructure

BaseLayer runs on Google Cloud Platform:
  • Cloud Run for compute
  • Cloud SQL (PostgreSQL) for database
  • Cloud Tasks for background processing
  • Cloud Storage for attachments
All infrastructure runs within Google’s SOC 2 certified environment. Database connections are encrypted, and access to production systems is restricted to authorized personnel.

Data deletion

You can request full deletion of your data at any time. Upon request, all entities, conversations, knowledge graph relationships, and account data will be permanently removed from our systems.

Reporting vulnerabilities

If you discover a security vulnerability, please email security@baselayer.id. We take all reports seriously and will respond within 48 hours.