> ## Documentation Index
> Fetch the complete documentation index at: https://docs.mindset.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Security & Deployment

> Memex is both a hosted SaaS and a 100% self-hosted Docker container. Your data, your choice. Bring your own LLM keys.

## Your Memex contains your most sensitive work

The graph Memex holds is, by design, the most valuable and sensitive part of a software organisation. It's where your **strategic direction**, **architectural decisions**, **security processes**, **unreleased product thinking**, and **internal blueprints** all live, connected.

That's the whole point: the graph is how AI agents and humans coordinate without losing context. But it also means that for many teams, what lives in Memex is exactly the kind of information they cannot, or will not, hand to an external SaaS provider.

<Tip>
  We treat this as a first-class design principle, not an enterprise checkbox. **You should never have to choose between getting value from Memex and keeping control of your data.**
</Tip>

## Two ways to run Memex

<CardGroup cols={2}>
  <Card title="Hosted SaaS" icon="cloud" iconType="solid">
    We run it for you. Sign up, connect an agent, start building. The simplest path to getting your team onto Memex. Ideal for teams who want ease-of-use and are comfortable with us operating the infrastructure.
  </Card>

  <Card title="Self-hosted" icon="server" iconType="solid">
    The entire Memex system ships as a Docker container. Run it on any virtual server with a Postgres database attached. **100% of your data stays inside your infrastructure.** No outbound calls for your graph, your decisions, or your blueprints.
  </Card>
</CardGroup>

Both options expose the same MCP surface, the same UI, and the same features. The only difference is where the data lives.

## Self-hosted, by design

Self-hosting isn't an afterthought or an enterprise-tier gate. It's a core deployment mode with a minimal footprint.

<CardGroup cols={2}>
  <Card title="One Docker container" icon="docker" iconType="solid">
    The Memex server ships as a single container. Pull the image, run it, done.
  </Card>

  <Card title="One Postgres database" icon="database" iconType="solid">
    Any Postgres 15+ instance. Bring your own, managed or on-prem. Memex stores all state here, nothing else.
  </Card>

  <Card title="Any virtual server" icon="server" iconType="solid">
    A modest VM is enough. No Kubernetes cluster, no service mesh, no dozen-service architecture. Keep your ops surface small.
  </Card>

  <Card title="No outbound dependencies" icon="shield-halved" iconType="solid">
    In self-hosted mode, your Memex instance does not call Mindset infrastructure for any core feature. Your graph stays with you.
  </Card>
</CardGroup>

<Note>
  The only outbound calls a self-hosted Memex makes are the ones **you configure** — to the LLM provider you choose, using the keys you supply.
</Note>

## Bring your own LLM keys

Memex uses LLMs for decision extraction, drift detection, and the agent-facing tool surface. You control which provider and which keys are used.

<CardGroup cols={2}>
  <Card title="Your provider, your choice" icon="key" iconType="solid">
    Anthropic, OpenAI, Google, a private model in your own VPC, whatever your team has standardised on. Memex is provider-agnostic.
  </Card>

  <Card title="Your keys, your billing" icon="lock" iconType="solid">
    You supply the API keys. Usage bills to your account, not ours. You see exactly what's being spent, on which model, for which operation.
  </Card>

  <Card title="Your policy, your constraints" icon="shield" iconType="solid">
    If your compliance team has signed off on a specific provider, Memex uses that provider. If you want to run a self-hosted LLM, point Memex at its endpoint.
  </Card>

  <Card title="Revocable at any time" icon="rotate-left" iconType="solid">
    Keys live in your configuration, not in Memex's codebase. Rotate, revoke, or swap providers without touching the Memex install.
  </Card>
</CardGroup>

## Why we think this matters

Many teams currently treat their project tracker and their wiki as lower-sensitivity systems because, frankly, those systems were never the source of truth for anything that mattered. The decisions lived in people's heads. The strategy lived in a Google Doc somebody would revise next quarter.

Memex changes the nature of the artefact. When a tool becomes the authoritative record of what your team has decided, why, and how things are built here, the sensitivity of that tool rises to the level of the codebase itself, or above.

<Tip>
  If your codebase lives in your infrastructure, your Memex should be able to live there too. We've built the product so that's never a trade-off against functionality.
</Tip>

## Choosing between SaaS and self-hosted

<CardGroup cols={2}>
  <Card title="Go SaaS if..." icon="circle-check" iconType="solid">
    * You want the lightest operational footprint
    * Your data policy allows a trusted third-party SaaS
    * You want upgrades and new features to land automatically
    * You'd rather focus on using Memex than running it
  </Card>

  <Card title="Go self-hosted if..." icon="circle-check" iconType="solid">
    * Your data cannot leave your infrastructure
    * You have compliance requirements (SOC 2 boundaries, GDPR residency, sector-specific regulations) that mandate internal hosting
    * You already run Postgres and Docker and prefer the direct control
    * Your security team wants to own the threat model end to end
  </Card>
</CardGroup>

You can start on SaaS and migrate to self-hosted later, or vice versa. The graph is portable, it's just Postgres.

<Card title="Join the waitlist" icon="rocket" href="https://memex.ai/" iconType="solid">
  Memex AI is in early access. Both SaaS and self-hosted deployment modes are available to early adopters, [request access at memex.ai](https://memex.ai/).
</Card>
