This is the most personal data you own. We built the architecture to match.
Attachée holds things you wouldn't write in an email — relationship dynamics, health details, private observations about the people you know. So privacy isn't a feature or a policy. It's the shape of the thing.
Six decisions between your data and the rest of the world.
Encrypted vaults, end to end
Everything you write is encrypted on your device before it reaches us. We only ever store ciphertext. Even if our servers were compromised, your vault stays locked — the keys that could open it never leave your device.
Two secrets, one unlock
Access requires your master password and a secret key that lives only on your device. One without the other is useless. No reset link, no backdoor — because that's the point.
Your calendar stays off our servers
Attachée connects to Apple, Google, and Microsoft 365 directly from your device. Your meetings, contacts, and schedule never pass through us — there's no path for them to. We sync without seeing.
AI that forgets
Extraction runs on EU-hosted foundation models under contractual zero retention. The model reads the snippet, returns the structured facts, and forgets. Your conversations are never logged and never used to train AI.
Sensitivity tiers
Every fact is tagged with a sensitivity level the moment it's extracted. The most private are filed under seal — visible only after you prove it's you again (your password on web, Face ID on iOS). A casual glance at your screen shows a contact card, not a private life.
Your data, your exit
Full export in standard formats, anytime. Delete your account and every byte disappears. Attachée is a custodian, not an owner — the architecture makes that a structural guarantee, not a marketing line.
The stack, briefly: Argon2id (64 MiB / 3 iterations) for password derivation, AES-256-GCM for record encryption, HKDF-SHA-256 for key separation. No asymmetric cryptography inside the vault boundary — which makes the current design post-quantum safe at rest, by construction. The longer argument lands in the whitepaper at general availability.
One encryption model. Personal vaults today, shared vaults next.
A personal vault holds your private observations. Shared vaults — rolling out after the personal experience is sound — let a small team build collective memory around clients or stakeholders. Both use the same encryption. Nothing leaks between them.
The fears worth naming — and what we've actually done about them.
Can anyone at Attachée read my data?
No. Your vault is encrypted with keys derived from your master password and a device-held secret key. Our servers only see ciphertext. Even with full access to our database, our engineers couldn't decrypt a single fact about you.
What about subpoenas or government requests?
We can hand over exactly what we have: encrypted blobs. The keys to decrypt them live on your device, not ours. We'd rather build the architecture so we can't be a useful point of compromise than write a strong policy we could later be forced to walk back.
What if my device is lost or stolen?
Idle-lock runs aggressively — backgrounding, visibility change, or a short idle period re-locks the vault, requiring both password and device secret to reopen. A future device can re-unlock only with both secrets, which an attacker with just the device doesn't have.
What if Attachée shuts down?
You export your data and take it with you. Full export is always available in standard formats. Your vault is yours — Attachée holds it in trust, never in ownership.
Is it GDPR compliant?
Yes. All infrastructure is EU-hosted. Data processing agreements are in place with all sub-processors. You can exercise all GDPR rights (access, erasure, portability) directly from your account settings. For organisations, a signed DPA is included with the Enterprise plan.
Security or privacy question that isn't here? security@meetattachee.com goes straight to engineering, not a ticket queue.