Skip to content

End-to-End Encryption.

AES-256-GCM encryption. Zero-knowledge architecture. Not even we can read your data.

01

Client-Side Encryption

Your passphrase never leaves your browser. PBKDF2 derives a Master Encryption Key (MEK) that encrypts all memory and notes client-side.

Two layers, one memory.

MCP gives your agent tools to read and write. Turn capture passively records every conversation. Together they build a complete knowledge layer.

MCP CONNECTIONread & write memories, search, explore graphTURN CAPTUREhooks or ingest APICClaudeWWindsurfCuCursor+Any Agent
EXOVAULTencrypted memory layer
REQUIREDOPTIONALwrite_memorysearchexplore_graphsession_start
MCP · TURN CAPTURE · TWO LAYERS
MCP ConnectionREQUIRED

Your agent gets 27 tools — write memories, semantic search, explore the knowledge graph, manage sessions. Bidirectional, real-time.

Turn CaptureOPTIONAL

Every conversation is passively captured and processed for knowledge extraction. Via hooks (Claude Code, Cursor, Windsurf) or the ingest API.

02

Agent Encryption

Agents use wrapped MEKs — the server encrypts on their behalf without ever seeing your passphrase. Agent keys can be revoked instantly.

03

Zero-Knowledge Architecture

ExoVault servers store only ciphertext. No backdoors, no admin access, no exceptions. Recovery phrases let you regain access if you forget your passphrase.

A codex worth keeping.

Free to start. Encrypted always. Connect your first agent in under a minute.

ExoVault · End-to-End EncryptionRead the manual →