Your data is yours.
Our architecture
enforces it.
Security isn't a promise in a privacy policy. It's wired into every layer of the MEOK stack.
Built secure. Governed by covenant.
What threats does MEOK protect against?
Four attack surfaces. Four layers of defence โ built into the runtime, not bolted on afterwards.
Prompt Injection
User messages are sanitised before LLM injection. The Maternal Covenant system prompt is locked โ it cannot be overridden by user input.
Data Exfiltration
Every database query includes a user_id filter. User A can never read User B's data. Family groups share only explicitly flagged content.
Sycophancy Attacks
The sycophancy detector scores every response (0.0โ1.0). Scores above 0.6 trigger honest qualifier injection. AI cannot gaslight or mislead.
Toxicity & Grooming
DistilBERT-powered safety classifier runs on every message. Score > 0.85 triggers Guardian webhook. Children's content has an additional guardrails layer.
How does the Maternal Covenant enforce security?
Constitutional constraint
The Maternal Covenant isn't a brand promise โ it's a constitutional constraint embedded in the system prompt of every LLM call MEOK makes. It cannot be removed, overridden, or bypassed by user input.
0.3
Care floor enforced on every response. Scores below 0.3 are rejected before streaming.
0.6
Sycophancy ceiling. Above this threshold, honest qualifiers are injected automatically.
Crisis
Self-harm and suicidal ideation detection routes to safety resources โ never to an AI response.
Where is my data stored?
The answer changes depending on which MEOK product you use โ and in every case, you remain the owner.
Web App
Encrypted at rest on EU-hosted infrastructure. Zero third-party analytics. No training on your conversations.
Memory
pgvector semantic search. Your memories are scoped to your user ID โ never visible to other users, never used to train models.
Desktop OS (Summer 2026)
Entirely local. LanceDB on your SSD. LLM runs on your hardware via Ollama. Nothing leaves your machine unless you explicitly sync.
Is MEOK GDPR compliant?
Yes. Compliance isn't a checkbox โ it's built into the API surface.
Download everything MEOK holds about you โ memories, conversations, preferences โ in JSON.
Permanently wipes your account, memories, and all associated data. Irreversible. Instant.
Registered with the Information Commissioner's Office. UK GDPR and Children's Code aligned.
Data processor agreements in place with all third-party LLM providers. Your data is never used for their training.
Responsible Disclosure
Found a vulnerability?
Email security@meok.ai. We'll respond within 48 hours and credit you in our hall of fame.
Report a vulnerability โSecurity you can inspect. Sovereignty you can own.
MEOK is built from the ground up with your data, your privacy, and your safety as non-negotiable constraints โ not features.