Guarded Memory and Session Isolation: Protecting User State

Persistent memory introduces risk: user data can leak across sessions.

Guarded memory prevents unauthorized access and accidental reuse.

Separate memory stores per user and per tenant.

Use scoped retrieval so one user's context never appears in another's output.

Apply permissions when retrieving memory, not just when storing it.

This ensures policy changes apply retroactively to stored data.

Define retention policies that match legal and product requirements.

Support deletion requests with verifiable audit logs.

Track access to memory entries and detect anomalies.

Audit trails are essential for compliance and incident response.

Encrypt memory at rest and in transit to protect sensitive data.

Use per-tenant keys so compromise does not affect all users.

Rotate keys on a schedule and after incidents.

Store keys in managed KMS services with strict access controls.

Log key access to detect unusual activity quickly.

Separate encryption keys from application credentials.

Use envelope encryption for scalable key management.

Document key rotation procedures in runbooks.

Limit key access to the minimum set of services required.

Test key rotation regularly to avoid emergency failures.

Use audit alarms for unusual key access patterns.

Store key ownership metadata for compliance reviews.

Provide UI controls for users to view and delete stored memory.

Offer opt-in settings for memory collection when required.

Explain memory usage clearly in privacy notices.

Expose retention settings for enterprise customers.

Allow temporary memory suspension for sensitive sessions.

Track deletion requests to ensure compliance timelines.

Provide export tools so users can access their stored data.

Log user changes to memory settings for auditability.

Add per-conversation toggles for temporary privacy.

Surface last-updated timestamps so users understand recency.

Provide a clear status when memory is disabled or unavailable.

Offer admin controls for org-wide memory policies.

Is isolation expensive? It adds overhead but prevents critical privacy failures.

Should I encrypt memory? Yes for sensitive domains.

What is the quickest win? Enforce per-user retrieval scopes.