Self-hosted AI memory for regulated industries.
Open-source, Apache 2.0, local-first. Build it into your VPC or air-gapped hardware. Talk to the person who wrote it.
Your data never has to leave your perimeter.
Managed memory services want your data in their cloud. If you are in healthcare, finance, or any environment where patient data, customer records, or internal knowledge can't leave your perimeter, that's a non-starter. widemem was built local-first from day one. Zero external services, zero telemetry, zero phone home. You can run the entire stack (LLM, embeddings, vector store, metadata store) inside your VPC or on air-gapped hardware.
Built for the environments that can't compromise.
YMYL-aware memory
Two-tier YMYL classifier boosts health facts to high importance and disables decay. Allergies, medications, and conditions don't get forgotten because 72 hours passed.
No data egress
Local-first storage (SQLite plus FAISS). Pair with Ollama and sentence-transformers and the whole pipeline runs inside your network. Nothing leaves your perimeter.
Air-gap compatible
Apache 2.0 open source means your security review reads every line. Zero required external services. Ships as a Python library you embed into your own service.
What you get with a support contract.
- Direct access to the person who wrote the library. No tier-1 triage, no tickets bouncing between teams.
- Compliance review help for your environment. Architecture diagrams, data flow docs, and answers to the vendor questionnaires your legal team will put in front of you. Prepared on a pilot basis, tailored to your stack.
- Priority bug fixes with a named SLA. If your production depends on it, you are at the top of the queue.
- Migration helpfrom Mem0, Zep, Letta, or whatever you are running today. Includes an honest “this tool is better for your use case” if that's the conclusion.
- Custom provider integrationsif you need a vector store, LLM, or embedding provider that widemem doesn't support today.
- Pilot with the founder at a fixed scope and timeline. Start with one production use case. Expand from there.
The library is not the gated part.
Everything. The full feature set, all providers, the whole SDK, GitHub Issues, and the blog. widemem is not a gated open-core play. Enterprise is about humans and SLAs, not features behind a paywall.
What a contract does and does not buy.
widemem is not itself SOC2 or HIPAA certified because it is a library, not a service. The compliance posture of your deployment is yours. A support contract gets you help navigating the review, the architecture choices, and the audit trail (get_history(memory_id) gives you the log of adds, updates, and deletes for each memory). It does not give you a certificate the library does not have.
See /benchmarks for measured performance vs Mem0, Zep, LangMem, and others on the LoCoMo benchmark. See /docs/self-hosting for the current deployment guide.
Three engagement shapes.
Pick the one that matches where you are. All include the full Apache 2.0 library; you are not paying for feature unlocks. You are paying for the time, the hosting, and the compliance posture.
Pilot
A fixed 30-day engagement: architecture review, deployment into your stack, and production use cases live by day 30. You keep everything.
Production support
An annual contract: direct access, a named SLA on bugs, version-upgrade help, and compliance-questionnaire support. Priced by memory volume and SLA latency.
Hosted (coming H2 2026)
We run the deployment on HIPAA-eligible AWS. You get an API key, an audit dashboard, and the BAA chain.
Full tier detail and the tradeoffs between tiers (memory volume, SLA tier, compliance scope) live on the pricing page. Pricing is scoped per engagement, so talk to us for a quote.
See full pricingShipped, in flight, and when hosted opens.
Everything below stays Apache 2.0 in the library; the engagement tiers above are how we fund the work. Dates are intentions, not commitments. They move based on what customers need first.
Q2 2026 (now)
- pgvector backend: run widemem against any Postgres deployment (RDS, Cloud SQL, Azure Postgres, Neon, Supabase). Same library, hosted database.
- Source-message provenance design: link every fact in the audit log back to the inbound message that produced it. Issue tracked at #21.
- Framework adapters: LangChain ChatHistory, LangChain Retriever, LangGraph BaseStore. Open community issues at #22, #23, #24.
Q3 2026
- SSO / SAML adapter: enterprise-friendly authentication for the audit-log API. Open source.
- RBAC layer: per-memory and per-user-group access controls. Open source.
- SIEM export adapters: push the history log to Datadog, Splunk, or generic webhooks for compliance teams who centralize audit data. Open source.
- Postgres history store: move the audit log from SQLite to the same Postgres that holds the vectors. One database, one backup story, one BAA.
- Source-message provenance implementation (closing #21).
Q4 2026
- Hosted offering opens on HIPAA-eligible AWS. Self-service tiers from $499/mo.
- SOC 2 Type I preparation begins (audit firm engaged, controls documented).
- BAA partner list published for customers self-hosting on HIPAA-eligible AWS, GCP, or Azure regions.
2027
- SOC 2 Type II attestation completed (12 months of evidence).
- Multi-region hosted: EU and US regions with regional data residency.
- v2.0 release: architectural work informed by 2026 customer deployments.
If your timeline depends on a specific item, say so in the form below; we will tell you whether the date is firm or moveable for your engagement.
The first call is 30 minutes, technical, and not a sales pitch.
Fill the form. I respond within one business day. We figure out if widemem is the right tool for your problem. If it isn't, I'll tell you.