Zero-knowledge · End-to-end encrypted · Open protocol

Encrypted memory for
your AI agents.

IA Cloud Memory stores your AI's long-term memory as a versioned, end-to-end encrypted file tree. Connect it to Claude Code with one line of config — and we never see what your agent remembers.

Create free account Connect to Claude Code →

~/.claude/settings.json

{
  "mcpServers": {
    "ia-cloud-memory": {
      "command": "npx",
      "args": ["-y", "@ia-cloud-memory/mcp-server"],
      "env": {
        "ICM_API_URL": "https://ia-cloud-memory.ilygo-app.ch",
        "ICM_API_KEY": "icm_••••",
        "ICM_MASTER_KEY": "••••"
      }
    }
  }
}

Features

Everything an agent's memory should be.

🔐

End-to-end encrypted

AES-256-GCM with per-object content keys, wrapped under a master key derived in your browser. The server only ever sees opaque ciphertexts.

🕰️

Git-like history

Every change is a commit. Diff between any two points, roll back to a previous state, walk the full chain — without ever reverting.

🔄

Cheap key rotation

Rotate your master key without re-encrypting content. Per-object CEKs are simply re-wrapped — 66 bytes per file.

🔌

Drop-in MCP connector

Add four lines to your Claude Code settings and your agent gains a persistent, queryable memory across sessions.

👤

Per-user isolation

Multi-tenant from day one. Each account has its own ciphertext namespace; cross-user reads are impossible by construction.

🌐

Web UI included

Browse, edit, diff, and roll back from the dashboard — same crypto, same vault. No CLI required.

How it works

Two passwords. One vault. Zero servers that can read it.

step 1

Sign in

Your account password authenticates with IA Cloud Memory. It never derives encryption keys — and is hashed (scrypt) on the server.

step 2

Unlock the vault

Your separate encryption passphrase derives a master key in the browser via PBKDF2-SHA256 (600 000 iterations). The key never leaves your device.

step 3

Use freely

Read, write, commit, diff, rollback — through the web UI or via the MCP connector in Claude Code. Encryption happens transparently.

Security

Treated as untrusted storage.

The IA Cloud Memory server stores three things and three things only: opaque ciphertexts, opaque per-object key wraps, and a list of commit hashes. There is no path through the API that could leak the plaintext of a file — the server doesn't have the key.

Lose your encryption passphrase and your data is unrecoverable. We consider this a feature.

Read the security model →

// what the server stores

Object   ::= magic||v||flags||nonce||AES-GCM(content, CEK)
Wrap     ::= magic||v||flags||nonce||AES-GCM(CEK, masterKey)
Manifest ::= encrypted JSON { path → contentHash }
Commit   ::= encrypted JSON { parent, manifestHash, message }
Ref      ::= "main" → commitHash (CAS-protected)

Claude Code

Plug it into your agent in 30 seconds.

The @ia-cloud-memory/mcp-server package speaks the Model Context Protocol over stdio. Once registered, your Claude Code agent gains 8 memory tools:

memory_list · list all paths
memory_read · read a file
memory_write · write + auto-commit
memory_delete · delete + auto-commit
memory_history · recent commits
memory_read_at · read at a past commit
memory_diff · diff between commits
memory_rollback · revert to a past state

MCP setup guide →

$ npx @ia-cloud-memory/mcp-server

✓ connected to ia-cloud-memory.ilygo-app.ch

✓ canary verified

✓ 8 tools registered

// tool: memory_write{path: "MEMORY.md", content: "..."}

→ commit a3f8c1d…

Give your agent a memory it actually owns.

Free during beta. No credit card. Encryption keys stay on your machine.

Create free account Read the docs

Encrypted memory foryour AI agents.