An encrypted memory vault that lives on your Mac. Set it up once, and your context, preferences, and projects follow you across the AI apps you use, instead of being locked inside any one of them.
Free and open source · Apple Silicon · signed & notarized · private by default, nothing leaves your machine unless you share it
Both start from the same encrypted vault on your machine. You choose how much reaches the cloud, and NorthKeep is honest about the difference.
One click wires NorthKeep into Claude Desktop or Claude Code on this Mac. For the cloud apps you use elsewhere (ChatGPT, Claude on your phone), an optional connector lets the scopes you choose reach them. Either way you decide, per app and per scope, exactly what it may read.
Honest boundary: Connect gives you ownership and portability, not a firewall, and it can't redact what you type into someone else's app. The cloud connector is opt-in per scope. Shared memories are encrypted at rest there: the connector database holds no key that can read them, and the key is rebuilt each request from your app's own credential plus a secret on our server, which briefly decrypts them so the apps you connect can read the result in full. Scope names, counts, and timestamps stay visible to the server. Private scopes never leave your machine.
Converse runs the privacy for you: it masks sensitive data before your message leaves the machine, calls the model, and restores the details locally in the reply.
The real firewall, against a local model (nothing leaves your network) or a cloud model with your own key.
One encrypted file you can copy, back up, and move. Your memory lives in none of the AI apps, so switching costs nothing.
Secrets and names are masked before anything leaves your machine, with an audit trail proving what was masked.
Grant one app your work memory only, another nothing sensitive. Enforced at the vault, not on trust.
Import your ChatGPT or Claude export. Extraction runs entirely on your machine, and you review every memory before it's kept.
Local models via Ollama, or any provider with your own key. A concierge routes each question to the cheapest capable model, cost shown up front.
Move your vault between machines. The server only ever holds ciphertext it cannot decrypt, never a key, never plaintext. We could not read it if we wanted to.
Share the scopes you choose to the AI apps you already use, so Claude and ChatGPT remember you on your phone too. Stored encrypted at rest with no key kept in that database; decrypted only for the moment it takes to answer your app. Opt-in per scope, reversible.
Everything that runs on your machine is free. You only pay for the one thing that runs on ours.
No, with one exception you turn on yourself. Your vault is encrypted on your device, and we never receive your key. If you use hosted sync, our server stores only ciphertext it cannot decrypt plus a version number. The exception is a scope you deliberately share with the connector (see Connect above): it is stored encrypted at rest, the connector database holds no key that can read it, and the server briefly rebuilds the key per request (from your app's credential plus a server-side secret) to decrypt it so your AI apps can read it. There's no telemetry and no analytics in the app.
Their memory lives on their servers and stays in their app. NorthKeep's memory lives on your machine and plugs into whichever apps you use, so it's portable, owned by you, and you set what each app can read.
No, and we won't pretend it does. When you type into another company's app, that company sees what you type. Connect gives you portable, owned memory with per-app scopes. For an actual redaction firewall on your messages, use Converse.
The vault is unrecoverable. There's no back door, which is exactly why no one else can get in either. Back up your device.secret file and keep your passphrase safe.
Yes, AGPL-3.0. You can read the code, run it, and self-host the sync server for free. A commercial license is available for businesses that don't want the AGPL's obligations.