What is MemoryJar used for?

MemoryJar is an analyst workspace that combines graph visualization, hierarchical outline, and rich text notes on the same data. Eight purpose-built jar types cover common workflows: investigation, case file, mind map, workflow, systems architecture, financial, CRM, and security. Replaces the typical stack of a graph tool + a notes app + a report generator with one local-first desktop app.

Is MemoryJar a CherryTree alternative?

Yes. MemoryJar provides CherryTree-style hierarchical note-taking with an added graph visualization layer for mapping entity relationships. It supports rich text editing, image embedding, and structured outlines — plus graph-based link analysis that CherryTree cannot do.

Can MemoryJar import Nmap scan data?

Yes. MemoryJar imports Nmap XML scan output and automatically creates typed entity nodes for hosts, IP addresses, services, and ports with their relationships mapped in the graph view.

Does MemoryJar work offline?

Yes. MemoryJar is an offline desktop application with no cloud dependency. All data stays on your machine. It can operate in air-gapped environments suitable for sensitive or regulated work.

What platforms does MemoryJar support?

MemoryJar runs on Windows, macOS, and Linux. Download, install, and you're ready to go.

How much does MemoryJar cost?

MemoryJar is sold as a 1-year license, not a subscription. Solo is $600/year for 1 analyst (2 device activations). Team is $3,000/year for up to 5 analysts, flat. Enterprise starts at $1,500/seat/year with a 10-seat minimum and includes priority support + SLA + onboarding.

Security & Data Handling

Your data is yours. Nothing leaves without your say-so.

MemoryJar is built local-first for analysts who work with sensitive data — investigations, case files, source material, evidence. Everything below is what the product actually does. We don't overclaim on certifications and we don't ship telemetry you didn't agree to.

Core principles

Local-first by default

Your data lives in a database on your machine. MemoryJar runs as a desktop application with no cloud dependency. You can use it fully offline, on an air-gapped workstation, or on a USB portable install — with identical functionality.

You own your data

There is no vendor lock-in. Export your entire workspace to JSON at any time and the file contains every node, edge, note, attribute, and attachment metadata record. Move between machines, back up to cold storage, or archive a closed case — all with a single file.

Nothing leaves without your choice

Solo mode sends zero telemetry. Team mode sends data only to the Shelf (team server) that you host or join — not to us. The update notification pings our server for a version string; that check can be disabled from the app's top bar.

Data protection

Encryption at rest

Solo mode: workspace data is stored in the browser's IndexedDB, which on Windows and macOS sits inside the OS-encrypted user profile (BitLocker / FileVault when enabled).
Team mode: SQLite database can be configured to use OS-level disk encryption on the host machine. Attachments stored on the filesystem inherit the same protection.
Backups: exported JSON files are plaintext by design to preserve forensic fidelity — encrypt at the filesystem or container level when archiving.

Encryption in transit (team mode)

WebSocket sync between clients and the Shelf uses TLS when deployed behind a reverse proxy. LAN-only deployments operate inside your existing network perimeter.
Authentication uses JWT with short-lived access tokens and server-issued refresh tokens.
Credentials are hashed server-side (bcrypt) before storage. Passwords are never stored or logged in plaintext.

Access control

Team mode enforces role-based permissions: viewer, editor, admin. Viewers receive HTTP 403 on every write endpoint — enforced server-side, not UI-gated.
Workspace sharing is explicit: admins invite specific teams to specific workspaces, with permission per workspace (view or edit).
Activity log captures every write operation (21 action types) with user, timestamp, and before/after values. Available via the Activity panel in team mode.

Rate limits + abuse prevention

Authentication endpoints: 20 attempts per 15 minutes per IP (express-rate-limit).
Request size cap: 5 MB JSON body limit on API endpoints.
Quick-Join guest accounts expire on host shutdown; no persistent artifacts.

Forensic features

Built-in support for evidence handling, chain of custody, and admissibility.

SHA-256 chain of custody

Every file attachment is hashed with SHA-256 at the moment of attachment using the Web Crypto API. The hash is stored alongside the file in the database and included in exported reports, providing evidence that the file has not been altered since it was attached. Hashes are recomputed and verified on demand.

Chain-of-custody metadata

Each attachment supports structured forensic fields: exhibit ID, case number, collected-by, collected-at timestamp (ISO 8601), collection method, and custody notes. These fields appear in the HTML and DOCX report appendices.

Configurable sensitivity markings

Workspaces and individual entities support configurable sensitivity labels — e.g. Public, Internal, Confidential, Restricted. Markings render on-screen and embed in every exported report. Use the built-in tiered scheme or define your own labels to match your organization's policy. Not a certification — a workflow feature that lets teams who work with sensitive material carry their existing marking conventions into the tool.

Evidence Package export

A one-click export produces a ZIP bundle containing: the full workspace as JSON, every attached file in an exhibits/ directory, HTML and DOCX reports, a manifest.json listing every artifact with its SHA-256, and chain-of-custody metadata. Designed to be handed off to a court, a supervisor, or long-term evidence storage without modification.

Deterministic reports

Reports (Analytical, Hierarchical, Evidence Package) are generated from the live workspace state. No AI-generated content, no hallucinated narrative — every sentence traces back to a specific node, edge, or attribute the analyst recorded. This is deliberate: courtroom admissibility (FRE 901) requires provenance for every claim in a report.

Compliance posture

How MemoryJar maps to the compliance frameworks enterprise and regulated-industry buyers ask about. Precise language, honest limits.

Regulated-industry ready

Local-first storage eliminates cloud-transit and residency concerns up front. Role-based access and activity logging support the access-control and audit requirements common to regulated industries (healthcare, financial services, legal, insurance). We don't claim HIPAA / PCI / GDPR certification — those attestations attach to deployed systems, not client-side software — but the architecture removes the common failure modes that trip audits.

Industry-standard encryption

MemoryJar uses the browser and OS-level cryptographic routines of the host platform (Windows CNG, macOS CommonCrypto, Node.js OpenSSL). On systems configured for FIPS 140 compliance, those routines inherit that posture. No bespoke crypto, no rolled-our-own algorithms.

Air-gap deployment

MemoryJar runs fully offline — no internet required for installation, operation, or data portability. This includes Team mode: the Shelf can run on a LAN with no WAN connectivity. For customers with air-gap requirements, no further configuration is necessary.

Not yet certified

To be transparent: MemoryJar is not SOC 2, FedRAMP, StateRAMP, or HIPAA certified. These certifications require formal audit by an accredited third party and are generally awarded to hosted services, not desktop software. We are open to pursuing formal attestations where a customer's procurement process requires them.

Security issues

If you discover a vulnerability or have a security concern, please email security@memoryjarsoftware.com. We respond within two business days.

We prefer coordinated disclosure. Please give us a reasonable window to ship a fix before public release.

Procurement questionnaire?

We'll fill out your security questionnaire, vendor review form, or RFP. Send it to dustin@memoryjarsoftware.com.

See pricing