How do I give my AI agent persistent memory?

Install HippoDid as an MCP server or use the REST API. Memories are stored in structured cloud storage and retrieved automatically across sessions. Works with Claude Code, Claude Desktop, ChatGPT, Gemini CLI, Codex CLI, Cursor, and OpenClaw.

How do I share memory between Claude and ChatGPT?

HippoDid stores memories in a cloud database keyed by character ID. Any MCP client (Claude, Cursor, Codex) or OAuth-connected app (ChatGPT) that authenticates with the same account can read and write the same memories. Write a memory in Claude Code, recall it in ChatGPT.

What is MCP and how does it work with AI memory?

MCP (Model Context Protocol) is an open standard that lets AI assistants connect to external tools and data sources. HippoDid exposes memory operations as MCP tools — add_memory, search_memories, sync_file — so any MCP-compatible AI client can store and retrieve persistent context.

Does HippoDid work with ChatGPT?

Yes. HippoDid supports ChatGPT via OAuth 2.1 with PKCE. ChatGPT Business, Enterprise, and Edu users can connect HippoDid as a custom MCP app. The OAuth flow is fully automatic — ChatGPT discovers the authorization server, registers itself, and handles token exchange.

Yes, there is a free tier with 3 characters, 100 memories, and 1 API key. No credit card required. Paid plans start at $4.99/month for unlimited memories and advanced features like auto-recall and the Playground.

What happens to my memories if I switch AI tools?

Nothing — your memories stay in HippoDid cloud. They are not tied to any single AI client. Switch from Claude to Cursor to ChatGPT and back; your character’s memory is always there.

Legal

Privacy Policy

Effective date: May 23, 2026 · Last updated: May 23, 2026

1. About this Policy

This Privacy Policy describes how SameThoughts Inc. (“SameThoughts,” “we,” “us”) collects, uses, and protects information when you use the HippoDid platform and related services (the “Service”). This policy applies to all users of the Service, including the REST API, MCP server, Spring Boot Starter SDK, and web dashboard.

2. What Data We Collect

We collect the following categories of data:

Account and authentication data — email address, name, and profile information provided through Clerk (our authentication provider)
Billing data — payment information processed through Stripe; we do not store credit card numbers directly
Memory content — the text, character configurations, categories, and associated metadata you submit to the Service
BYOK provider keys — AI provider API keys you optionally provide for extraction processing, stored encrypted at rest
Technical and log data — IP addresses, request timestamps, API usage metrics, error logs, and performance data generated during your use of the Service
Cookies — strictly necessary cookies set by Clerk (authentication) and Stripe (payment processing)

3. How We Use Your Data

We use your data to:

Provide, operate, and maintain the Service
Process billing and manage your subscription
Enforce security, detect abuse, and protect multi-tenant infrastructure
Provide customer support
Comply with legal obligations

No-training commitment. We do not use your memory content or Customer Data to train any AI or machine learning model. We do not access your memory content except as necessary to operate the Service (storage, retrieval, embedding, decay processing, deduplication).

4. Subprocessors

We use the following third-party subprocessors to operate the Service:

Provider	Purpose	Location
Google Cloud Platform	Cloud Run (application hosting), Cloud SQL (PostgreSQL database)	US (us-west1)
Clerk	Authentication and user management	US
Stripe	Payment processing and subscription billing	US
OpenAI	Vector embeddings (text-embedding-3-small) for memory search	US

If you use BYOK (Bring Your Own Key), your configured AI provider also acts as a subprocessor for extraction requests routed through your key.

5. Data Retention and Deletion

Memory data. For active accounts, memory data is retained indefinitely. Memories undergo a decay lifecycle (Active → Consolidated → Decayed) based on configurable category half-lives. Decay reduces retrieval visibility, not storage — decayed memories remain in the database but are suppressed from search results unless explicitly requested.

Tenant-controlled deletion. You can delete memories at any time via the API or dashboard. Soft-delete creates a tombstone in the event store for audit purposes. Hard-delete permanently purges all data including event history.

Session archives. Session transcript archives are retained for 90 days on the Business tier and indefinitely on the Enterprise tier.

Account termination. Upon account termination, you have 30 days to export your data. After the export window, Customer Data is permanently deleted.

Audit logs. Compliance audit logs are retained for 7 years in immutable storage, as required by applicable regulations.

6. Security

Encryption in transit — all data is transmitted over TLS
Encryption at rest — all data at rest is encrypted using Google Cloud's default encryption (AES-256)
Multi-tenant isolation — tenant data is isolated at the database level using PostgreSQL Row-Level Security (RLS); every query is scoped to the authenticated tenant
BYOK key handling — your AI provider keys are encrypted at rest and never logged in plain text
No plain-text logging — memory content and sensitive fields are never written to application logs

7. International Data Transfers

The Service is hosted and operated in the United States. If you access the Service from outside the US, your data will be transferred to and processed in the US. For users in the European Union or United Kingdom, we rely on Standard Contractual Clauses (SCCs) as the legal mechanism for international data transfers.

8. Your Rights

GDPR rights (EU/EEA residents). You have the right to access, rectify, erase, restrict processing, port, and object to processing of your personal data. You may also withdraw consent at any time where processing is based on consent.

CCPA rights (California residents). You have the right to know what personal information we collect, to request deletion, and to opt out of any sale of personal information. We do not sell personal information.

To exercise any of these rights, contact us at admin@samethoughts.com. We will respond within 30 days (or sooner where required by law).

9. Legal Bases for Processing

Under the GDPR, we process personal data on the following legal bases:

Contract performance — processing necessary to provide the Service you signed up for (account data, memory content, billing)
Legitimate interests — processing for security, fraud prevention, service improvement, and infrastructure protection
Legal obligation — processing required to comply with applicable laws, including tax reporting and audit retention requirements

10. Cookies and Analytics

The Service currently uses only strictly necessary cookies set by Clerk (authentication session) and Stripe (payment processing). We do not use advertising cookies or third-party tracking.

We may introduce privacy-preserving analytics in the future. If we do, we will update this policy and provide notice.

11. Children's Data

The Service is not directed to children under 16. Account creation requires age confirmation through Clerk. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete that data promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will provide at least 30 days' notice via email to the address associated with your account and by posting the updated version on this page. Your continued use of the Service after the effective date constitutes acceptance of the revised policy.

13. Contact

If you have questions about this Privacy Policy or want to exercise your data rights, contact us at admin@samethoughts.com.