All use cases
Purpose-limited retrieval

Need-to-know retrieval for agent memory

A memory collected for support shouldn't quietly become the basis for a sales or marketing decision. Governed Memory enforces purpose limits at query time — and records exactly what it withheld, and why.

Querypurpose:marketing
Retrievalrank · fuse
Purpose gatepolicy binding
Resultseligible only
The same memory is available for a support purpose and withheld for marketing. Purpose limits are enforced at query time, with a record of exactly what was excluded and why.

The risk

GDPR- and CCPA-style purpose limitation says data collected for one reason shouldn't silently be repurposed for another. Applied to agent memory: a note captured to resolve a support case shouldn't quietly become the basis for a sales pitch, a pricing decision, or a marketing segment.

When every agent shares one undifferentiated memory pool, that line is impossible to hold — and impossible to prove you held, which is what a compliance reviewer actually asks for.

How Governed Memory handles it

  1. 01
    Purpose declared at query time

    Every retrieval states what it's for. The engine returns only memory whose source and policy allow that purpose.

  2. 02
    Bindings you define

    You set which source types can justify which purposes. A support-sourced memory can be barred from marketing retrievals by policy — not by hoping the caller filters correctly.

  3. 03
    Exclusions are explained

    When a memory is withheld, the response records that it was excluded and why — so a reviewer can see the limit was enforced, not just claimed.

  4. 04
    Enforced in the engine

    The limit holds even if the calling code forgets to filter, because it's applied where the data is read — not in every caller that might touch it.

Read the full technical walkthrough → Self-host it