Sometime in the past year, your AI assistant started remembering you. Maybe you noticed the moment it happened: it referenced a project you mentioned weeks earlier, or knew your kid's age, or stopped suggesting meat recipes after you said you were vegetarian once.
ChatGPT rolled out persistent memory to all users and made it default-on. Claude added memory across conversations and projects. Gemini remembers context across sessions. This is not a gimmick race; memory is the single highest-leverage feature an assistant can ship, because an assistant that knows you is simply more useful than one that does not.
The feature is good. The architecture deserves more scrutiny than it is getting. Because the question underneath all of it — who holds the memory? — is being answered by default, quietly, and the default answer is: not you.
Memory is the point of the product now
It helps to be clear-eyed about why every lab is building this. The models themselves are converging. The difference between the top assistants on any given task shrinks every quarter, and users increasingly cannot tell frontier models apart in blind comparisons.
When models converge, the differentiator moves elsewhere — and it moves to context. An assistant that knows your writing style, your medical history, your codebase conventions, your family situation, and your last six months of decisions will beat a marginally smarter assistant that knows none of it, on almost any real task. The labs know this. Memory is not a convenience feature; it is the new competitive moat.
And here is the thing about moats: they are built to keep you in.
The new switching cost
Lock-in used to be about content. Leaving a platform meant abandoning your playlists, your photos, your followers. Painful, but bounded — you knew what you were losing, and most of it could be rebuilt or exported.
Memory lock-in is different in kind, not just degree. After a year of daily use, an assistant's memory of you is not a list of files. It is an accumulated understanding: the preferences you stated once and forgot you stated, the corrections you made, the context of a hundred decisions. It may be the most complete record of your thinking that exists anywhere.
Now consider its properties. You mostly cannot read it — you see fragments in a settings page, not the model's full working picture of you. You cannot export it in a form another assistant can use; a competitor's model cannot ingest a rival's memory store even where an export exists. And it is not yours in any enforceable sense; it lives on the provider's infrastructure under the provider's terms, which can change.
So the switching cost compounds silently. Every conversation makes your current assistant slightly better for you and every alternative relatively worse. Two years in, switching does not mean losing playlists. It means being forgotten — starting over with a stranger, after years with something that knew you. Most people will not switch. That is what the moat is for.
It is worth saying plainly: nobody designed this as a trap. Memory features are built by people genuinely trying to make assistants more useful, and they succeed. Lock-in is a side effect of the obvious architecture — store the user's context next to the model. But side effects at this scale become structures, and this particular structure is being poured in concrete right now, while almost nobody is looking at the question of custody.
The alternative: memory you hold
There is a different architecture, and it does not require the platforms' permission to exist.
Instead of each assistant accumulating its own private memory of you, you keep the memory: one store of your context — your preferences, your history, your facts — held by you, encrypted under a key only you hold, that any assistant can read with your permission.
The plumbing for this now exists. The Model Context Protocol, the open standard adopted across the industry, lets any AI client connect to an external context source. We wrote a full walkthrough of how that works in Bring Your Own Data; the short version is that your context becomes a service the assistant connects to, rather than a database the assistant owns.
Flip the custody, and every property of the memory flips with it:
- You can read it. Your memory is a document you can open, not an opaque embedding in someone's model. You see exactly what any assistant sees.
- You can edit it. Outdated fact? Change it once, and every connected assistant picks up the correction. No hunting through a memory-management screen per product.
- It works everywhere. The same memory serves Claude today, ChatGPT tomorrow, and whatever exists in 2028. Assistants become interchangeable again — which restores your leverage as a customer.
- Permission is granular and revocable. Each assistant sees only the fields you granted it, and disconnecting one deletes what it was given access to. Memory with an off switch.
For this to be real rather than rhetorical, the store itself has to be trustworthy — otherwise you have just moved the honeypot. That is an encryption problem with a known shape. In Personal Hub's implementation: your vault is encrypted on your device, your key is derived from your password and never leaves your browser, and we store ciphertext we cannot read. Each AI connection gets its own key and its own encrypted copy of only the fields you chose; during an active request, that shared copy — never your vault — is decrypted briefly in server memory. The complete design, including its honest limitations, is documented on our security page.
The honest trade-offs
User-held memory is not free lunch, and pretending otherwise would undercut the argument.
Built-in memory is passive; it accumulates while you do nothing. A memory you hold needs some tending — reviewing what an assistant suggests saving, occasionally pruning what is stale. Personal Hub narrows this gap with a suggestion queue: connected assistants can propose additions mid-conversation (“want me to save that you switched to a standing desk?”), and nothing enters your store until you approve it. That is a feature, not just a safeguard — you curate the record instead of being silently profiled — but curation is still work, and it is fair to say so.
Built-in memory can also capture texture that structured context misses: the model's implicit sense of your tone, its running feel for a long project. User-held memory holds facts, preferences, history, and notes — the explicit layer. In practice the explicit layer is most of what matters for portability, but the two approaches are not identical, and running both is a perfectly reasonable strategy: let each assistant keep its working notes, while the durable record of you lives somewhere you control.
What is not a reasonable strategy is the pure default — years of context accumulating exclusively inside one company's product, unreadable and unportable, with the switching cost compounding monthly and custody never once considered.
Decided by defaults
The platform era taught one lesson worth carrying forward: architectures set in the first years of a technology harden into the permanent shape of it. Nobody voted for the model where platforms own the record of your life; it was simply the default, and defaults won.
AI memory is at that formative moment now. Both architectures work. Both will exist. The open question is which becomes normal — memory as a feature of the assistant, or memory as a possession of the person. The first is the default and it is winning by inertia. The second requires people to choose it, which requires knowing the choice exists.
That is the modest purpose of this essay: the choice exists. Your AI will remember you either way. Whether you hold the memory — whether you can read it, correct it, move it, and revoke it — is still up for grabs, briefly.
If you want to try holding it yourself, Personal Hub is free to start, no account needed — and the case for why this matters beyond AI memory is in The Case for Data Sovereignty.