Private by default.
No DataMoat cloud account. Your memory archive, transcripts, skills, attachments, and keys stay on-device.
v2.0.9New: annotations, bookmarks, message votes, ChatGPT export import, safer transfer restore, compressed raw archive.
Build your AI moat.
Export, back up, analyze, search, and reuse everything you build with ChatGPT, Claude, Codex, Cursor, DeepSeek, Qwen, and OpenClaw.
Your prompts, plans, code, decisions, and workflows are becoming your future knowledge capital. DataMoat keeps an encrypted local backup before that work disappears from tool histories, then makes it searchable and exportable.
On-device by design
Encrypted local memory archive
Memory encryption keys never sent
SessionsChatGPT, Claude, Codex, Cursor, DeepSeek, Qwen, and OpenClaw work records.
AnnotationsBookmarks and message votes help mark reusable context.
SkillsFull skill folders, file counts, and snapshots.
AttachmentsFiles and media linked back to source sessions.
Signed macOS DMGNotarized Apple Silicon app with Touch ID unlock on supported Macs.
Windows ZIP buildsUnsigned x64 and ARM64 manual packages while the signed installer is in progress.
No DataMoat cloudYour memory archive, transcripts, skills, attachments, and keys stay on-device.
Full folder snapshotsSupported skills are backed up as folder contents, not just names.
No DataMoat cloud account. Your memory archive stays local.
Windows ZIP + DataMoat.exe packages are unsigned manual app folders while the signed installer is in progress. Unzip the package, keep the folder together, and launch DataMoat.exe to use the app now. Run Install DataMoat.cmd once if you want startup registration for this Windows user.
Unified infrastructure for AI work history
DataMoat brings supported sessions, skills, attachments, source records, and local platforms into one protected memory archive.
ChatGPT exportClaude
DeepSeek
QwenCodex
OpenClawCursor
macOS
Linux
Start exporting and backing up your AI assets today.
You do not need to be a power user to start owning your AI work history. Begin with a small local archive today, then let its value compound as conversations, files, prompts, image versions, attachments, and project context grow. DataMoat backs up supported skills + sessions + attachments into the same encrypted local memory archive. It imports ChatGPT export ZIPs/folders, preserves supported image versions and attachments with their source sessions, keeps compressed encrypted raw source records, saves skills as full folder snapshots, adds bookmarks and message votes for review, and builds a normalized index for search, export, reuse, handoff, and private AI memory.
Made for work you cannot afford to lose.
Your most valuable future AI data is already disappearing from local app histories, cleanups, compaction, and attachment stores. DataMoat preserves supported image versions and attachments that generic transcript exports and memory plugins usually miss.
Useful for people and companies.
The people and companies that own their AI data will win the future.
DataMoat v2.0.9
Download, unlock, and keep your AI work local.
Get the signed macOS app now, use unsigned Windows ZIP or source install options while signed installer work continues, or review the public source-available codebase. Teams that require signed or managed builds can contact us.
View all install optionsNew in 2.0.9
ChatGPT export memory import, encrypted backup, and computer transfer.
DataMoat can now import supported ChatGPT export ZIP files or extracted folders into the same encrypted local memory archive used for Claude, Codex, Cursor, DeepSeek, Qwen, OpenClaw, skills, and attachments.
Restore, view, search, backup
Supported ChatGPT conversations, alternate branches, attachments, assets, and raw export files can be reviewed and searched after vault unlock.
Annotations, bookmarks, votes
Review tools are separate, first-class markers for finding the best reusable context later.
- AnnotationsMark why a session or message matters.
- BookmarksPin important sessions and individual messages.
- Message votesKeep useful or weak answers visible for review.
Raw records, smaller on disk
DataMoat preserves raw source records while storing repetitive raw backup data in compressed encrypted archives. Real source-record tests measured raw archive storage around 60% of original source bytes.
Move between computers
Copy the DataMoat folder to another machine and restore across macOS, Windows, and Linux, including Mac to Windows and Linux to Mac.
USB
Second backup on external storage
Keep a duplicate encrypted DataMoat folder on USB or an external drive so the memory archive can travel separately from the source computer.
Why DataMoat exists
Your AI work history is not just history. It is the work-process data your future agents and employees will need: the prompts, context, tool calls, outputs, corrections, decisions, files, logs, attachments, and skills behind finished work.
Private data assets
Those traces are private data assets: what the human asked, what context the agent saw, what tools were called, what files and skills were present, what was corrected, and what eventually worked.
Searchable work history
Search past prompts, solutions, tool output, thinking-token context when present, timestamps, metadata, files, images, PDFs, attachments, and saved skills without depending only on a live service view.
Private by design
Your AI work memory archive lives on your machine, encrypted at rest. DataMoat does not receive your transcripts, skills, attachments, memory database, search history, or memory encryption keys.
Encrypted recovery
AES-256-GCM memory archive storage with password-based unlock, optional TOTP, 24-word recovery phrase, local auditability, and Touch ID / Secure Enclave unlock on supported Macs.
Auditable source chain
Source-linked memory, not summary-only memory.
DataMoat is designed to keep AI work reviewable. It preserves supported raw/source records and builds normalized session records so later review can connect work back to the original prompt, response, file, timestamp, tool output, attachment, model, and source app that produced it.
Raw records first
Original source records, ChatGPT export files, session JSONL, logs, metadata, skills snapshots, and attachments are preserved when the source provides them, then stored inside the encrypted memory archive.
Prompt-to-output trail
Normalized records keep prompts, responses, tool use, tool results, timestamps, model metadata, source path, and stable attachment links together so the surrounding work can be reviewed later.
Local private custody
The memory archive, search data, skills, attachments, and memory encryption keys stay on-device. DataMoat is not a platform-account personalization layer or transcript cloud.
Cross-provider layer
Supported ChatGPT exports, Claude, Codex, Cursor, DeepSeek/Qwen local workflows, OpenClaw, skills, and attachments land in the same local memory layer instead of staying trapped inside one vendor view.
Company AI work asset
Work history becomes a protected company or personal asset for review, incident analysis, onboarding, handoff, private memory, and future model evaluation under your own rules.
Portable memory ownership
If the team changes tools or models, the memory layer can move with the encrypted DataMoat folder. Vendor choice changes; custody of the work record stays yours.
AI work interaction data layer
DataMoat records the work behind the answer.
Every AI-assisted task creates interactions between people, agents, files, tools, prompts, outputs, corrections, and decisions. DataMoat turns those interactions into an encrypted private data asset that future agents and employees can search, reuse, audit, and hand off.
That makes DataMoat more than a backup utility. It is the enterprise AI work black box and private knowledge base for the work your people and agents already did.
Black boxReconstruct what happened when an AI-assisted task mattered.
Knowledge baseKeep the process, not only the final answer or commit.
Handoff layerGive future teammates and agents the decisions behind the work.
Private memoryBuild reusable context without sending a memory archive to DataMoat.
Who solved what?
Keep the work record around incidents, migrations, bugs, product decisions, and repeated workflows so the next person can find the path, not just the outcome.
What did the AI see?
Preserve supported file context, attachments, skills, metadata, local source records, and the surrounding session that shaped the answer.
How did employees prompt?
Save the prompt trail, corrections, constraints, clarifications, and decisions that turned a vague task into a usable result.
Which tools ran?
Capture supported tool calls, command output, errors, timestamps, source metadata, and stable attachments when the source writes them locally.
Which solution shipped?
Keep the evidence around the adopted approach: alternatives discussed, failed paths, final commands, review notes, and the reason the team moved forward.
Can it be reused later?
Make AI work searchable for reuse, audit, incident review, onboarding, project handoff, and private AI memory across ChatGPT, Claude, Codex, Cursor, DeepSeek, Qwen, and OpenClaw workflows.
Enterprise AI work black box + private knowledge base.
DataMoat captures supported sessions, skills, attachments, and source records into the same encrypted local memory archive, preserving the interaction history companies need before it disappears into app-specific history, compaction, cleanup, or machine moves.
What DataMoat does today
DataMoat provides a real local capture, encrypted memory archive, and review foundation for supported AI work records, skills, and attachments.
Supported local capture
Captures supported local records from Claude CLI, Codex CLI, Codex app sessions, Claude Desktop local-agent sessions on macOS, OpenClaw, Cursor, and DeepSeek or Qwen sessions when they are written locally by Claude Code GUI workflows.
Encrypted memory records
Stores protected content as encrypted memory archive files instead of plaintext transcript dumps, with transcripts, skills, attachments, state, and source records encrypted at rest.
Sessions and messages
Normalizes supported records into session and message structures with prompts, responses, tool use, tool results, usage, model, timestamps, metadata, and parsed thinking blocks when available.
Skills, attachments, and search
Stores supported image, document, and file attachments plus full SKILL.md folder snapshots, then lets you browse and search captured sessions locally after unlock.
Security architecture
On-device memory. Encrypted work traces. Keys stay local.
DataMoat is designed around local ownership: supported source records, skills, and attachments are captured on your machine, written into AES-256-GCM encrypted memory archive storage, and searched only after a local unlock. DataMoat does not receive your transcripts, skills, attachments, memory database, search history, or memory encryption keys.
It protects AI records that already exist on your own computer in source-tool folders, exports, logs, attachments, or session stores. It does not bypass account permissions, unlock remote services, or grant rights beyond what you already have on that machine.
Many AI tools already store work history as ordinary local files on the computer. Anyone or any process with access to that user account, disk, backups, or source-tool folders may be able to read those records before DataMoat protects them. DataMoat does not make this data more exposed; it moves selected already-present records into an encrypted archive controlled by the user.
Background capture can keep saving new supported records while the UI remains locked. Reading and searching existing memory content still require an approved unlock path: password, optional TOTP, Touch ID on supported Macs, or recovery phrase.
AES-256-GCMAuthenticated memory archive, state, raw source record, offset, skills, and attachment encryption.
scryptPassword verifier and wrapped memory encryption key release, with timing-safe comparison.
BIP-3924-word recovery phrase for local recovery.
capture/writeSupported source records are read from local files and written as encrypted memory records.
raw-firstOriginal source lines are stamped with SHA-256 and encrypted before extraction builds searchable views.
unlock/readPassword, optional TOTP, Touch ID on supported Macs, or recovery phrase opens a read/search session.
audit/healthAudit entries are hash-chained for current-log integrity checks; diagnostics redact passwords, tokens, recovery material, and memory encryption keys.
Authenticated encryption, not a plain export folder.
Memory JSONL lines, state files, raw records, and attachments are encrypted at rest with AES-256-GCM using 12-byte nonces and 16-byte authentication tags.
Keys are wrapped; passwords are not stored.
Normal unlock uses scrypt-derived material and stores verifiers or wrapped-key records instead of a plaintext password or plaintext memory encryption key.
Recovery stays local.
The 24-word phrase is the local recovery path. DataMoat stores wrapped recovery material, not the phrase as readable text.
Capture and reading have separate boundaries.
A background capture session can write new encrypted data and encrypted offset state while the UI stays locked; reading, searching, and display remain behind local unlock.
Raw-first storage preserves what the source wrote.
DataMoat saves encrypted raw source records before extractor logic decides what to show, so future extractors can rebuild richer views from the protected copy.
Hash-chained audit checks and redacted diagnostics.
datamoat audit verify detects changed or broken entries in the current on-disk audit log. It is not a remote notarization service or deletion-proof ledger. Health/crash records redact secret-like values including tokens, mnemonics, recovery material, passwords, and memory encryption keys.
Threat model
Why installing can reduce local exposure.
DataMoat is not asking you to create a new sensitive dataset from nothing. For many AI tools, that dataset already exists on your computer as local transcripts, logs, exports, SQLite records, JSONL files, attachments, and skills folders.
Without a dedicated archive, those records may remain scattered across predictable local paths as ordinary files controlled only by normal OS account permissions. DataMoat helps you identify those records, copy selected supported records into a local encrypted vault, and keep a recoverable, searchable, auditable archive under your control.
DataMoat does not create new access to remote AI services and does not bypass OS permissions. It only reads records already available to the current local user, then stores selected supported records into a local encrypted archive controlled by the user. The supported local read paths and capture reasons are visible in the public application code for review; DataMoat does not use hidden cloud collection or undisclosed remote capture.
DataMoat does not automatically erase original source files. Unless the user chooses a cleanup/export workflow, original records may still remain in the source apps' folders. Installing DataMoat introduces a local watcher/importer process with access to selected AI record locations; in exchange, users get an encrypted archive, recovery path, audit log, and portable backup instead of leaving important AI work scattered in unencrypted local files.
already-present local records
selected local read paths
encrypted DataMoat archive
original app files may remain
Future brute-force resistance
Why DataMoat can resist known GPU and quantum attacks today.
A DataMoat recovery phrase uses the BIP-39 24-word format, which encodes 256 bits of entropy plus checksum bits. That phrase is a human-backup path for releasing the memory encryption key locally; DataMoat does not store the phrase as readable text.
The memory archive itself is sealed with AES-256-GCM. NIST treats AES-256 as the 256-bit symmetric-key security-strength baseline, and its post-quantum guidance says known quantum brute-force techniques such as Grover-style search do not currently turn high-strength symmetric encryption into a practical break. In plain English: today, the realistic risk is losing or exposing your recovery phrase, not someone GPU-guessing or quantum-cracking a properly generated 24-word phrase and AES-256 memory archive.
24-word BIP-39 recovery phrase
local unlock / key release
AES-256-GCM authenticated memory archive
resists known quantum brute force
Raw-first archive
Capture the source record first. Improve the extractor later.
AI tools change their local formats quickly. DataMoat's raw-first path keeps an encrypted copy of the source record before transforming it into a searchable session, which reduces the risk of losing context when a parser gets better later.
local source record
SHA-256 content stamp
AES-256-GCM memory archive line
searchable local view
Protection model
A local memory archive should make each boundary visible: what gets read from supported source files, what is written encrypted, what requires human unlock, and what DataMoat never receives. The goal is to move already-present records into a user-controlled encrypted memory archive instead of leaving them scattered, readable, or dependent on opaque memory plugins.
Local capture boundary
Supported AI tool records are read from local files. Raw source lines are content-stamped before extraction builds a searchable view.
source line -> sha256
Authenticated memory write
Memory archive lines, raw records, offsets, session state, skills, and attachments are encrypted with AES-256-GCM before they become the protected copy.
nonce(12) + tag(16) + ciphertext
Human-controlled unlock
Password, optional TOTP, 24-word recovery phrase, or Touch ID on supported Macs opens read/search.
scrypt verifier + wrapped key
Local-only search session
Existing memory content is decrypted only after local unlock. Browse and search happen through the local app, and DataMoat does not receive your memory archive, search history, or keys.
read session -> local UI
source record
hash stamp
AES-GCM seal
encrypted memory archive
The moving line represents the write boundary: plaintext source record in memory, authenticated encrypted record at rest.
AES-256-GCMMemory, raw, state, skills, attachments
scryptPassword verifier and wrapped key
Optional TOTPSecond factor for unlock
24-word recoveryBIP-39 local recovery
Touch IDSupported Macs only
Tamper-evident audit log - verify current local integrity with datamoat audit verify
Supported sources
ChatGPT export
ZIP or extracted export imports with conversations, attachments, raw snapshots, and alternate branch paths.
Claude CLI
Full local transcript capture, including locally written thinking blocks when present.
Codex CLI
Terminal sessions, transcript text, tool output, timestamps, metadata, and stable attachments.
Codex app
Supported local app sessions, tool output, metadata, and stable image attachments.
Claude Desktop
Supported local-agent sessions on macOS when the desktop app writes them to disk.
DeepSeek
Claude Code GUI sessions using DeepSeek models preserve locally written transcript text, tool output, timestamps, metadata, skills context, images, and supported attachments.
Qwen
Claude Code GUI sessions using Qwen models preserve locally written transcript text, tool output, timestamps, metadata, skills context, images, and supported attachments.
OpenClaw
Supported local OpenClaw transcripts plus provider, model, and cost metadata when present.
Cursor
Readable local agent-transcripts JSONL records, including text and tool blocks when present.
Attachments
Encrypted image versions and supported file/PDF blocks, linked back to their source sessions when the source records contain them.
Skills folders
Global and project SKILL.md folder snapshots, including helper files, not just skill names.
For individuals and teams
Private AI memory
Keep the work-process context your own future agents and employees can use: prompts, decisions, corrections, files, skills, attachments, and results.
Team continuity
Keep AI-assisted work reviewable across people, projects, machines, and clients without losing the process behind finished work.
Company-owned AI data
Export and back up the private data asset that can later support private memory, evals, handoff, workflow analytics, or company-specific review under your rules.
Export your AI work. Own the private data asset.
Download DataMoat v2.0.9 and start exporting and backing up supported sessions, ChatGPT exports, skills, and attachments before they disappear.
Download links use direct DataMoat package URLs for macOS and Windows.
FAQ
Is my AI work ever uploaded to DataMoat?No. Your memory archive stays on your machine; DataMoat does not receive your work history or keys.
The landing page may call the DataMoat release manifest to keep the download button current, but DataMoat does not receive your prompts, transcripts, tool output, files, skills, attachments, memory database, memory encryption keys, or search history.
How is my private data asset used?DataMoat protects the asset first; you decide how it is used later.
DataMoat captures and encrypts supported local work traces first. Backup scope is controlled by you and by the source records already available on the protected machine. Any later use for private memory, evaluation, handoff, or workflow review depends on your permissions, policies, and choices, and users or organizations remain responsible for deciding which local AI records, attachments, code, secrets, or sensitive data should be imported, retained, exported, or excluded.
How does it save work before compaction or cleanup?A local watcher processes new source records as they are written and stores them into the encrypted memory archive.
For supported sources, DataMoat watches local transcript files and tracks byte offsets so new records can be captured quickly before compaction, retention cleanup, app format changes, device loss, or server moves make the original history harder to recover.
What exactly is captured today?Supported ChatGPT exports plus sessions, skills, and attachments from Claude, Codex, Cursor, DeepSeek, Qwen, OpenClaw, and local agent records.
DataMoat preserves supported local transcript text, prompts, responses, tool output, timestamps, source metadata, stable image attachments, supported file/PDF blocks, full SKILL.md folder snapshots, and locally stored thinking tokens or reasoning blocks when the source application writes that content to disk.
Can I trace saved work back to the source?Yes, for supported records DataMoat keeps source-linked context instead of only a generated memory summary.
Saved sessions are built from preserved source records and normalized with prompts, responses, tool output, timestamps, model/source metadata, files, and attachment links where the source provides them. The local audit log can be checked with datamoat audit verify; it is tamper-evident for the current on-disk log, not a remote notarization service or deletion-proof ledger.
What are the source-service boundaries?DataMoat captures supported local records already present on your device and accessible to you.
DataMoat is designed to protect AI records that already exist on your own machine. It does not create new access to your AI work history, grant additional rights to source-service content, bypass account permissions, or unlock remote services. You remain responsible for the terms, policies, plan restrictions, internal rules, permissions, and laws that apply to ChatGPT, Claude, Codex, DeepSeek, Qwen, OpenClaw, Cursor, and any other source service you use.
Why are Claude CLI and Codex CLI/app reasoning records different?Claude CLI can write full local thinking blocks; Codex CLI/app often writes metadata without raw reasoning text.
DataMoat preserves what is locally available. Claude CLI local session records can include full thinking text, while newer Codex CLI/app records often keep reasoning content unavailable or encrypted by the source app, so DataMoat preserves transcript, tool output, timestamps, metadata, and attachments instead.
What makes it safer than a normal export folder?The saved copy is encrypted, searchable after unlock, versioned, and backed by a hash-chained local audit log.
A plaintext export is easy to leak, modify, lose, or misread later. DataMoat keeps the protected memory as the source of truth, encrypts raw records, state, offsets, and attachment blobs, and lets you verify the current hash-chained audit log with datamoat audit verify. The local audit chain is tamper-evident, not deletion-proof without an external checkpoint.
What if somebody copies my DataMoat folder?They get encrypted memory archive files, not readable transcripts.
Memory records, skills, attachments, offsets, and session index state are encrypted at rest with AES-256-GCM. Passwords are stored as scrypt verifiers, not plaintext, and the UI still requires an approved unlock path before old records can be read or searched.
How do password, TOTP, Touch ID, and recovery fit together?Password and optional TOTP protect normal unlock; recovery material exists for account recovery.
Source installs support password, optional TOTP, and a 24-word BIP-39 recovery phrase. The packaged macOS app adds Touch ID and Secure Enclave-backed daily unlock on supported Macs.
What happens if I forget my password or lose my authenticator?Use the 24-word recovery phrase.
Recovery is designed so you can regain access without storing your password in plaintext. Recovery material is shown locally during setup and should be kept offline by the human user.
Can Claude CLI, Codex CLI, Codex app, or OpenClaw install it for me?They can start the install, but final setup should happen on the protected desktop.
An AI agent can download the macOS DMG or Windows ZIP, start DataMoat, and begin the remote no-screen capture flow. Password setup, TOTP enrollment, Touch ID, and the 24-word phrase should be completed by the human user on the machine being protected, not relayed through chat screenshots or remote messages.
Will the download button find the latest version?It uses the current release written into the page and may refresh from the release manifest when available.
The page starts with v2.0.9 direct DataMoat package URLs. Windows packages are currently unsigned manual builds while the signed installer is in progress. Manual downloads do not depend on the /download Function.
Is DataMoat open source?The repository is open-sourced under BUSL-1.1 with an Additional Use Grant.
The codebase is public and source-available for review. Personal use and internal company use are allowed by the grant. We chose BUSL-1.1 to keep the code auditable while reducing the risk of misleading repackaged builds, malware clones, and unsupported commercial forks of a security-sensitive local archive tool. All application code is public for review, but resale, hosting, or other uses outside the grant should be checked against LICENSE.md. Teams that require signed or managed builds can contact us.