Question 1

What does Mycelium actually ship?

Accepted Answer

A multi-tenant memory-layer runtime, twenty-three live connectors across Communication, Knowledge, Engineering, CRM, Business systems, and Data, a typed-memory schema, a bi-temporal RESOLVER, an HMAC-validated webhook receiver layer with retry queue and dead-letter routing, an append-only audit log with per-tenant scoping, and a Server-Sent Events stream. Open core under MIT for the substrate; commercial license for the productized runtime.

Question 2

What does it cost?

Accepted Answer

Mycelium Lite is $25K per year for the platform license, plus usage billed monthly against active connectors and query volume. Mycelium Enterprise is $150K-$500K per year for the platform license, plus usage. Both tiers carry a 12-month minimum term. Three-year prepay is 15% off; five-year prepay is 20% off plus early access to vertical packs at general availability. Specific usage unit rates and per-customer SLA terms are named in the engagement letter, after a scoping call.

Question 3

How long does install take?

Accepted Answer

Mycelium Lite is a 5-day install plus 60 days of office hours, then runtime under the annual platform license. Mycelium Enterprise is 90 days with a dedicated install engineer assigned the full window, then 12 months of runtime. Both end with a production handoff and a 60-day retrospective.

Question 4

Can it run inside our cloud or on-premise?

Accepted Answer

Mycelium Enterprise yes: single-tenant managed runtime in your AWS, GCP, or Azure account, or fully on-premise inside air-gapped infrastructure. Mycelium Lite is multi-tenant managed only.

Question 5

What's your SOC 2 / HIPAA / GDPR posture?

Accepted Answer

GDPR: yes, the runtime is built to be processor-grade with the controls in our DPA. HIPAA: BAAs are negotiable on the Mycelium Enterprise tier; not in scope on Mycelium Lite. SOC 2 Type II: not certified yet. Readiness program is planned for 2026 with an audit window targeted for 2027. We don't claim what we don't have.

Question 6

Does it work with our existing AI stack?

Accepted Answer

Yes. Mycelium is model-agnostic. Memory lives as plain-text typed entries you own; agents under Claude, GPT, Gemini, Llama, or your own model read from the same layer. Vector stores like Pinecone, search tools like Glean, and orchestration platforms like LangChain are upstream or downstream of Mycelium, not replaced by it.

Question 7

What if a connector we need doesn't exist?

Accepted Answer

Custom connectors are scoped on Week 0 of a Mycelium Enterprise engagement. The connector becomes a skill in your tenant; the source is shared as part of the deliverable so you can audit, fork, or maintain it after handoff.

Question 8

Who owns the data? Can we export everything?

Accepted Answer

You own it. Tenant data lives as plain-text Markdown under your vault root, version-controllable in your own git remote if you choose. There is no proprietary database lock-in. Audit-log exports are available on demand as gzipped JSONL signed with a tenant key.

Question 9

What happens to our install if Mycelium goes away?

Accepted Answer

Open-core architecture is our answer to vendor risk. The substrate (schemas, RESOLVER specification, skill contract, eval framework, reference connector implementations) is open-source under MIT at github.com/adelaidasofia/ai-brain-starter. Your tenant data, schema, and skills survive in plain text. The productized runtime is replaceable with a self-hosted equivalent built on the open core. Same shape as the Vercel + Next.js relationship.

Question 10

How is this different from mem0, Letta, Glean, Pinecone?

Accepted Answer

Different category for each. mem0 / Letta / LangMem / Zep tune chatbot memory at the conversation layer. Pinecone / Weaviate / RAG frameworks search a corpus that already exists. Glean / Notion AI search what's already written. Mycelium is the typed, version-controlled, write-back memory layer those systems read from and write back to. The Comparison section earlier on this page maps the axes.

Certification	Status	Target	Last verified
SOC 2 Type II	Engagement starting Q2 2026	Type II report Q4 2026 after 6-month observation window	Engagement letter pending
HIPAA + BAA-ready	Risk assessment + technical safeguards documented; BAA template available	Active by Q3 2026	2026-05-04
GDPR + DPIA	DPA published, DPIA template available	Active	2026-05-04
Penetration test	Tier-1 firm engagement starting Q2 2026 (Bishop Fox, NCC Group, or Trail of Bits, final selection pending)	Annual report under NDA Q3 2026 onwards	Engagement RFP in flight
ISO 27001	On roadmap	Q1 2027 if European F100 demand materializes	Roadmap
FedRAMP Moderate	On roadmap; required for federal AI memory layers by 2027 per government memo	Q4 2027	Roadmap

Trust Center

1. Where we are

2. How to read this page

3. Audit cadence

4. Incident response

5. Security contacts

6. Subprocessors

7. Documents available on request