Security and Data Control
Mental health data requires strong safeguards. We design Illumate with layered security controls appropriate for sensitive clinical workflows, and you control what enters the model.
AES-256-GCM Encryption
Sensitive data is encrypted at the database column level, not just in transit.
Full Account Isolation
Each therapist's data is isolated at the database level. Access controls are designed to prevent cross-account access.
You control the context
You decide what enters the model. For clients, you can use nicknames or initials.
Audio is optional
You can work entirely in text. If you upload a recording, the audio file is deleted right after transcription.
Full Audit Trail
Every action is logged: who accessed what, what was changed, when, and from where.
AI Guardrails
Three layers of guardrails (pre/system/post) are designed to reduce out-of-scope output, but they don't remove the need for professional review.
US / HIPAA
Illumate is not offered as HIPAA-compliant unless we have signed a Business Associate Agreement (BAA) with you. Do not upload PHI subject to HIPAA unless a BAA is in place.
Our Security Approach
We follow a defence-in-depth principle — protection at every level of the stack:
- Data encrypted at rest (AES-256-GCM, column-level) and in transit (TLS 1.3)
- Strict data isolation between therapists at the database level (multi-tenant with row-level security)
- Context control: you decide what enters the model, and you can use nicknames
- Transparency: all AI responses include sources, all actions are logged
Security Questions?
If you have questions about data security or have found a vulnerability, please contact us.
Contact security team